vgv-license-compliance
License Compliance
Dependency license auditor for Dart and Flutter projects — verifies that all package dependencies use licenses compatible with the project's requirements using the Very Good CLI MCP tools.
Core Standards
Apply these standards to ALL license compliance work:
- Run
packages_check_licensesMCP tool on the target project directory withlicenses: trueto display full license information - A missing license is not "no license" — it means "all rights reserved" by default; always flag
- Transitive dependencies matter — a permissive package that depends on a GPL package still carries the GPL obligation
- Flag for manual review when in doubt — never assume compliance without a clear license identifier
License Categories
| Category | Licenses | Risk | Guidance |
|---|---|---|---|
| Permissive | MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0 | Low | Safe for any use |
| Weak copyleft | LGPL-2.1, LGPL-3.0, MPL-2.0 | Medium | Safe for dynamic linking; flag for static linking or modification |
| Strong copyleft | GPL-2.0, GPL-3.0, AGPL-3.0 | High | May require the entire project to adopt the same license |
| Unknown/Missing | None detected | High | Flag immediately for manual review |
Audit Process
1. Run License Check
Call the packages_check_licenses MCP tool on the target project directory.
2. Categorize Results
Classify each dependency license using the categories above. Pay attention to:
- Direct dependencies with strong copyleft licenses
- Transitive dependencies that introduce copyleft obligations
- Packages with no license or an unrecognized license identifier
3. Report Findings
Produce a structured compliance report:
## License Compliance Report
### Summary
- Total dependencies scanned: N
- Compliant: N
- Flagged: N
### Flagged Dependencies
| Package | License | Risk | Recommendation |
| --- | --- | --- | --- |
| package_name | GPL-3.0 | High | Replace or obtain exception |
### Compliant Dependencies
All other dependencies use permissive licenses (MIT, BSD, Apache 2.0).
### Recommendations
1. [Most urgent action]
2. [Next action]
More from verygoodopensource/very_good_ai_flutter_plugin
vgv-static-security
>
23vgv-testing
Best practices for Dart unit tests, Flutter widget tests, and golden file tests. Use when writing, modifying, or reviewing tests that use package:test, package:flutter_test, package:mocktail, or package:bloc_test.
4vgv-navigation
Best practices for navigation and routing in Flutter using GoRouter. Use when creating, modifying, or reviewing routes, deep links, redirects, or navigation logic that uses package:go_router or package:go_router_builder.
4vgv-layered-architecture
Best practices for VGV layered monorepo architecture in Flutter. Use when structuring a multi-package Flutter app, creating data or repository packages, defining layer boundaries, or wiring dependencies between packages.
4vgv-accessibility
Flutter accessibility auditing and remediation with WCAG 2.1 level selection (A, AA, AAA) across mobile, desktop, and web platforms. Use when building, auditing, or reviewing widgets for screen reader support, touch targets, focus management, color contrast, text scaling, or motion sensitivity. Begins by asking the WCAG conformance level and target platform(s) before applying level-appropriate, platform-aware criteria.
4vgv-material-theming
Best practices for Flutter theming using Material 3. Use when creating, modifying, or reviewing ThemeData, ColorScheme, TextTheme, component themes, spacing systems, or light/dark mode support.
4