🔡

3rd Party Package Licenses

Summary

Arnica can identify license risks and violations in 3rd party open source packages. By default, Arnica classifies the licenses according to Google's open source documentation, but also allows to override the licenses to fit each customer's needs.

Supported languages

Language
Files
.Net
packages.lock.json, packages.config, .deps.json
C, C++
conan.lock
L
mix.lock
Go
go.mod
Java
pom.xml, gradle.lockfile
JavaScript (including JSX, TSX, TypeScript)
package-lock.json, yarn.lock, pnpm-lock.yaml Coming soon: npm-shrinkwrap.json
PHP
composer.lock
Python
Pipfile.lock, poetry.lock, requirements.txt
Ruby
Gemfile.lock
Rust
Cargo.lock
Swift
Coming soon: Podfile.lock

Supported licenses

Classification levels

Arnica supports the following classification levels and defines default risk severity for each classification:
Classification
Default Risk Severity
Forbidden
High
Restricted
High
Reciprocal
Medium
Exception
Medium
Notice
None
Unencumbered
None
Unknown
None

Licenses by classification levels

By default, licenses are classified by Arnica as follows:
Classification
License
Forbidden
BUSL-1.1, CAL-1.0, CAL-1.0-Combined-Work-Exception, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-3.0-DE, CC-BY-NC-4.0, CC-BY-NC-ND-1.0, CC-BY-NC-ND-2.0, CC-BY-NC-ND-2.5, CC-BY-NC-ND-3.0, CC-BY-NC-ND-3.0-DE, CC-BY-NC-ND-3.0-IGO, CC-BY-NC-ND-4.0, CC-BY-NC-SA-1.0, CC-BY-NC-SA-2.0, CC-BY-NC-SA-2.0-DE, CC-BY-NC-SA-2.0-FR, CC-BY-NC-SA-2.0-UK, CC-BY-NC-SA-2.5, CC-BY-NC-SA-3.0, CC-BY-NC-SA-3.0-DE, CC-BY-NC-SA-3.0-IGO, CC-BY-NC-SA-4.0, Commons Clause, Commons-Clause, CPAL-1.0, CPOL-1.02, EUPL-1.0, EUPL-1.1, EUPL-1.2, Facebook-2-Clause, Facebook-3-Clause, Facebook-Examples, SISSL, SISSL-1.2, Watcom-1.0
Restricted
AAL, Abstyles, AdaCore-doc, Adobe-2006, Adobe-Glyph, ADSL, Afmparse, Aladdin, AMDPLPA, AML, ANTLR-PD, ANTLR-PD-fallback, APAFML, APL-1.0, App-s2p, Arphic-1999, Baekmuk, Bahyph, Barr, BCL, Bitstream-Charter, Bitstream-Vera, BitTorrent-1.0, BitTorrent-1.1, blessing, BlueOak-1.0.0, Borceux, Brian-Gladman-3-Clause, BSD-4.3RENO, BSD-4.3TAHOE, BSD-Advertising-Acknowledgement, BSD-Attribution-HPND-disclaimer, BSD-Source-Code, bzip2-1.0.5, bzip2-1.0.6, Caldera, CATOSL-1.1, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.0-UK, CC-BY-SA-2.1-JP, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-3.0-AT, CC-BY-SA-3.0-DE, CC-BY-SA-4.0, CC-PDDC, CDL-1.0, CDLA-Permissive-1.0, CDLA-Permissive-2.0, CDLA-Sharing-1.0, CECILL-1.0, CECILL-1.1, CECILL-2.0, CECILL-2.1, CECILL-B, CERN-OHL-P-2.0, CERN-OHL-S-2.0, CERN-OHL-W-2.0, CFITSIO, checkmk, ClArtistic, Clips, CMU-Mach, CNRI-Jython, CNRI-Python, CNRI-Python-GPL-Compatible, COIL-1.0, Community-Spec-1.0, Condor-1.1, copyleft-next-0.3.0, copyleft-next-0.3.1, Cornell-Lossless-JPEG, Crossword, CrystalStacker, Cube, C-UDA-1.0, curl, D-FSL-1.0, diffmark, DL-DE-BY-2.0, DOC, Dotseqn, DRL-1.0, DSDP, dvipdfm, eCos-2.0, eGenix, Elastic-2.0, EPICS, ErlPL-1.1, etalab-2.0, Eurosym, FDK-AAC, FreeBSD-DOC, FSFAP, FSFUL, FSFULLR, FSFULLRWD, GD, GFDL-1.1, GFDL-1.1-invariants-only, GFDL-1.1-invariants-or-later, GFDL-1.1-no-invariants-only, GFDL-1.1-no-invariants-or-later, GFDL-1.1-only, GFDL-1.1-or-later, GFDL-1.2, GFDL-1.2-invariants-only, GFDL-1.2-invariants-or-later, GFDL-1.2-no-invariants-only, GFDL-1.2-no-invariants-or-later, GFDL-1.2-only, GFDL-1.2-or-later, GFDL-1.3, GFDL-1.3-invariants-only, GFDL-1.3-invariants-or-later, GFDL-1.3-no-invariants-only, GFDL-1.3-no-invariants-or-later, GFDL-1.3-only, GFDL-1.3-or-later, Giftware, GL2PS, Glide, Glulxe, GLWTPL, gnuplot, GPL-1.0, GPL-1.0+, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0, GPL-2.0+, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-2.0-with-GCC-exception, GPL-3.0, GPL-3.0+, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0-with-autoconf-exception, GPL-3.0-with-GCC-exception, Graphics-Gems, gSOAP-1.3b, HaskellReport, Hippocratic-2.1, HP-1986, HPND-export-US, HPND-Markus-Kuhn, HPND-sell-variant, HPND-sell-variant-MIT-disclaimer, HTMLTIDY, IBM-pibs, ICU, IEC-Code-Components-EULA, IJG, IJG-short, iMatix, Imlib2, Info-ZIP, Intel-ACPI, Interbase-1.0, JasPer-2.0, JPL-image, JPNIC, JSON, Kazlib, Knuth-CTAN, LAL-1.2, LAL-1.3, Leptonica, LGPL-2.0, LGPL-2.0+, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1+, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0, LGPL-3.0+, LGPL-3.0-only, LGPL-3.0-or-later, LGPLLR, libpng-2.0, libselinux-1.0, libtiff, libutil-David-Nugent, Linux-man-pages-copyleft, LOOP, LPPL-1.0, LPPL-1.1, LPPL-1.2, LPPL-1.3a, LPPL-1.3c, LZMA-SDK-9.11-to-9.20, LZMA-SDK-9.22, MakeIndex, Martin-Birgmeier, Minpack, mpich2, mpi-permissive, mplus, MS-LPL, MTLL, MulanPSL-1.0, Mup, NAIST-2003, NBPL-1.0, NCGL-UK-2.0, NetCDF, Net-SNMP, Newsletr, NGPL, NICTA-1.0, NIST-PD, NIST-PD-fallback, NLOD-1.0, NLOD-2.0, NLPL, NOSL, Noweb, NPL-1.0, NPL-1.1, NRL, NTP, NTP-0, Nunit, OCCT-PL, ODbL-1.0, ODC-By-1.0, OFFIS, OFL-1.0, OFL-1.0-no-RFN, OFL-1.0-RFN, OFL-1.1-no-RFN, OFL-1.1-RFN, OGC-1.0, OGDL-Taiwan-1.0, OGL-Canada-2.0, OGL-UK-1.0, OGL-UK-2.0, OGL-UK-3.0, OLDAP-1.1, OLDAP-1.2, OLDAP-1.3, OLDAP-1.4, OLDAP-2.0, OLDAP-2.0.1, OLDAP-2.1, OLDAP-2.2, OLDAP-2.2.1, OLDAP-2.2.2, OLDAP-2.3, OLDAP-2.4, OLDAP-2.5, OLDAP-2.6, OLDAP-2.7, OML, OpenPBS-2.3, OPL-1.0, OPUBL-1.0, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, O-UDA-1.0, Parity-6.0.0, Parity-7.0.0, PDDL-1.0, Plexus, PolyForm-Noncommercial-1.0.0, PolyForm-Small-Business-1.0.0, psfrag, psutils, Python License, Qhull, QPL-1.0, QPL-1.0-INRIA-2004, Rdisc, RHeCos-1.1, RSA-MD, Saxpath, SAX-PD, SCEA, SchemeReport, Sendmail, Sendmail-8.23, SHL-0.5, SHL-0.51, Sleepycat, SMLNJ, SMPPL, SNIA, snprintf, Spencer-86, Spencer-94, Spencer-99, SSH-OpenSSH, SSH-short, SSPL-1.0, StandardML-NJ, SugarCRM-1.1.3, SunPro, SWL, Symlinks, TAPR-OHL-1.0, TCL, TCP-wrappers, TMate, TORQUE-1.1, TOSL, TPDL, TPL-1.0, TTWL, TU-Berlin-1.0, TU-Berlin-2.0, UCAR, Vim, VOSTROM, w3m, Wsuipa, wxWindows, Xerox, XFree86-1.1, xinetd, xlock, xpp, XSkat, YPL-1.0, YPL-1.1, Zed, Zimbra-1.3, Zimbra-1.4
