Skip to content

Package distributions are not licensed #4944

Closed
@honzajavorek

Description

@honzajavorek

Hi @gaearon et al 👋 The code of the create-react-app monorepo is licensed under MIT, and that's great. But according to MIT, the license text needs to be attached everywhere:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

The npm packages as they're published and distributed, do not comply with this as they do not contain the license files. Effectively, without the full license text they're proprietary code and cannot be used by anyone who cares about licenses. The SPDX identifier in the package.json is not satisfactory (not only) for the reasons mentioned above. There are two solutions to this:

  1. Upgrade to Lerna@3, as it has the licensing built-in now
  2. Copy & paste the root license to all projects in the packages directory, so it gets picked up by npm during publishing, and to re-publish all of them with a new patch version.

For more information, see lerna/lerna#1465 (comment), babel/babel#7308 (comment), babel/babel#8409 (comment).


A similar issue: facebook/regenerator#354

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions