JoostK
commented
11 months ago Duplicate of #44428
Closed ben-spiller closed 11 months ago
JoostK
commented
11 months ago Duplicate of #44428
angular-automatic-lock-bot[bot]
commented
10 months ago This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
This action has been performed automatically by a bot.
Which @angular/* package(s) are relevant/related to the feature request?
core
Description
Angular's license https://angular.io/license states there is a legal requirement on all users to include Angular's "copyright notice and this permission notice" in all copies of the software (i.e. similar licensing to most open sources packages). However unlike most packages in the npm registry, Angular does not actually include this license-copyright notice inside its NPM packages, only on the website.
Given most users of Angular probably have 100s of different NPMs in their application, a manual approach to licensing compliance is impractical - the only way anyone can hope to comply with the licensing terms for their NPM packages is to use automation to scan the NPM packages and generate a suitable attribution report with the copyright and notice messages (e.g. using tools such as scancode, BlackDuck, SonaType, mend.io etc). However unlike most NPM packages, Angular does not actually include the above attribution inside its packages, making it impossible to automate using the same tooling you'd use for most others. I guess you'd have to write some completely custom scripting just for Angular, or manually get a human to download the Angular license file and patch it into your auto-generated attribution notice. Not ideal.
Proposed solution
The easy solution is include a NOTICES file containing the contents of https://angular.io/license inside all Angular's NPM packages, to allow compliance with the Angular notices to be automated.
Alternatives considered
(unliekly): If we can't make it straightforward for users to comply with Angular's license terms through automation, remove the clause about requiring everyone to include the copyright+notice from the Angular license.