Reciprocal
APSL-1.0, APSL-1.1, APSL-1.2, APSL-2.0, CDDL-1.0, CDDL-1.1, CECILL-C, CERN-OHL-1.2, CPL-1.0, CUA-OPL-1.0, EPL-1.0, EPL-2.0, FreeImage, IPL-1.0, MPL-1.0, MPL-1.1, MPL-2.0, MPL-2.0-no-copyleft-exception, MS-RL, Ruby
Exception
CC-BY-ND-1.0, CC-BY-ND-2.0, CC-BY-ND-2.5, CC-BY-ND-3.0, CC-BY-ND-3.0-DE, CC-BY-ND-4.0, CERN-OHL-1.1, Latex2e, OFL-1.1
Notice
AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, AMPAS, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-1.0, Artistic-1.0-cl8, Artistic-1.0-Perl, Artistic-2.0, ASL-1.0, Beerware, BSD, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSD-3-Clause-LBNL, BSD-3-Clause-Modification, BSD-3-Clause-No-Military-License, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI, BSD-4-Clause, BSD-4-Clause-Shortened, BSD-4-Clause-UC, BSD-Protection, BSL-1.0, CC-BY-1.0, CC-BY-2.0, CC-BY-2.5, CC-BY-2.5-AU, CC-BY-3.0, CC-BY-3.0-AT, CC-BY-3.0-DE, CC-BY-3.0-IGO, CC-BY-3.0-NL, CC-BY-3.0-US, CC-BY-4.0, ECL-2.0, EDL-1.0, EFL-1.0, EFL-2.0, FTL, HPND, ImageMagick, ISC, ISC License, Libpng, LIL, Lil-1.0, Linux-OpenIB, LPL-1.0, LPL-1.02, MIT, MIT-0, MIT-advertising, MIT-CMU, MIT-enna, MIT-feh, MIT-Modern-Variant, MITNFA, MIT-open-group, MIT-Wu, MS-PL, NCSA, OLDAP-2.8, OpenSSL, PHP-3.0, PHP-3.01, PIL, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0.1, Python-2.0-complete, SGI-B-1.0, SGI-B-1.1, SGI-B-2.0, Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C, W3C-19980720, W3C-20150513, WTFPL, X11, X11-distribute-modifications-variant, Xnet, Zend-2.0, Zlib, zlib-acknowledgement, ZPL-1.1, ZPL-2.0, ZPL-2.1
Unencumbered
OBSD, CC0-1.0, Public Domain, Unlicense
Unknown
AG-Grid, amazon-software-lic-for-amazon-dynamodb-lock-client, amCharts-Free, AppOptics-Java-Agent, Aspose-EULA, ASPSecurityKit-Khosla-Tech, bpmn.io, Chilkat-Software, Conviva, DBAD, Dom4J, ECL-1.0, Entessa, EUDatagrid, Facebook-Platform, Fair, Frameworx-1.0, Froala-Editor, FsUnit, Go, H2-Database-1.0, Highsoft, HSQLDB, Image-Components-SDK, Indiana-University-Extreme-Lab-1.2, Intel, IPA, Jam, JTA, LiLiQ-P-1.1, LiLiQ-R-1.1, LiLiQ-Rplus-1.1, LLVM-exception, Microsoft-.NET-Library, Microsoft-.NET-Library-AspNetComponent-EULA, Microsoft-ASP.NET-Model-View-Controller-4-EULA, Microsoft-AspNet-MVC3-Update-EULA, Microsoft-EULA, Microsoft-Lightswitch-Client-Javascript-Runtime, Microsoft-Visual-Studio-Sharepoint-Emulators, Microsoft-Web-WebView2, MirOS, Motosoto, MulanPSL-2.0, Multics, NASA-1.3, Naumen, Neodynamic, Nokia, No-License, NorthwoodsSoftware-EULA, NPOSL-3.0, OCLC-2.0, OGTSL, Oracle-Technology-Network, OSET-PL-2.1, PayPal-SDK, Protobuf, Resizer-Freedom, RPL-1.1, RPL-1.5, RPSL-1.0, RSCPL, SimPL-2.0, SpecFlow-EULA, SPL-1.0, UCL-1.0, UnboundID-LDAP-SDK-Free, Unspecified-Commercial, VSL-1.0