Adopt option for SPDX-License-Identifiers output

[alandtse]

Great project! I handle open source compliance for a large multinational corporation and just found this while coding in my spare time. I'll probably start pointing my developers to this project for python license identification from their dependencies.

It'd be nice if there was an option to use SPDX-License-Identifiers for the output for licenses. This is the identifier based on this list and is intended to normalize identification of licenses.

These identifiers are actually being used in multiple projects now to identify the license (e.g., Linux kernel).

This may complicate how this tool works since it looks like you're just passing the meta data through, but I think more python projects may adopt the SPDX-License-Identifier format.

[raimon49]

@alandtse Hey, thanks for the great suggestions.

Support for SPDX IDs is certainly beneficial.

I don't have time to work on this suggestion right now. But it may support it in the future.

If the behavior spec is written in this issue, it will be easier to work on implementation.

Alternatively, you are welcome to provide patches.

[stefan6419846]

In my opinion, this conversion should probably be implemented in a dedicated package instead of the pip-licenses package. From my experience, there are quite some edge cases or strange license field usages, which have to be considered - let alone the list of licenses itself which just introduces overhead for everyone who does not need this feature. (Example: I regularly have a look a the license fields of about 200 PyPI packages extracted by pip-licenses and observed quite some oddities, including links to Wikipedia etc.)

Providing a Python-based interface as requested in #81 should allow everyone to plug the desired license format conversion tooling into the tool chain (although this can already be done now when pip-licenses is being called correctly).

[raimon49]

Providing a Python-based interface as requested in #81 should allow everyone to plug the desired license format conversion tooling into the tool chain (although this can already be done now when pip-licenses is being called correctly).

I agree with you. When a user wants to achieve a slightly nifty conversion or output, it is much easier than sending a patch to pip-licenses.

If we provide a Python code-based interface, we must work on preparing and documenting type information.

[anthonyharrison]

I think this is an essential feature.

I was about to create a utility to dump all of the licenses from a set of installed Python modules when I found this module. The reason I need the utility is because I note that many of the licenses reported are not valid SPDX Licenses and it would be really beneficial to the community to highlight the licenses which are not correctly specified as accurate license metadata is required to meet the growing need for accurate records of software modules as captured in SBOMs. I can already identify the licenses in the metadata which are not valid SPDX licenses but I don't use the Trove Classifiers as many of the Trove Classifiers are not aligned with the SPDX License identifier e.g.License :: OSI Approved :: Apache Software License should really be License :: OSI Approved :: Apache Software License (Version 2)