License for http://registry.npmjs.com/taffydb/2.6.2

[ariel11]

Hello, The NPM package - http://registry.npmjs.com/taffydb/2.6.2 - does not include any license info, though a more recent package says BSD-2-Clause (http://registry.npmjs.com/taffydb/2.7.3).

Are the NPM packages, including v2.6.2, licensed under BSD-2-Clause? Or, is v2.6.2 under the BSD-1-Clause?

It looks like the source in this repo is licensed under MIT, though the README says BSD-1-Clause. Do both licenses apply to the source or can people choose between them?

Thanks!

[brettz9]

I just noticed this as well through a license review (the license is showing up as "UNKNOWN" by license-checker). The attached license is indeed MIT, so either the file or package.json should be adjusted or both...

If you want to allow either, use "(MIT OR BSD-2-Clause)" and to impose both, use "(MIT AND BSD-2-Clause)".

Even if this repo is no longer very actively maintained, I think this should be updated for all of the dependents relying on it (and checking it). Thanks!

[mmikowski]

Please submit a PR and we can apply.

[brettz9]

@mmikowski : Cool, thank you, but which of these of your licenses do you want to apply as the authority going forward (and if you know, which license was supposed to have been applied previously):

• The BSD 1-Clause mentioned on the README (at https://github.com/typicaljoe/taffydb#software-license-agreement-bsd-license )
• The MIT license included with the package (at https://github.com/typicaljoe/taffydb/blob/master/License )
• The BSD-2-Clause referenced in package.json (at https://github.com/typicaljoe/taffydb/blob/master/package.json#L32 ).

And if it is not just one license that you want applied, do you wish the user to be able to choose between licenses (e.g., "(MIT OR BSD-1-Clause)")--the more lenient option--or is it requiring the user to comply with multiple terms (e.g., "(MIT AND BSD-2-Clause)").

Thanks!

[brettz9]

I shouldn't make things too convoluted as the licenses are already pretty similar to one another, and there probably shouldn't be a need for combining the licenses, though of course whatever you want to do. Do you want a PR to apply BSD-2-Clause then (unless you know you're ok with MIT)?

[bbailleux]

It has been a long time since this issue creation.

taffydb is a dependency of a lot of modules (e.g. JSDoc) and the fact that license-checker reports its license as "Unknown" (therefore interpreted as "not open source") can be a real problem in a professional environment.

As the change from MIT (as in License file) to BSD-1-Clause (as in taffy.js file), or the opposite, would require consent from all developers, could I suggest to apply @brettz9 's proposition: licensing under MIT OR BSD-1-Clause ?

[typicaljoe]

Hey @bbailleux - if you or someone else wants to take a stab at a PR I'm happy to merge it. I'm not familiar enough with how NPM handles licensing. The intent is in line with BSD-2-Clause.