generate_legal_notices_from_purls
Generate legal notices by downloading packages from registries using a list of Package URLs (PURLs). Use when dependencies are not available locally.
Instructions
ALTERNATIVE TOOL: Generate legal notices from PURL list (downloads from registries - SLOWER).
Use this tool ONLY when:
Dependencies are NOT installed locally (no node_modules/, site-packages/)
You already have a list of PURLs from another source
You're working with a PURL list, not source code
⚠️ PERFORMANCE WARNING: This downloads packages from registries (slow)
Downloads each package from npm/PyPI/etc (1-2 seconds per package)
For 49 packages: ~60-120 seconds
Use generate_legal_notices(path=...) instead if you have source code
⚠️ CRITICAL: DO NOT manually extract PURLs from package.json or requirements.txt!
WRONG: Reading package.json, extracting "http-server@14.1.1" → 1 PURL
RIGHT: Use scan_directory() to get ALL transitive dependencies → 49 PURLs
Example: npm project with 1 dependency = ~50 packages in node_modules (all needed!)
WHEN TO USE THIS TOOL:
Source code not available locally
Working with a pre-existing PURL list
Dependencies not installed (no node_modules/ or site-packages/)
WHEN NOT TO USE (use generate_legal_notices instead):
You have source code with dependencies installed locally
npm project with node_modules/ → Use generate_legal_notices(path=...)
Python project with virtualenv → Use generate_legal_notices(path=...)
Args: purls: List of Package URLs (e.g., ["pkg:npm/express@4.0.0", "pkg:pypi/django@4.2.0"]) output_format: Output format - "text" (default), "html", "markdown" output_file: Optional path to save the output file include_license_text: If True, include full license texts (default: True)
Returns: Dictionary containing: - notices: The generated legal notices text - packages_processed: Number of packages successfully processed - packages_failed: Number of packages that failed processing - output_file: Path to saved file (if output_file was specified) - format: The output format used - mode: "download_purls" (indicates registry downloads were used)
Examples: # Generate notices from PURL list (after scan_directory) scan_result = scan_directory("/path/to/project") purls = [pkg["purl"] for pkg in scan_result["packages"]] generate_legal_notices_from_purls( purls=purls, output_file="NOTICE.txt" )
# Generate HTML notices from specific PURLs
generate_legal_notices_from_purls(
purls=["pkg:npm/express@4.21.2", "pkg:npm/body-parser@1.20.3"],
output_format="html",
output_file="NOTICE.html"
)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| purls | Yes | ||
| output_file | No | ||
| output_format | No | text | |
| include_license_text | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |