Closed phishalot closed 7 months ago
+1, we screen for licenses of dependencies and store2
popped up due to the potential GPL-3.0 license even though the project seems to be fully MIT
Just found your answers here:
In a lot of ways, specifying both GPL 3 and MIT seems contradictory, but the intent is to offer this under the "do whatever you want, as long as we're not liable" plan so you can use this in any stack, without legal considerations.
Is there a downside to using only "MIT" with your goal in mind? All other dependencies in our projects have only OSS licenses and I'd assume that including "OR GPL" will trigger copy-left alerts for many others as well.
These are both OSS licenses, and if the option to use this under GPL 3 triggers an alert, then it's a false positive. You may use this under MIT or GPL. I offer both, choose whichever suits you.
Hello! It's a false positive for us in the Apache Superset community, and probably for everyone using this lib alongside actions/dependency-review-action
, and presumable other license checkers. I believe it'll be affecting anyone using a recent react-storybook
as well by extension.
My recommendation would be to pick a license and be clear about it. MIT is most permissive, so unclear why anyone would chose GPL3 given the choice.
Ok. I give.
Howdy,
Since there is no GPL-3 license file (but there is a MIT one) in the repo would it make sense to remove the GPL-3 mention? https://github.com/nbubna/store/blob/b4f4c6f7c7883170c76512d1cc2704f6d01accdc/package.json#L32