FOSSA picking up GPL in scan #64
Comments
|
Thanks for noticing this! I guess it should be defined as per package.json description. PR welcome! |
|
Before I can, I need to understand a few things. Why does the LICENSE file have the GPL license in it if it's not dual licensed? It seems like the GPL license needs to be removed from there if this is not required. i.e. Are any of your dependencies GPL? EDIT: I think your dependencies are GPL clean. Also, what is the Copyright (c) 2010 "Cowboy" Ben Alman license? Does that need to stay? |
|
This package originally comes from jQuery plugin by Ben Alman. Source code was heavily modified to remove jQuery as dependancy, but I wanted to keep attribution to original package. I think this can be removed now and only MIT license can stay. |
|
Thanks for the PR! |
I have looked through your closed issues and see that the dual license has been removed in favor of MIT. However, the license is very unclear here. We are seeing a FOSSA flag for GPL. A GPL license is being picked up in LICENSE.MD while MIT is listed as the only license in the package.json. Either the GPL license text needs to be removed from the license file or the package.json needs to list both for clarity. When dealing with closed-source products, you cannot take the risk with these licenses.
The text was updated successfully, but these errors were encountered: