Add 'licence' field to /api/packages/<package> endpoint

[delliot]

I have a usecase where I need to cache licenses for Pub packages. It's currently possible to download each version archive tarball and examine the license file, but it would save downloading tarballs if you were able to add a 'license' field to either the top level package object, or to each version object as returned by the /api/packages/<package> endpoint.

It is currently possible to get the rest of this metadata (if available) from the pubspec field, but the license data is only possible by parsing the HTML or tarball.

// Current object:

{
        "version": "",
        "pubspec": {},
        "license": "MIT" // Suggested new field
        "archive_url": "",
        "archive_sha256": "",
        "published": ""
},

[sigurdm]

I don't think we'll extend the version listing api with this information.

The only official apis we support are documented on: https://pub.dev/help/api

There is the unofficial https://pub.dev/api/packages/<package>/score it contains the derived license.

Don't build a big pipeline on it, as we might change it in the future without warning.

[isoos]

I have a usecase where I need to cache licenses for Pub packages.

Could you please share more about the use-case and how we may serve it better?

There is the unofficial https://pub.dev/api/packages//score it contains the derived license.

Please take this seriously. We don't support APIs outside of the ones on the linked help page.

[jonjanego]

👋 from the GitHub dependency graph team. We'd also love to have this data in the API, as it would help us report on license information in Dart packages. Currently we don't have it since there isn't an authoritative API to source this data from, limiting Dart from being able to use features like dependency review. We'd love to offer this to our many shared users.