-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Browserify depends on unlicensed code #1828
Comments
If |
@calvinmetcalf licenses! 😃 |
indexof is replaced by component-indexof, which includes a license, in vm-browserify@1, so we only need to bump that dependency #1829 |
There are open PRs to remove jsonify: |
ok all of the cryptobrowserify ones are done except create-hash which I think has a breaking change snuck into master so I almost certaily don't want to publish that one as is |
pull for create hash is up browserify/createHash#22 |
ok done on my end (as far as I know) |
published browserify@16.2 which removes the indexof dep. |
Thanks for the work here all, I really appreciate it! Especially to @calvinmetcalf for releasing various libraries with LICENSE so quickly.
There seems to be two indexof NPM packages, |
huh, i coulda sworn component-indexof had a license added. you're right, it does not 🙈 |
just added a hand written polyfill for indexOf to vm-browserify@1.0.1, so component-indexof is no longer in use. (Probably makes sense to just remove the polyfills entirely, most other browserify builtins haven't supported IE8 for a while.) |
vm-browserify up until 1.0.1 dependy upon unlicensed code. [0][1] This means node-libs-browser does too. This resolves the issue by upgrading it. All changes in between where non-breaking. [2] [0] browserify/browserify#1828 [1] component/indexof#6 [2] https://github.com/browserify/vm-browserify/releases
It looks like buffer-from has had a license added. |
path-parse@1.0.6 includes a license file. |
The browserify package depends on various other packages which do not have valid licenses. This makes it hard to install browserify as in doing so you'd be making possibly illegal copies of the dependencies. Some declare that they follow the MIT license in package.json, but as they do not include a copyright notice in the NPM package it would be against the license to make a copy (such as running
npm install -g browserify
).I think in most of the cases, the linked issues and pull requests can be resolved to create new releases of the dependencies so I've filled this bug to track in browserify. However in the case of jsonify it seems that it may not be so clear and perhaps the best course of action would be to find an alternative solution.
I've listed all of the dependencies that I spotted which do not have a valid license and opened issues or PRs on the respective packages:
The text was updated successfully, but these errors were encountered: