Package distributions are not licensed
Created by: honzajavorek
Hi @gaearon et al create-react-app monorepo is licensed under MIT, and that's great. But according to MIT, the license text needs to be attached everywhere:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The npm packages as they're published and distributed, do not comply with this as they do not contain the license files. Effectively, without the full license text they're proprietary code and cannot be used by anyone who cares about licenses. The SPDX identifier in the package.json is not satisfactory (not only) for the reasons mentioned above. There are two solutions to this:
- Upgrade to Lerna@3, as it has the licensing built-in now
- Copy & paste the root license to all projects in the
packagesdirectory, so it gets picked up by npm during publishing, and to re-publish all of them with a new patch version.
For more information, see https://github.com/lerna/lerna/pull/1465#issuecomment-405184876, https://github.com/babel/babel/pull/7308#issuecomment-367615152, https://github.com/babel/babel/pull/8409#issuecomment-415379558.
A similar issue: https://github.com/facebook/regenerator/issues/354