Open ch3yne opened 10 months ago
Hi, @justinmclean, I created this issue regarding #875 and #829. https://github.com/datastrato/gravitino/issues/829#issuecomment-1842012630
Which dependency packages should I add into LICENSE
or NOTICE
?
The source code of these packages won't be included in either the webUI's source files or the compiled production versions.
The dependencies declared in package.json
are just for utility purposes.
Do I only need to add the packages used in package.json
to the LICENSE
or NOTICE
file?
By the way, this command is executed within superset/superset-frontend. ❯ license-checker --production --summary ├─ MIT: 527 ├─ ISC: 49 ├─ Apache-2.0: 41 ├─ BSD-3-Clause: 37 ├─ BSD-2-Clause: 18 ├─ MIT*: 3 ├─ (MIT OR Apache-2.0): 2 ├─ Custom: https://github.com/tmcw/jsonlint: 1 ├─ Unlicense: 1 ├─ CC-BY-4.0: 1 ├─ (MPL-2.0 OR Apache-2.0): 1 ├─ Apache-2.0 WITH LLVM-exception: 1 └─ 0BSD: 1
Please read the document I created yesterday on how to do this, in general dependencies that don't end up in what we release don't need to be mentioned. However, I can help with this I'm just working on the binary LICENSE and NOTICE file.
Please read the document I created yesterday on how to do this, in general dependencies that don't end up in what we release don't need to be mentioned. However, I can help with this I'm just working on the binary LICENSE and NOTICE file.
Thank you for the document and I have read it.
In the current webUI, there is no 3rd-party code, and part from the dependencies mentioned in the package.json
, there are no other 3rd-party dependencies.
the front-end dist directory packaged as a war file does not include caniuse-lite. The compiled analysis does not seem to include the paths where it could be included either.
caniuse-lite is a deep nested dependency included in browserlist, referenced as a toolchain in next and autoprefixer. It is a JSON file used to check browser compatibility issues, which are hard to avoid in modern frontend development.
❯ license-checker-rseidelsohn
├─ @emotion/cache@@11.11.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/emotion-js/emotion.git#main
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/cache
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/cache/LICENSE
├─ @emotion/react@@11.11.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/emotion-js/emotion.git#main
│ ├─ publisher: Emotion Contributors
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react/LICENSE
├─ @emotion/styled@@11.11.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/emotion-js/emotion.git#main
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/styled
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/styled/LICENSE
├─ @eslint-community/eslint-utils@@4.4.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/eslint-community/eslint-utils
│ ├─ publisher: Toru Nagashima
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint-community/eslint-utils
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint-community/eslint-utils/LICENSE
├─ @eslint-community/regexpp@@4.10.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/eslint-community/regexpp
│ ├─ publisher: Toru Nagashima
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint-community/regexpp
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint-community/regexpp/LICENSE
├─ @eslint/eslintrc@@2.1.4
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/eslint/eslintrc
│ ├─ publisher: Nicholas C. Zakas
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint/eslintrc
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint/eslintrc/LICENSE
├─ @eslint/js@@8.56.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/eslint/eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint/js
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@eslint/js/LICENSE
├─ @hookform/resolvers@@3.3.4
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/react-hook-form/resolvers
│ ├─ publisher: bluebill1049
│ ├─ email: bluebill1049@hotmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@hookform/resolvers
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@hookform/resolvers/LICENSE
├─ @iconify/react@@4.1.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/iconify/iconify
│ ├─ publisher: Vjacheslav Trushkin
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@iconify/react
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@iconify/react/license.txt
├─ @mui/icons-material@@5.15.11
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/mui/material-ui
│ ├─ publisher: MUI Team
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/icons-material
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/icons-material/LICENSE
├─ @mui/lab@@5.0.0-alpha.159
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/mui/material-ui
│ ├─ publisher: MUI Team
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/lab
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/lab/LICENSE
├─ @mui/material@@5.15.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/mui/material-ui
│ ├─ publisher: MUI Team
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/material
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/material/LICENSE
├─ @mui/x-data-grid@@6.18.7
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/mui/mui-x
│ ├─ publisher: MUI Team
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/x-data-grid
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/x-data-grid/LICENSE
├─ @mui/x-tree-view@@6.17.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/mui/mui-x
│ ├─ publisher: MUI Team
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/x-tree-view
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@mui/x-tree-view/LICENSE
├─ @next/bundle-analyzer@@14.0.4
