jfromaniello
commented
1 year ago Excuse my ignorance but isnt BSD-3-Clause compatible with MIT ?
Open AshishUpadhyayCivica opened 1 year ago
jfromaniello
commented
1 year ago Excuse my ignorance but isnt BSD-3-Clause compatible with MIT ?
AshishUpadhyayCivica
commented
1 year ago Excuse my ignorance but isnt BSD-3-Clause compatible with MIT ?
BSD-3 - GPL v2 are associated with node-forge, and there are difference between these two licenses. I am using a scanning tool which detects the BSD-3 license as potential risk.
The above images gives a glimpse of the error I am facing. I would welcome if you have any solution or workaround for this problem.
jfromaniello
commented
1 year ago I can see the problem here is that it found GPL-2.0 which is true... but the project is dual licensed and users can use under what licenses they think its apropiate. The tool is not reporting you a problem with BSD-3-clause.
https://github.com/digitalbazaar/forge#contributing
This license allows Forge to be used under the terms of either the BSD License or the GNU General Public License (GPL) Version 2.
jimmywarting
commented
1 year ago Any possibility that we could instead use web crypto instead of node-forge?
I am facing a problem of licensing((BSD-3-Clause OR GPL-2.0)) when I am using @nrwl/angular. The issue is regarding one of the package that is installed as part of dependency. Consider below
So I am installing @nrwl/angular and all of its dependent packages are installed under MIT license except node-forge.
My security scan detects this as problem as we don't want to use BSD-3-Clause license.
I expect the node-forge should be removed as part of dependency of @nrwl/angular as this is creating lot of problems of licensing whilst using @nrwl/angular.