-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure that all node modules used in production build are GPLv2+ compatible #6508
Comments
Pretty sure Apache, BSD & MIT can become GPL, just not the other way. Also, WP has had MIT code in the past I'm sure. |
AFAIK WP is GPL 2+, so GPL 3 code is more of a problem due to threat against TiVo (more WP.com concern). IANAL though |
MIT, BSD, ISC and the CC licenses are fine, which is why I only highlighted the Apachev2 and GPL3 modules. Apache v2 isn't GPL2 compatible. https://www.gnu.org/licenses/license-list.html#apache2 GPL3 isn't GPL2 compatible: https://www.gnu.org/licenses/license-list.en.html#GNUGPL |
Whee, thanks for the summary, @aaronjorbin. How did you generate that list of packages? It seems like it's included some that shouldn't be there.
|
@pento Thanks so much for investigating further. I used https://github.com/davglass/license-checker, specificlly I think it might be worthwhile to automate this is in some way and also make it more reliable. |
FYI: mkdir tmp && cd tmp && npm i npm --save
npx license-checker --summary --production
npx: installed 739 in 12.253s
├─ MIT: 232
├─ ISC: 98
├─ BSD-2-Clause: 13
├─ MIT*: 11
├─ BSD-3-Clause: 10
├─ Apache-2.0: 8
├─ Artistic-2.0: 4
├─ CC0-1.0: 3
├─ (WTFPL OR MIT): 3
├─ ISC*: 2
├─ Custom: https://travis-ci.org/ember-cli/ember-cli.svg: 1
├─ (MIT OR Apache-2.0): 1
├─ Apache 2.0: 1
├─ (BSD-2-Clause OR MIT OR Apache-2.0): 1
├─ AFLv2.1,BSD: 1
├─ (BSD-2-Clause OR MIT): 1
├─ CC-BY-3.0: 1
└─ Unlicense: 1 Because |
I agree this should be automated. We can use |
Who loves piping commands? We love piping commands!
After upgrading
|
I've asked the |
Sounds like this is covered now. Please, reopen if not. |
With Guteneberg requiring almost 300 different node modules, we need to make sure anything that gets shipped to our end users is licensed in a GPL compatible way.
Using license-checker to look at all this:
The Apache-2.0 licensed isn't compatible with GPL v2, so we will need to find replacements for, convince them to update their license, or ensure they aren't included in the production build:
doctrine@2.1.0
Apache-2.0eslint-visitor-keys
Apache-2.0mousetrap
Apache-2.0rx-lite
Apache License, Version 2.0rx-lite-aggregates
Apache License, Version 2.0spdx-correct
Apache-2.0validate-npm-package-license
Apache-2.0Also, there is one GPL3 module
dom-react
GPL-3.0This isn't exhaustive and we likely need to go through each submodule by hand to ensure we don't inadvertently include something like code mirror's jshint file (which core did).
The text was updated successfully, but these errors were encountered: