Aws-cdk: Missing license in child dependency cli-color

Created on 15 Oct 2019  路  5Comments  路  Source: aws/aws-cdk

json-diff uses an old version of cli-color that does not have a license. According to cli-color's npm and github pages, it uses the ISC License, BUT unfortunately that is just for v1.3.0 and later.

An MIT License was added to v0.2.2 in this commit https://github.com/medikoo/cli-color/commit/d28882bed9d9dc4833a719bad404e5f3682385be

json-diff is using the unlicensed version of the cli-color package v0.1.7

_Why do I care?_

I want to use this module! but I am not allowed to use this module without it being appropriately licensed. Since this is a dependency I am blocked from installing aws-cdk module with "json-diff": "^0.5.4" because it cannot be completed without also installing the dependency json-diff module with "cli-color": "~0.1.6" which has a dependency on [email protected] which DOES NOT have a license.

_How to solve?_

  1. Remove json-diff
  2. Update json-diff to use newer cli-color (at least to v0.2.2 where MIT license was added) which has a license. (Seems unlikely since it seems to be inactive) -- json-diff issue
  3. Fork json-diff and make the update yourself.
  4. replace json-diff with one of these (only a quick google search for alternatives):
closed-for-staleness efforsmall feature-request managemenrepo p2 packagtools response-requested
Source
picture kbradl16

Most helpful comment

rfc6902 also looks like a good candidate (maintained, typed, well covered).

picture nmussy on 16 Oct 2019
👍2

All 5 comments

Hi @kbradl16,

It appears you are correct. In my previous search, I only looked at the first commits and latest of each repo, and so I missed the gap in licensing.
I apologize for the confusion.

This is something we can look into fixing, but it may take some time because we do depend on json-diff pretty heavily for the spec-diff tool. I will update this issue after we have a chance to discuss this further.

NGL321 picture NGL321 on 15 Oct 2019
👍1

rfc6902 also looks like a good candidate (maintained, typed, well covered).

nmussy picture nmussy on 16 Oct 2019
👍2

Any updates here? Did the aws-cdk move to @aws-cdk/core? If so I think this can close

kbradl16 picture kbradl16 on 13 Mar 2020

Hey @kbradl16,

Sorry this has gone so long without addressing.

Any updates here? Did the aws-cdk move to @aws-cdk/core? If so I think this can close

@aws-cdk/core is the main cdk package now, but from what I can tell, jsii-color is still a dependency. If this meets the criteria you need (tbh licensing is not my forte), go ahead and close this, but if you still need the change I will bring this up to the dev team again.

NGL321 picture NGL321 on 7 Sep 2020

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] picture github-actions[bot] on 15 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kawamoto picture kawamoto  路  3Comments
EduardTheThird picture EduardTheThird  路  3Comments
artyom-melnikov picture artyom-melnikov  路  3Comments
ababra picture ababra  路  3Comments
peterdeme picture peterdeme  路  3Comments