Let's say we've got a go.mod file that defines third party dependencies. Is there a feature or a way in the language to get a list of the third party licenses preferably without third party tools? Unfortunately, I can't share any code because I haven't found any potential solutions yet.
For example we have:
module github.com/myGoProject
require (
github.com/sirupsen/logrus v1.4.2
github.com/stretchr/testify v1.2.2
)
How can I get as output:
MIT
MIT
I also had to do this recently and didn't find any "official" way of doing it. I used a tool called go-license-detector against my vendored third-party dependencies to automate most of the work.
go mod vendor. This places all the source code for your dependencies into a directory named "vendor".cd into your vendor directory and run:
license-detector `cat modules.txt |grep "^#" |cut -d' ' -f2`
This will run license-detector against each downloaded module and output a list of probable licenses for each module. You'll get output that looks like this:
github.com/influxdata/influxdb
91% MIT
github.com/influxdata/platform
99% MIT
84% MIT-feh
github.com/kr/logfmt
100% Unlicense
98% MIT
93% JSON
84% MIT-feh
Usually the top license is the right one but it's best to double-check each one.