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/vercel/next.js
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@next/bundle-analyzer
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@next/bundle-analyzer/readme.md
├─ @next/eslint-plugin-next@@14.0.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/vercel/next.js
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@next/eslint-plugin-next
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@next/eslint-plugin-next/README.md
├─ @reduxjs/toolkit@@1.9.7
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/reduxjs/redux-toolkit
│ ├─ publisher: Mark Erikson
│ ├─ email: mark@isquaredsoftware.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@reduxjs/toolkit
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@reduxjs/toolkit/LICENSE
├─ @rushstack/eslint-patch@@1.6.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/microsoft/rushstack
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@rushstack/eslint-patch
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@rushstack/eslint-patch/LICENSE
├─ @types/lodash-es@@4.17.12
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/lodash-es
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/lodash-es/LICENSE
├─ @types/node@@20.10.7
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/node
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/node/LICENSE
├─ @types/qs@@6.9.11
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/qs
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/qs/LICENSE
├─ @types/react@@18.2.47
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/react
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@types/react/LICENSE
├─ @typescript-eslint/parser@@6.18.1
│ ├─ licenses: BSD-2-Clause
│ ├─ repository: https://github.com/typescript-eslint/typescript-eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/parser
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/parser/LICENSE
├─ @typescript-eslint/scope-manager@@6.18.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/typescript-eslint/typescript-eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/scope-manager
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/scope-manager/LICENSE
├─ @typescript-eslint/types@@6.18.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/typescript-eslint/typescript-eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/types
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/types/LICENSE
├─ @typescript-eslint/typescript-estree@@6.18.1
│ ├─ licenses: BSD-2-Clause
│ ├─ repository: https://github.com/typescript-eslint/typescript-eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/typescript-estree
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/typescript-estree/LICENSE
├─ @typescript-eslint/visitor-keys@@6.18.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/typescript-eslint/typescript-eslint
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/visitor-keys
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@typescript-eslint/visitor-keys/LICENSE
├─ antd@@5.13.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/ant-design/ant-design
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/antd
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/antd/LICENSE
├─ autoprefixer@@10.4.16
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/postcss/autoprefixer
│ ├─ publisher: Andrey Sitnik
│ ├─ email: andrey@sitnik.ru
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/autoprefixer
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/autoprefixer/LICENSE
├─ axios@@1.6.8
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/axios/axios
│ ├─ publisher: Matt Zabriskie
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/axios
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/axios/LICENSE
├─ chroma-js@@2.4.2
│ ├─ licenses: (BSD-3-Clause AND Apache-2.0)
│ ├─ repository: https://github.com/gka/chroma.js
│ ├─ publisher: Gregor Aisch
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/chroma-js
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/chroma-js/LICENSE
├─ clsx@@2.1.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/lukeed/clsx
│ ├─ publisher: Luke Edwards
│ ├─ email: luke.edwards05@gmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/clsx
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/clsx/license
├─ dayjs@@1.11.10
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/iamkun/dayjs
│ ├─ publisher: iamkun
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/dayjs
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/dayjs/LICENSE
├─ env-cmd@@10.1.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/toddbluhm/env-cmd
│ ├─ publisher: Todd Bluhm
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/env-cmd
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/env-cmd/LICENSE
├─ eslint-config-next@@14.0.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/vercel/next.js
│ └─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-config-next
├─ eslint-config-prettier@@9.1.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/prettier/eslint-config-prettier
│ ├─ publisher: Simon Lydell
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-config-prettier
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-config-prettier/LICENSE
├─ eslint-import-resolver-node@@0.3.9
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/import-js/eslint-plugin-import
│ ├─ publisher: Ben Mosher
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-import-resolver-node
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-import-resolver-node/LICENSE
├─ eslint-import-resolver-typescript@@3.6.1
│ ├─ licenses: ISC
│ ├─ repository: https://github.com/import-js/eslint-import-resolver-typescript
