flutter_oss_manager 2.2.0

A Flutter package and CLI for scanning, summarizing, and generating open-source license information for your project's dependencies.

2.2.0

• feature: scan gains a --runtime-only flag that restricts license collection to packages reachable from the root pubspec.yaml dependencies: section. dev_dependencies and their transitive packages (build_runner, flutter_lints, test, analyzer, leak_tracker, …) are excluded via a proper dependency graph walk that reads each package's own pubspec. Packages reachable from both runtime and dev paths (e.g. collection, path) are still included — if it ships with your app, it appears in the output.
• logging: Runtime-only mode prints a summary of kept vs. skipped counts. When --runtime-only is not active and problematic licenses are found, the warning footer now suggests re-running with the flag to filter out dev-only false positives.
• graph sources: The graph walker resolves pubspecs for all four pubspec.lock source types: hosted (pub cache), sdk (Flutter SDK, including the sky_engine fallback path under bin/cache/pkg/), path (relative resolved against the project root), and git (pub cache git checkouts).
• compat: No breaking changes. Default behavior (scan all packages) is unchanged. The generated .g.dart format is byte-compatible with 2.1.0.
• limitations: pub workspaces (multi-package projects with resolution: workspace) are not yet supported — the walker reads a single root pubspec.yaml. The PUB_CACHE environment variable is ignored (matches existing scan behavior); fix scheduled for a future patch release.

2.1.0

• feature: SPDX license identification now queries pub.dev's analysis API first, falling back to the existing heuristic matcher when pub.dev is unavailable, returns no license tag, or the package isn't hosted on pub.dev (SDK packages, private hosts). Results are cached under .dart_tool/flutter_oss_manager/pub_license_cache.json keyed by <name>@<version>, so repeated scans of the same pubspec.lock require zero network traffic.
• cli: scan gains three flags:
  • --offline — skip pub.dev; use cache + heuristic only.
  • --refresh-cache — clear the existing cache and re-fetch everything.
  • --no-cache — do not read or write the cache file for this run.
• concurrency: Package scans run in batches of 8, so first-run scans with a warm pub.dev no longer serialize HTTP round-trips.
• logging: Each hosted package now prints the source of its SPDX decision ([cache], [pub-api], [heuristic], [negative]) for easier debugging.
• compat: No breaking changes. The generated .g.dart files are byte-compatible with 2.0.0; SDK packages (flutter, flutter_test, sky_engine) continue to use heuristic matching.
• privacy: On first run (or after --refresh-cache), package names from pubspec.lock are sent to pub.dev to look up license metadata. All those names are already public information, but use --offline if your build environment must not reach external services.

2.0.0

Upgrade path: 1.1.0 → 2.0.0 direct jump. 1.2.0 was an internal iteration and is not published; its per-license encoding approach is superseded by the whole-blob approach below.

• breaking: Complete redesign of the generated file. The top-level const List<OssLicense> ossLicenses is removed. The entire license list is now stored as a single gzip+base64-encoded JSON blob, decoded lazily via a reference-counted handle API.
• api: New surface in the generated file:
  • OssLicenses.acquire() returns a Future<OssLicensesHandle>.
  • OssLicensesHandle.licenses exposes the decoded List<OssLicense>.
  • OssLicensesHandle.close() releases the reference. When all handles are closed, the cache is dropped and becomes GC-eligible.
  • OssLicense.licenseText is a plain String field (no getter, no decode cost at access time).
• output: dart run flutter_oss_manager scan (or generate) now writes 4 files per --output target: the main file + 3 platform decoder sidecars (*_decoder_stub.g.dart, *_decoder_io.g.dart, *_decoder_web.g.dart). Commit all four if you check generated files into VCS; deleting any one breaks compilation.
• default path: Default --output changed to lib/oss_licenses.g.dart (was lib/oss_licenses.dart). The .g.dart suffix signals tool-owned files. To keep the old path, pass --output lib/oss_licenses.dart explicitly — the generator falls back to plain .dart sidecars in that case.
• headers: Each generated file starts with a // GENERATED CODE - DO NOT MODIFY BY HAND marker, the generator version, a content-hash: crc32:XXXXXXXX fingerprint, and // ignore_for_file: type=lint. The hash is informational (no runtime verification) but makes tamper/staleness diffs obvious in code review and CI.
• regeneration: The generator overwrites existing files unconditionally, matching build_runner conventions. The .g.dart suffix is the warning; never hand-edit generated files.
• platforms: Flutter Web (dart2js and dart2wasm) is supported via dart:js_interop + browser-native DecompressionStream. Requires Chrome 80+, Firefox 113+, Safari 16.4+.
• sdk: Minimum Dart SDK bumped to 3.4.0 (for stable dart:js_interop typed-data bridge). Minimum Flutter bumped to 3.22.0.
• determinism: Generated gzip output is byte-stable across runs (mtime and OS bytes zeroed). VCS diffs stay clean as long as license inputs don't change.
• action required: Delete your old oss_licenses.dart and re-run dart run flutter_oss_manager scan. Old 1.1.0 generated files do not compile against 2.0.0.
• dev note: Static cache state survives hot reload. After regenerating during development, use hot restart, not hot reload.

Migrating from 1.1.0

Before:

import 'package:your_app/oss_licenses.dart';

ListView.builder(
  itemCount: ossLicenses.length,
  itemBuilder: (c, i) => ListTile(
    title: Text(ossLicenses[i].name),
    subtitle: Text(ossLicenses[i].licenseSummary),
  ),
);

After:

import 'package:your_app/oss_licenses.g.dart';

class LicensePage extends StatefulWidget {
  const LicensePage({super.key});
  @override
  State<LicensePage> createState() => _LicensePageState();
}

class _LicensePageState extends State<LicensePage> {
  late final Future<OssLicensesHandle> _handle = OssLicenses.acquire();

  @override
  void dispose() {
    _handle.then((h) => h.close());
    super.dispose();
  }

  @override
  Widget build(BuildContext context) =>
      FutureBuilder<OssLicensesHandle>(
        future: _handle,
        builder: (_, snap) {
          if (!snap.hasData) return const CircularProgressIndicator();
          final licenses = snap.data!.licenses;
          return ListView.builder(
            itemCount: licenses.length,
            itemBuilder: (_, i) => ListTile(
              title: Text(licenses[i].name),
              subtitle: Text(licenses[i].licenseSummary),
            ),
          );
        },
      );
}

If you previously used ossLicenses from a StatelessWidget, convert it to a StatefulWidget (or an InheritedWidget / state-management provider) so the acquired handle can be closed on dispose.

If you prefer one-time eager loading at app startup:

Future<void> main() async {
  WidgetsFlutterBinding.ensureInitialized();
  final handle = await OssLicenses.acquire();
  runApp(MyApp(licensesHandle: handle));
}

1.1.0

• fix: CLI tool이 dart:ui를 사용하지 않도록 수정하여 dart run 명령어로 정상 실행 가능하도록 개선

1.0.2

• feat: Added prominent warnings for potentially problematic licenses (GPL, LGPL, AGPL) during scan.

1.0.1

• Added comprehensive Dartdoc comments to public API elements to improve documentation score on pub.dev.

1.0.0

• Initial release of flutter_oss_manager.
• Implemented CLI for scanning dependencies and generating a oss_licenses.dart file.
• Features a two-tier license detection system (Heuristic and Similarity-based) for high accuracy.
• Supports a wide range of licenses including MIT, Apache, BSD, GPL, LGPL, and MPL.
• Extracts comprehensive package details like version, description, and repository URL.
• Automatically handles Flutter SDK licenses.