martina-if
commented
1 year ago @K-Phoen can you please take a look?
Closed punkle closed 1 year ago
martina-if
commented
1 year ago @K-Phoen can you please take a look?
K-Phoen
commented
1 year ago I'm not against this PR since it indeed is a dev dependency, but I'm not sure I understand why its licensing would be an issue here: this dependency isn't part of any package published by this repository (the root package is purely here to enable the CI/CD pipelines and a local dev environment to work properly)
martina-if
commented
1 year ago Hi @K-Phoen , thank you. I didn't realize that this is the root package only. The issue we have is that this is flagged from FOSSA. I'm hoping that by moving it to the devDependencies it would recognize it as a non-production dependency and not flag it anymore. But now that I know for sure this is not a production dependency I can just mark it as approved.
punkle
commented
1 year ago @K-Phoen I believe we could merge this to remove any ambiguity? That is assuming the package is not required as a dependency.
K-Phoen
commented
1 year ago Merged, thanks! :)
One of the dependencies of the changesets package contains a GPL license which is more restrictive than the MIT licences. By making it a dev dependency it makes this plugin more acessible for use.
Im hoping there was not a good reason that it was a top level dependency in the first place.