│ ├─ publisher: Alex Gorbatchev
│ ├─ email: alex.gorbatchev@gmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-import-resolver-typescript
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-import-resolver-typescript/LICENSE
├─ eslint-module-utils@@2.8.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/import-js/eslint-plugin-import
│ ├─ publisher: Ben Mosher
│ ├─ email: me@benmosher.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-module-utils
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-module-utils/LICENSE
├─ eslint-plugin-import@@2.29.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/import-js/eslint-plugin-import
│ ├─ publisher: Ben Mosher
│ ├─ email: me@benmosher.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-import
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-import/LICENSE
├─ eslint-plugin-jsx-a11y@@6.8.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jsx-eslint/eslint-plugin-jsx-a11y
│ ├─ publisher: Ethan Cohen
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-jsx-a11y
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-jsx-a11y/LICENSE.md
├─ eslint-plugin-react-hooks@@4.6.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/facebook/react
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-react-hooks
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-react-hooks/LICENSE
├─ eslint-plugin-react@@7.33.2
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jsx-eslint/eslint-plugin-react
│ ├─ publisher: Yannick Croissant
│ ├─ email: yannick.croissant+npm@gmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-react
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-plugin-react/LICENSE
├─ eslint-scope@@7.2.2
│ ├─ licenses: BSD-2-Clause
│ ├─ repository: https://github.com/eslint/eslint-scope
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-scope
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-scope/LICENSE
├─ eslint-visitor-keys@@3.4.3
│ ├─ licenses: Apache-2.0
│ ├─ repository: https://github.com/eslint/eslint-visitor-keys
│ ├─ publisher: Toru Nagashima
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-visitor-keys
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint-visitor-keys/LICENSE
├─ eslint@@8.56.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/eslint/eslint
│ ├─ publisher: Nicholas C. Zakas
│ ├─ email: nicholas+npm@nczconsulting.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/eslint/LICENSE
├─ lodash-es@@4.17.21
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/lodash/lodash
│ ├─ publisher: John-David Dalton
│ ├─ email: john.david.dalton@gmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/lodash-es
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/lodash-es/LICENSE
├─ next@@14.0.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/vercel/next.js
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/next
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/next/license.md
├─ nprogress@@0.2.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/rstacruz/nprogress
│ ├─ publisher: Rico Sta. Cruz
│ ├─ email: hi@ricostacruz.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress/License.md
├─ postcss@@8.4.33
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/postcss/postcss
│ ├─ publisher: Andrey Sitnik
│ ├─ email: andrey@sitnik.ru
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/postcss
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/postcss/LICENSE
├─ prettier@@3.1.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/prettier/prettier
│ ├─ publisher: James Long
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/prettier
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/prettier/LICENSE
├─ qs@@6.11.2
│ ├─ licenses: BSD-3-Clause
│ ├─ repository: https://github.com/ljharb/qs
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/qs
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/qs/LICENSE.md
├─ react-dom@@18.2.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/facebook/react
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-dom
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-dom/LICENSE
├─ react-hook-form@@7.49.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/react-hook-form/react-hook-form
│ ├─ email: bluebill1049@hotmail.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-hook-form
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-hook-form/LICENSE
├─ react-hot-toast@@2.4.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/timolins/react-hot-toast
│ ├─ publisher: Timo Lins
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-hot-toast
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-hot-toast/LICENSE
├─ react-redux@@8.1.3
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/reduxjs/react-redux
│ ├─ publisher: Dan Abramov
│ ├─ email: dan.abramov@me.com
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-redux
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-redux/LICENSE.md
├─ react-use@@17.4.2
│ ├─ licenses: Unlicense
│ ├─ repository: https://github.com/streamich/react-use
│ ├─ publisher: @streamich
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-use
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react-use/LICENSE
├─ react@@18.2.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/facebook/react
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/react/LICENSE
├─ tailwindcss@@3.4.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/tailwindlabs/tailwindcss
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/tailwindcss
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/tailwindcss/LICENSE
├─ typescript@@5.3.3
│ ├─ licenses: Apache-2.0
│ ├─ repository: https://github.com/Microsoft/TypeScript
│ ├─ publisher: Microsoft Corp.
│ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/typescript
│ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/typescript/LICENSE.txt
└─ yup@@1.3.3
├─ licenses: MIT
├─ repository: https://github.com/jquense/yup
├─ publisher: @monasticpanic Jason Quense
├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/yup
└─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/yup/LICENSE.md
and use npm check:
``` ❯ npm list gravitino-web@ /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web ├── @emotion/cache@11.11.0 -> ./node_modules/.pnpm/@emotion+cache@11.11.0/node_modules/@emotion/cache ├── @emotion/react@11.11.3 -> ./node_modules/.pnpm/@emotion+react@11.11.3_@types+react@18.2.47_react@18.2.0/node_modules/@emotion/react ├── @emotion/styled@11.11.0 -> ./node_modules/.pnpm/@emotion+styled@11.11.0_@emotion+react@11.11.3_@types+react@18.2.47_react@18.2.0/node_modules/@emotion/styled ├── @eslint-community/eslint-utils@4.4.0 extraneous -> ./node_modules/.pnpm/@eslint-community+eslint-utils@4.4.0_eslint@8.56.0/node_modules/@eslint-community/eslint-utils ├── @eslint-community/regexpp@4.10.0 extraneous -> ./node_modules/.pnpm/@eslint-community+regexpp@4.10.0/node_modules/@eslint-community/regexpp ├── @eslint/eslintrc@2.1.4 extraneous -> ./node_modules/.pnpm/@eslint+eslintrc@2.1.4/node_modules/@eslint/eslintrc ├── @eslint/js@8.56.0 extraneous -> ./node_modules/.pnpm/@eslint+js@8.56.0/node_modules/@eslint/js ├── @hookform/resolvers@3.3.4 -> ./node_modules/.pnpm/@hookform+resolvers@3.3.4_react-hook-form@7.49.3/node_modules/@hookform/resolvers ├── @iconify/react@4.1.1 -> ./node_modules/.pnpm/@iconify+react@4.1.1_react@18.2.0/node_modules/@iconify/react ├── @mui/icons-material@5.15.11 -> ./node_modules/.pnpm/@mui+icons-material@5.15.11_@mui+material@5.15.3_@types+react@18.2.47_react@18.2.0/node_modules/@mui/icons-material ├── @mui/lab@5.0.0-alpha.159 -> ./node_modules/.pnpm/@mui+lab@5.0.0-alpha.159_@emotion+react@11.11.3_@emotion+styled@11.11.0_@mui+material@5.15.3__z5cj5z3g7thm2dkne4q2f3ui3m/node_modules/@mui/lab ├── @mui/material@5.15.3 -> ./node_modules/.pnpm/@mui+material@5.15.3_@emotion+react@11.11.3_@emotion+styled@11.11.0_@types+react@18.2.47_react-dom@18.2.0_react@18.2.0/node_modules/@mui/material ├── @mui/x-data-grid@6.18.7 -> ./node_modules/.pnpm/@mui+x-data-grid@6.18.7_@mui+material@5.15.3_@mui+system@5.15.3_@types+react@18.2.47_react-dom@18.2.0_react@18.2.0/node_modules/@mui/x-data-grid ├── @mui/x-tree-view@6.17.0 -> ./node_modules/.pnpm/@mui+x-tree-view@6.17.0_@emotion+react@11.11.3_@emotion+styled@11.11.0_@mui+material@5.15.3_@_2hznsh66pzrzmt57m2vrwkibhi/node_modules/@mui/x-tree-view ├── @next/bundle-analyzer@14.0.4 -> ./node_modules/.pnpm/@next+bundle-analyzer@14.0.4/node_modules/@next/bundle-analyzer ├── @next/eslint-plugin-next@14.0.3 extraneous -> ./node_modules/.pnpm/@next+eslint-plugin-next@14.0.3/node_modules/@next/eslint-plugin-next ├── @reduxjs/toolkit@1.9.7 -> ./node_modules/.pnpm/@reduxjs+toolkit@1.9.7_react-redux@8.1.3_react@18.2.0/node_modules/@reduxjs/toolkit ├── @rushstack/eslint-patch@1.6.1 extraneous -> ./node_modules/.pnpm/@rushstack+eslint-patch@1.6.1/node_modules/@rushstack/eslint-patch ├── @types/lodash-es@4.17.12 -> ./node_modules/.pnpm/@types+lodash-es@4.17.12/node_modules/@types/lodash-es ├── @types/node@20.10.7 -> ./node_modules/.pnpm/@types+node@20.10.7/node_modules/@types/node ├── @types/qs@6.9.11 -> ./node_modules/.pnpm/@types+qs@6.9.11/node_modules/@types/qs ├── @types/react@18.2.47 -> ./node_modules/.pnpm/@types+react@18.2.47/node_modules/@types/react ├── @typescript-eslint/scope-manager@6.18.1 extraneous -> ./node_modules/.pnpm/@typescript-eslint+scope-manager@6.18.1/node_modules/@typescript-eslint/scope-manager ├── @typescript-eslint/visitor-keys@6.18.1 extraneous -> ./node_modules/.pnpm/@typescript-eslint+visitor-keys@6.18.1/node_modules/@typescript-eslint/visitor-keys ├── antd@5.13.3 -> ./node_modules/.pnpm/antd@5.13.3_react-dom@18.2.0_react@18.2.0/node_modules/antd ├── autoprefixer@10.4.16 -> ./node_modules/.pnpm/autoprefixer@10.4.16_postcss@8.4.33/node_modules/autoprefixer ├── axios@1.6.8 -> ./node_modules/.pnpm/axios@1.6.8/node_modules/axios ├── chroma-js@2.4.2 -> ./node_modules/.pnpm/chroma-js@2.4.2/node_modules/chroma-js ├── clsx@2.1.0 -> ./node_modules/.pnpm/clsx@2.1.0/node_modules/clsx ├── dayjs@1.11.10 -> ./node_modules/.pnpm/dayjs@1.11.10/node_modules/dayjs ├── env-cmd@10.1.0 -> ./node_modules/.pnpm/env-cmd@10.1.0/node_modules/env-cmd ├── eslint-config-next@14.0.3 -> ./node_modules/.pnpm/eslint-config-next@14.0.3_eslint@8.56.0_typescript@5.3.3/node_modules/eslint-config-next ├── eslint-config-prettier@9.1.0 -> ./node_modules/.pnpm/eslint-config-prettier@9.1.0_eslint@8.56.0/node_modules/eslint-config-prettier ├── eslint-import-resolver-node@0.3.9 extraneous -> ./node_modules/.pnpm/eslint-import-resolver-node@0.3.9/node_modules/eslint-import-resolver-node ├── eslint-module-utils@2.8.0 extraneous -> ./node_modules/.pnpm/eslint-module-utils@2.8.0_@typescript-eslint+parser@6.18.1_eslint-import-resolver-node@0.3.9__kqaywb5yrvhoinib5yhs2meepa/node_modules/eslint-module-utils ├── eslint@8.56.0 -> ./node_modules/.pnpm/eslint@8.56.0/node_modules/eslint ├── lodash-es@4.17.21 -> ./node_modules/.pnpm/lodash-es@4.17.21/node_modules/lodash-es ├── next@14.0.3 -> ./node_modules/.pnpm/next@14.0.3_react-dom@18.2.0_react@18.2.0/node_modules/next ├── nprogress@0.2.0 -> ./node_modules/.pnpm/nprogress@0.2.0/node_modules/nprogress ├── postcss@8.4.33 -> ./node_modules/.pnpm/postcss@8.4.33/node_modules/postcss ├── prettier@3.1.1 -> ./node_modules/.pnpm/prettier@3.1.1/node_modules/prettier ├── qs@6.11.2 -> ./node_modules/.pnpm/qs@6.11.2/node_modules/qs ├── react-dom@18.2.0 -> ./node_modules/.pnpm/react-dom@18.2.0_react@18.2.0/node_modules/react-dom ├── react-hook-form@7.49.3 -> ./node_modules/.pnpm/react-hook-form@7.49.3_react@18.2.0/node_modules/react-hook-form ├── react-hot-toast@2.4.1 -> ./node_modules/.pnpm/react-hot-toast@2.4.1_csstype@3.1.3_react-dom@18.2.0_react@18.2.0/node_modules/react-hot-toast ├── react-redux@8.1.3 -> ./node_modules/.pnpm/react-redux@8.1.3_@types+react@18.2.47_react-dom@18.2.0_react@18.2.0_redux@4.2.1/node_modules/react-redux ├── react-use@17.4.2 -> ./node_modules/.pnpm/react-use@17.4.2_react-dom@18.2.0_react@18.2.0/node_modules/react-use ├── react@18.2.0 -> ./node_modules/.pnpm/react@18.2.0/node_modules/react ├── tailwindcss@3.4.1 -> ./node_modules/.pnpm/tailwindcss@3.4.1/node_modules/tailwindcss ├── typescript@5.3.3 -> ./node_modules/.pnpm/typescript@5.3.3/node_modules/typescript └── yup@1.3.3 -> ./node_modules/.pnpm/yup@1.3.3/node_modules/yup ```
As previously discussed, it does include cause-lite. It doesn't matter that it is a deep nested dependency, its license is not compatible with the Apache license as it is considered Category X.
There are over 350 packages that end up in the WebUI
There are over 350 packages that end up in the WebUI
