Graphql-playground: LICENSE file pointed at in package.json is not included in released packages

Created on 7 Feb 2019  路  1Comment  路  Source: graphql/graphql-playground

The package.json files of the packages in this project have a "license" field that says "SEE LICENSE IN LICENSE".

License automation, which is necessary and important in certain contexts, reads this "license" field to do it's magic and usually expects a valid spdx license identifier string. "SEE LICENSE IN LICENSE" is a special case, which results in reading the LICENSE file for license information. This file does not exist as part of the files released to npm - which means that effectively, your packages released to npm do not carry _any_ licensing information.

Which is bad and might lead to companies not being able to use them due to licensing policy.

Please either

  • include the LICENSE file from repository in every release of every package (not great, but still better than the status quo)
  • change the "license" field to the appropriate spdx license identifier (better)
  • change the "license" field to the appropriate spdx license identifier _and_ include the LICENSE file with license text and copyright information (this is what i would suggest)

For more information, see the readme of webpack-license-plugin. Should anything be unclear, please ask!

picture codepunkt
👍2

Most helpful comment

+1

This broke my team's gatsby project via automation around infosec/licensing.

picture mmmeff on 8 Feb 2019
👍3

>All comments

+1

This broke my team's gatsby project via automation around infosec/licensing.

mmmeff picture mmmeff on 8 Feb 2019
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nuttikung picture nuttikung  路  4Comments
davidrf picture davidrf  路  4Comments
kbrandwijk picture kbrandwijk  路  3Comments
stevecaldwell77 picture stevecaldwell77  路  3Comments
phuongthuan picture phuongthuan  路  3Comments