|
|
|
|
|
|
by nawitus
4294 days ago
|
|
|
>Always remember to check the licenses of transitive dependencies. There are packages which say they are licensed under MIT, yet they depend on an (A)GPL package! That might or might not to be an issue for you. I recommend using a tool like license-checker to create a list of all the licenses. It also shows the unknown ones, so you can start digging for the licenses. Like the article states, there's a large number of npm packages without licenses. I've usually made pull requests whenever I stumble upon a package with missing package.json license information, and I hope the situation is slowly improving. |
|
|