The packages directly referenced in the web are not as many as you have identified. The ones you have found are likely from the package-lock.json or pnpm-lock.yaml files, but this does not necessarily mean that the web includes all of these dependencies. They are simply used to lock the versions of nested dependencies.
The cc-by-4.0 license is not included in category x. https://www.apache.org/legal/resolved.html#cc-by
cc-by-4.0 is Creative Commons Attribution (CC-BY) licenses (2.5, 3.0, and 4.0), not Creative Commons Non-Commercial variants.
It is considered Category X (ie. can't be included) if it is not in binary form. Being JS/JSON it's not in binary form. Any non-commercial license will not be able to be included in source or binary form.
But the restriction got further than just including it, it can't be a dependency as it places conditions above what the Apache license allows.
The options we have are:
From my history with ASF legal around issues like this, the exception is unlikely to be granted, so we're likely to be back to trying to replace or remove it.
Looking into the licensing and it's history, it seems at one point the code it was copied from was CC non-commercial and had other restrictions (i.e. not creating a similar product) which may further complicate things.
Hi Justin, the node modules only for dev mode, we only need to focus on production mode right? And not all the dependency will build into our distribution output. The packages will be tree-shaking which not referenced.
This is new sample domo of next-app, and build the dome, we can get the output file
Then install the antd
dependency but not import it, build directly, we can see the size of output file not change
And then we import the antd
in our code, and build again, we can see the size of output file is bigger
And I found the build task file of next, It shows that the caniuse-lite data has been excluded from the bundle file. So it does not include caniuse-lite if we does not import it directly. https://github.com/vercel/next.js/blob/canary/packages/next/taskfile.js
I did check all production dependencies, not dev ones, and caniuse-lite is a production dependency. It might be possible that it gets removed, as you say. It's hard to tell, but the last time when I looked, there was some browser sniffing code that ended up being the final code, which looked like it may have been from caniuseit. But either way, to satisfy the ASF licensing policy, we can't have a dependency on it or include it. Excluding it and having the user install it is only possible if it is truly optional, i.e. only a small number of users would install it, and the web UI works without it.
Note that the output from npm list
above only included the top level dependencies you need to use npm list --depth 3
to see caniuse-lite. Or more correctly npm list --depth 3 --omit=dev
. yarn list -production
also shows caniuse-lite is in production.
Only the functionality of top level dependencies which referenced in the web will be build into output files. Not the all source code of top level dependencies, nor the depth 3 dependencies. That's what tree-shaking work for.
And we can exclude some code by setting like the build task file
And not recommended yarn which adopting a flat node_modules structure. That's cause ghost dependency problems. That's why you might see the caniuse-lite on the top level.
We recommend using pnpm for our project. We can add the packageManager
property set to pnpm
in pagekage.json. Then it will give you an error when you install with yarn.
