generate_legal_notices
Scans project source code to automatically generate complete legal attribution notices with license texts for distribution compliance.
Instructions
PRIMARY TOOL: Generate legal notices by scanning source code directly (DEFAULT - FAST).
This is the RECOMMENDED tool for creating legal compliance documentation. Scans your project's source code directly to detect ALL packages (including transitive dependencies) and generates comprehensive attribution notices.
⚠️ THIS IS THE DEFAULT TOOL - Use this for most cases!
Scans source code directly (node_modules/, site-packages/, vendor/)
Detects ALL packages automatically (transitive dependencies included)
10x faster than downloading from registries
No need to extract PURLs manually
WHEN TO USE THIS TOOL:
You have source code locally with dependencies installed
npm project with node_modules/ directory
Python project with site-packages/ or virtualenv
Any project with locally installed dependencies
WHEN NOT TO USE:
Dependencies not installed locally → Use generate_legal_notices_from_purls instead
You already have a PURL list → Use generate_legal_notices_from_purls instead
PURPOSE: Creates production-ready legal compliance documentation including:
Complete copyright holder attributions (auto-extracted)
Full license texts from SPDX
Formatted for NOTICE file inclusion
Ready for app store submission
Professional legal documentation
WHEN TO USE (MOST COMMON SCENARIOS):
Creating NOTICE files for distribution (PRIMARY USE CASE)
Generating legal compliance documentation for any product
After scanning packages and need complete attribution
Preparing legal docs for app store submissions (iOS/Android)
Need copyright holder information (automatically extracted)
Anytime you need production-ready legal documentation
WHEN NOT TO USE:
Understanding individual license obligations → use get_license_obligations
Just checking license compatibility → use check_license_compatibility
Quick validation only → use validate_license_list
Want one-shot complete workflow → use run_compliance_check
DON'T have PURLs yet → use scan_directory FIRST to get them
WORKFLOW POSITION: Typically used AFTER scan_directory/check_package and validation (validate_license_list), as the FINAL step to generate legal documentation.
COMMON WORKFLOWS:
Mobile App Compliance (MOST COMMON): scan_directory(check_vulnerabilities=True, identify_packages=True) → validate_license_list(distribution="mobile") → generate_legal_notices(purls=[...], output_file="NOTICE.txt") [PRIMARY] → generate_sbom(path=".")
After Package Analysis: check_package(identifier="pkg:npm/express@4.0.0") → validate_policy(licenses=[...]) → generate_legal_notices(purls=[...])
Batch Compliance: scan_directory(path=".", identify_packages=True) → (parallel) generate_sbom + generate_legal_notices
BACKEND: Uses purl2notices in scan mode to read source code directly. Automatically extracts copyright holders, fetches license texts from SPDX, and formats complete attribution.
Args: path: Path to source directory to scan (project root with dependencies installed) output_format: Output format - "text" (default), "html", "markdown" output_file: Optional path to save the output file include_license_text: If True, include full license texts (default: True)
Returns: Dictionary containing: - notices: The generated legal notices text - packages_processed: Number/description of packages processed - packages_failed: Number of packages that failed processing - output_file: Path to saved file (if output_file was specified) - format: The output format used - mode: "scan_directory" (indicates source code scanning was used)
Examples: # Generate text NOTICE file for npm project generate_legal_notices( path="/path/to/npm-project", output_file="NOTICE.txt" )
# Generate HTML notices for Python project
generate_legal_notices(
path="/path/to/python-project",
output_format="html",
output_file="NOTICE.html"
)
# Quick scan without saving to file
result = generate_legal_notices(path=".")
print(result["notices"])
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | ||
| output_file | No | ||
| output_format | No | text | |
| include_license_text | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |