Open AshishUpadhyayCivica opened 1 year ago
Excuse my ignorance but isnt BSD-3-Clause compatible with MIT ?
Excuse my ignorance but isnt BSD-3-Clause compatible with MIT ?
BSD-3 - GPL v2 are associated with node-forge, and there are difference between these two licenses. I am using a scanning tool which detects the BSD-3 license as potential risk.
The above images gives a glimpse of the error I am facing. I would welcome if you have any solution or workaround for this problem.
I can see the problem here is that it found GPL-2.0 which is true... but the project is dual licensed and users can use under what licenses they think its apropiate. The tool is not reporting you a problem with BSD-3-clause.
https://github.com/digitalbazaar/forge#contributing
This license allows Forge to be used under the terms of either the BSD License or the GNU General Public License (GPL) Version 2.
Any possibility that we could instead use web crypto instead of node-forge?
I am facing a problem of licensing((BSD-3-Clause OR GPL-2.0)) when I am using @nrwl/angular. The issue is regarding one of the package that is installed as part of dependency. Consider below So I am installing @nrwl/angular and all of its dependent packages are installed under MIT license except node-forge. My security scan detects this as problem as we don't want to use BSD-3-Clause license.
I expect the node-forge should be removed as part of dependency of @nrwl/angular as this is creating lot of problems of licensing whilst using @nrwl/angular.