marcklingen
commented
9 months ago +1, we screen for licenses of dependencies and store2 popped up due to the potential GPL-3.0 license even though the project seems to be fully MIT
Closed phishalot closed 7 months ago
marcklingen
commented
9 months ago +1, we screen for licenses of dependencies and store2 popped up due to the potential GPL-3.0 license even though the project seems to be fully MIT
marcklingen
commented
9 months ago Just found your answers here:
In a lot of ways, specifying both GPL 3 and MIT seems contradictory, but the intent is to offer this under the "do whatever you want, as long as we're not liable" plan so you can use this in any stack, without legal considerations.
Is there a downside to using only "MIT" with your goal in mind? All other dependencies in our projects have only OSS licenses and I'd assume that including "OR GPL" will trigger copy-left alerts for many others as well.
nbubna
commented
9 months ago These are both OSS licenses, and if the option to use this under GPL 3 triggers an alert, then it's a false positive. You may use this under MIT or GPL. I offer both, choose whichever suits you.
mistercrunch
commented
7 months ago Hello! It's a false positive for us in the Apache Superset community, and probably for everyone using this lib alongside actions/dependency-review-action, and presumable other license checkers. I believe it'll be affecting anyone using a recent react-storybook as well by extension.
My recommendation would be to pick a license and be clear about it. MIT is most permissive, so unclear why anyone would chose GPL3 given the choice.
nbubna
commented
7 months ago Ok. I give.
Howdy,
Since there is no GPL-3 license file (but there is a MIT one) in the repo would it make sense to remove the GPL-3 mention? https://github.com/nbubna/store/blob/b4f4c6f7c7883170c76512d1cc2704f6d01accdc/package.json#L32