Dependencies of dependencies matter with ASF policy. Excluding a dependency from a release artifact doesn't solve the issue. What package manager is used is irrelevant as long as the dependency exists. There is an issue that needs to be resolved, how do you suggest we resolve this?
My point is that only the top level dependencies can to be referenced on our source code, and caniuse's source code is excluded from dependencies of dependencies(nextjs). Not recommending yarn package manager is an explanation for why you can see caniuse in the top level of the dependency structure of the yarn list.
Do you have a suggestion on how to resolve this in line with ASF release and licensing policies?
Can we list some apache project that are in the same situations as ours, and claim it is just a list of browser features and as such copyright doesn't apply: https://github.com/apache/flink/blob/master/flink-runtime-web/web-dashboard/package-lock.json https://github.com/apache/superset/blob/master/superset-frontend/package-lock.json
Those projects may or may not be in the same position as us, I would need to look into the details, either way it's unlikely to help us. I think the best course of action is to get accepted into the Incubator and then discuss this on ASF's legal list.
What would you like to be improved?
caniuse-lite
is included as a nested dependency in bothnext
andautoprefixer
. Its appearance three times inyarn.lock
is due to the lock file recording the versions for each dependency. If other dependencies require different versions, it will be reflected accordingly.License: ├─ CC-BY-4.0 │ └─ caniuse-lite@1.0.30001566 │ ├─ URL: https://github.com/browserslist/caniuse-lite.git │ ├─ VendorName: Ben Briggs │ └─ VendorUrl: http://beneb.info
next@14.0.3: version "14.0.3" resolved "https://registry.yarnpkg.com/next/-/next-14.0.3.tgz#8d801a08eaefe5974203d71092fccc463103a03f" integrity sha512-AbYdRNfImBr3XGtvnwOxq8ekVCwbFTv/UJoLwmaX89nk9i051AEY4/HAWzU0YpaTDw8IofUpmuIlvzWF13jxIw== dependencies: "@next/env" "14.0.3" "@swc/helpers" "0.5.2" busboy "1.6.0" caniuse-lite "^1.0.30001406" postcss "8.4.31" styled-jsx "5.1.1" watchpack "2.4.0" optionalDependencies: "@next/swc-darwin-arm64" "14.0.3" "@next/swc-darwin-x64" "14.0.3" "@next/swc-linux-arm64-gnu" "14.0.3" "@next/swc-linux-arm64-musl" "14.0.3" "@next/swc-linux-x64-gnu" "14.0.3" "@next/swc-linux-x64-musl" "14.0.3" "@next/swc-win32-arm64-msvc" "14.0.3" "@next/swc-win32-ia32-msvc" "14.0.3" "@next/swc-win32-x64-msvc" "14.0.3"
autoprefixer@^10.4.16: version "10.4.16" resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.16.tgz#fad1411024d8670880bdece3970aa72e3572feb8" integrity sha512-7vd3UC6xKp0HLfua5IjZlcXvGAGy7cBAXTg2lyQ/8WpNhd6SiZ8Be+xm3FyBSYJx5GKcpRCzBh7RH4/0dnY+uQ== dependencies: browserslist "^4.21.10" caniuse-lite "^1.0.30001538" fraction.js "^4.3.6" normalize-range "^0.1.2" picocolors "^1.0.0" postcss-value-parser "^4.2.0"
browserslist@^4.21.10: version "4.22.2" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.22.2.tgz#704c4943072bd81ea18997f3bd2180e89c77874b" integrity sha512-0UgcrvQmBDvZHFGdYUehrCNIazki7/lUP3kkoi/r3YB2amZbFM9J43ZRkJTXBUZK4gmx56+Sqk9+Vs9mwZx9+A== dependencies: caniuse-lite "^1.0.30001565" electron-to-chromium "^1.4.601" node-releases "^2.0.14" update-browserslist-db "^1.0.13"
How should we improve?
How should we handle this license issue? If deletion is necessary, it means replacing
next.js
with another frontend framework. However, there is no guarantee that other frameworks won't also have nested dependencies. Theautoprefixer
dependency is utilized by many CSS styling libraries.