vgv-license-compliance
License Compliance
Dependency license auditor for Dart and Flutter projects — verifies that all package dependencies use licenses compatible with the project's requirements using the Very Good CLI MCP tools.
Core Standards
Apply these standards to ALL license compliance work:
- Run
packages_check_licensesMCP tool on the target project directory withlicenses: trueto display full license information - A missing license is not "no license" — it means "all rights reserved" by default; always flag
- Transitive dependencies matter — a permissive package that depends on a GPL package still carries the GPL obligation
- Flag for manual review when in doubt — never assume compliance without a clear license identifier
License Categories
| Category | Licenses | Risk | Guidance |
|---|---|---|---|
| Permissive | MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0 | Low | Safe for any use |
| Weak copyleft | LGPL-2.1, LGPL-3.0, MPL-2.0 | Medium | Safe for dynamic linking; flag for static linking or modification |
| Strong copyleft | GPL-2.0, GPL-3.0, AGPL-3.0 | High | May require the entire project to adopt the same license |
| Unknown/Missing | None detected | High | Flag immediately for manual review |
Audit Process
1. Run License Check
Call the packages_check_licenses MCP tool on the target project directory.
2. Categorize Results
Classify each dependency license using the categories above. Pay attention to:
- Direct dependencies with strong copyleft licenses
- Transitive dependencies that introduce copyleft obligations
- Packages with no license or an unrecognized license identifier
3. Report Findings
Produce a structured compliance report:
## License Compliance Report
### Summary
- Total dependencies scanned: N
- Compliant: N
- Flagged: N
### Flagged Dependencies
| Package | License | Risk | Recommendation |
| --- | --- | --- | --- |
| package_name | GPL-3.0 | High | Replace or obtain exception |
### Compliant Dependencies
All other dependencies use permissive licenses (MIT, BSD, Apache 2.0).
### Recommendations
1. [Most urgent action]
2. [Next action]
More from verygoodopensource/vgv-ai-flutter-plugin
vgv-accessibility
Flutter accessibility auditing and remediation with WCAG 2.1 level selection (A, AA, AAA) across mobile, desktop, and web platforms. Begins by asking the WCAG conformance level and target platform(s) before applying level-appropriate, platform-aware criteria.
3vgv-bloc
Best practices for Bloc state management in Flutter/Dart. Use when writing, modifying, or reviewing code that uses package:bloc, package:flutter_bloc, or package:bloc_test.
2vgv-ui-package
Best practices for building a Flutter UI package on top of Material — custom components, ThemeExtension-based theming, consistent APIs, and widget tests. Use when user says "create a ui package". Supports app_ui_package template.
2vgv-testing
Best practices for Dart unit tests, Flutter widget tests, and golden file tests. Use when writing, modifying, or reviewing tests that use package:test, package:flutter_test, package:mocktail, or package:bloc_test.
2vgv-navigation
Best practices for navigation and routing in Flutter using GoRouter. Use when creating, modifying, or reviewing routes, deep links, redirects, or navigation logic that uses package:go_router or package:go_router_builder.
2vgv-static-security
>
2