Open Closed

Confusing license issue about @transloadit/prettier-bytes(v0.0.7) package which is depended by @volo/account #5142


User avatar
0
uyarbtrlp created
  • ABP Framework version: v5.3.3
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC): yes

Hello all,

We've been trying to make our OSS clearing. Our OSS clearing team have found @transloadit/prettier-bytes package which has a confusing license issue and said that it could be risky to use it for customers since it has AGPL license. When I look into the package-lock.json file of xx.IdentityServer project, I can see that it comes from @volo/account not directly but it's subcomponents.

When I examine the source code of the package, I see that the main source code has AGPL-v3 license. But when I go the packages folder and find the prettier-bytes folder, it is written as MIT license. https://github.com/transloadit/monolib/tree/%40transloadit/prettier-bytes%400.0.7. Also, when I search it on npm, I can confirm that it has MIT license for this version. Our team thinks that AGPL license overwrites MIT since the main source code has AGPL license. I know it is a strange case but I want to know your opinion or approach. We don't want to open our repository to public, of course. Is it safe to use it for end customers? What do you think about this issue?


1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Im not sure. I suggest you create an issue to confirm this.

    https://github.com/transloadit/monolib

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38