Nuget License Utility

Nuget License Utility is a tool to analyze, print, and validate the licenses of dependencies in .NET and C++ projects. It supports .NET (Core), .NET Standard, .NET Framework, and native C++ projects.

Features

• Analyze project or solution files for NuGet package licenses
• Validate licenses against an allowed list
• Download license files for auditing
• Supports transitive dependencies, custom mappings, and overrides
• Flexible output: table or JSON (pretty/minified)
• Exclude or ignore specific packages or projects
• Works with .NET Core, .NET Framework, and native C++ projects

Project Structure

This repository provides two main tools:

Tool	Description	Supported Project Types
NuGetLicenseCore (dotnet tool)	Cross-platform .NET Core global tool, installed via dotnet tool install.	.NET Core, .NET Standard, partial .NET Framework1
NuGetLicenseFramework.exe	Standalone .NET Framework executable.	.NET Core, .NET Standard, .NET Framework, native C++

¹ .NET Framework support via the dotnet tool may vary due to MSBuild/environment differences.

Compatibility Matrix

Tool	.NET Core	.NET Standard	.NET Framework	Native C++
NuGetLicenseCore (dotnet tool)	✔️	✔️	⚠️ Partial support	❌
NuGetLicenseFramework.exe	✔️	✔️	✔️	✔️

Installation

NuGetLicenseCore (dotnet tool)

dotnet tool install --global nuget-license

NuGetLicenseFramework.exe

Download the latest release from GitHub Releases and run the executable directly.

Usage

Basic Command

nuget-license [options]

Common Options

Option	Description
--version	Show version information.
-i, --input <FILE>	Project or solution file to analyze.
-ji, --json-input <FILE>	JSON file with an array of project/solution files to analyze. See docs/input-json.md.
-t, --include-transitive	Include transitive dependencies.
-a, --allowed-license-types <FILE>	JSON file listing allowed license types. See docs/allowed-licenses-json.md.
-ignore, --ignored-packages <FILE>	JSON file listing package names to ignore (supports wildcards). See docs/ignored-packages-json.md.
-mapping, --licenseurl-to-license-mappings <FILE>	JSON dictionary mapping license URLs to license types. See docs/licenseurl-mappings-json.md.
-file-mapping, --licensefile-to-license-mappings <FILE>	JSON dictionary mapping license files to license types. Paths are relative to the JSON file. See docs/licensefile-mappings-json.md.
-override, --override-package-information <FILE>	JSON list to override package/license info. See docs/override-package-json.md.
-d, --license-information-download-location <FOLDER>	Download all license files to the specified folder.
-o, --output <TYPE>	Output format: Table, Markdown, Json or JsonPretty (default: Table). See docs/output-json.md for JSON format details.
-err, --error-only	Only show validation errors.
-include-ignored, --include-ignored-packages	Include ignored packages in output.
-exclude-projects, --exclude-projects-matching <PATTERN|FILE>	Exclude projects by name or pattern (supports wildcards or JSON file). See docs/exclude-projects-json.md.
-isp, --include-shared-projects	Include shared projects (.shproj).
-f, --target-framework <TFM>	Analyze for a specific Target Framework Moniker.
-fo, --file-output <FILE>	Write output to a file instead of console.
-?, -h, --help	Show help information.

Important Notes

Package Detection and Restore

nuget-license does not restore NuGet packages itself. It reads package information from the project.assets.json file (also known as the lock file) that is generated when you run dotnet restore or build your project.

Key points:

• The packages evaluated by nuget-license are always the ones that were used during the last package restore.
• If you use conditional package references (e.g., based on build configuration), only the packages from the last restore will be detected.
• Packages referenced in Directory.Build.props or other MSBuild files with conditions will only appear if they were included in the most recent restore operation.

To ensure all packages are detected:

1. Run dotnet restore (or dotnet build) with the appropriate configuration before running nuget-license:

   dotnet restore -c Release
   nuget-license -i MyProject.csproj

2. If you need to analyze packages for different configurations, restore with each configuration separately:

   # For Release configuration
   dotnet restore -c Release
   nuget-license -i MyProject.csproj -o JsonPretty -fo licenses-release.json
   
   # For Debug configuration
   dotnet restore -c Debug
   nuget-license -i MyProject.csproj -o JsonPretty -fo licenses-debug.json

3. If packages are missing from the output, verify that project.assets.json exists in your project's obj folder and that a restore was performed recently.

Examples

Show Help

nuget-license --help

Validate licenses for a project

nuget-license -i MyProject.csproj

Validate licenses for a solution

nuget-license -i MySolution.sln

Use a custom allowed license list

nuget-license -i MyProject.csproj -a allowed-licenses.json

Generate pretty JSON output

nuget-license -i MyProject.csproj -o JsonPretty

See docs/output-json.md for detailed information about the JSON output format.

Download all license files

nuget-license -i MyProject.csproj -d licenses/

Map license files to license types

nuget-license -i MyProject.csproj -file-mapping license-file-mappings.json

Note: License file paths in the JSON are relative to the JSON file's directory.

Advanced Usage

• Multiple projects: Use -ji with a JSON file listing multiple projects/solutions.
• Override package info: Use -override to supply custom license info for specific packages.
• Ignore packages: Use -ignore to skip in-house or known packages.
• Exclude projects: Use -exclude-projects to skip test or sample projects.

Building from Source

1. Clone the repository.
2. Build with your preferred .NET SDK.
3. For the dotnet tool: dotnet pack NuGetLicenseCore
4. For the framework exe: build NuGetLicenseFramework and use the resulting .exe.

License

See LICENSE for details.