Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

Package distributions are not licensed

Created by: honzajavorek

Hi @gaearon et al 👋 The code of the create-react-app monorepo is licensed under MIT, and that's great. But according to MIT, the license text needs to be attached everywhere:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

The npm packages as they're published and distributed, do not comply with this as they do not contain the license files. Effectively, without the full license text they're proprietary code and cannot be used by anyone who cares about licenses. The SPDX identifier in the package.json is not satisfactory (not only) for the reasons mentioned above. There are two solutions to this:

  1. Upgrade to Lerna@3, as it has the licensing built-in now
  2. Copy & paste the root license to all projects in the packages directory, so it gets picked up by npm during publishing, and to re-publish all of them with a new patch version.

For more information, see https://github.com/lerna/lerna/pull/1465#issuecomment-405184876, https://github.com/babel/babel/pull/7308#issuecomment-367615152, https://github.com/babel/babel/pull/8409#issuecomment-415379558.

A similar issue: https://github.com/facebook/regenerator/issues/354