mix licenses.explain (hex_licenses v0.3.3)
Prints all dependencies with unrecognized or non-OSI-approved licenses.
It is not mandatory for a package's
:licenses value to contain only SPDX license identifiers, it is only recommended.
Therefore, some problems reported by
mix licenses may be false alarms.
For example, a project may specify its license as
MIT License rather than the SPDX identifier
--osi- additionally check if all licenses are approved by the Open Source Initiative
--update- pull down a fresh copy of the SPDX license list instead of using the version checked in with this tool.