virtual-list icon indicating copy to clipboard operation
virtual-list copied to clipboard

Published 20 hours ago • verified publisher icon react-component

Please provide license file

Open obo-spi opened this issue 4 years ago • 3 comments

obo-spi avatar Nov 27 '20 11:11 obo-spi

it would be great!

bard83 avatar Feb 24 '21 16:02 bard83

license mentioned here: https://github.com/react-component/virtual-list/blob/a107a64c8cda4aee69aa3447ad8e77f5bd4085de/package.json#L28

bard83 avatar Feb 25 '21 13:02 bard83

Hi,

despite the fact that the license is listed in the package.json and also on the NPM repository it is always good practice to provide a dedicated LICENSE file. This is also very important for people like us that use a third-party tool (license-verifier) to automatically prevent license infringements and a costly litigation due to the use of third-party libraries with the wrong license. Almost all available license-checkers first look inside the License file and then inside the README file in order to find the license. These tools usually don't regard a mere package.json entry as sufficient enough and thus require an intervention on our side on each update to explicitly white-list said libraries.

Please just consider adding a LICENSE file to the top-level directory. You'll find the template here and only need to update the year and the name of the author or organization: https://opensource.org/licenses/MIT

Also something in the README confuses the license-verifier and this happens (out of hundreds of dependencies) only for two packages. virtual-list and and-design:

license_verifier.verifier_main - ERROR - For the Dependency [email protected] another file was found instead of a license file which contains the licenses: ../projects/tools/dashboard/react-frontend/node_modules/rc-virtual-list/README.md!
license_verifier.verifier_main - ERROR - For the Dependency @ant-design/[email protected] another file was found instead of a license file which contains the licenses: ../projects/tools/support/icon-converter/node_modules/@ant-design/icons-svg/ReadMe.md!
license_verifier.verifier_main - ERROR - 2 errors occurred while checking the licenses

Thanks in advance

momesana avatar Dec 23 '21 12:12 momesana

Hi. Is there any chance to get the license text? It would be great if the license was also in the npm package, so the license collecting tool can get the license text and put it into the Software Bill of Materials file/page of the product that uses this npm package. Having license file is very important, especially in big products that use hundreds of third party components.

Thanks in advance.

rc1cent avatar Jan 03 '24 12:01 rc1cent