Your project pulls in dozens of dependencies. Each one has a license. Do you actually know what you're shipping?
Composer has a built-in command for this:
composer licenses
This outputs a table showing every dependency and its license:
Name Version Licenses
brick/math 0.14.1 MIT
doctrine/inflector 2.1.0 MIT
egulias/email-validator 4.0.4 MIT
guzzlehttp/guzzle 7.10.0 MIT
...
symfony/http-foundation v7.4.1 MIT
symfony/http-kernel v7.4.2 MIT
symfony/mailer v7.4.0 MIT
vlucas/phpdotenv v5.6.1 BSD-3-Clause
It's nice to see, but just a list isn't very actionable. What if you want to automatically check for disallowed licenses?
The license command supports different output formats that make automation possible. I'll show you how in an upcoming tip.
Here to help,
Aaron
P.S. Got opinions on open source licenses? We can't offer legal advice, but we can commiserate. Join our community.
