search

nette / schema

📐 Validating data structures against a given Schema.
https://doc.nette.org/schema
Other
905 stars 26 forks source link

False-positive security bug because of non-standard LICENSE.md file #43

Closed mwkcoding closed 3 years ago

mwkcoding commented 3 years ago

Version: 1.2.1

Bug Description

Since you're not using a standard LICENSE.md format it makes things like Enlightn fail and say my project is using packages that I'm not legally allowed to use. Fix your license.

Steps To Reproduce

  1. laravel new app --jet (With --jet since it's Laravel Jetstream requiring this package in my case)
  2. composer require enlightn/enlightn
  3. php artisan englightn Enlightn will fail saying your package is illegal to use.

Expected Behavior

Use of a standard LICENSE.md format that doesn't make security checks fail.

Possible Solution

Use a standard LICENSE.md format...

mabar commented 3 years ago

Does enlightn have any documentation on how it detects standard licenses?

All the licenses of this package are already in machine readable format in composer.json

Or does it support standard SPDX lincense identifiers? SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0-only or GPL-3.0-only https://spdx.dev/ids/

mwkcoding commented 3 years ago

After further investigation, and deep-diving into the LicenseAnalyzer in Enlightn, it just grabs the array of licenses in the composer.json and it seems to just expect the package has one.

So this might be a problem with Enlightn not supporting multiple license choices.