On Fri, Jul 14, 2017 at 13:57:30 +0200, Jelle Licht wrote: > Regardless, the biggest issue that remains is still that npm-land is mired > in cyclical dependencies and a fun-but-not-actually unique dependency > resolving scheme.
I still think the largest issue is trying to determine if a given package and its entire [cyclic cluster] subgraph is Free. That's a lot of manual verification to be had (to verify any automated checks). npm's package.json does include a `license' field, but that is metadata with no legal significance, and afaik _defaults_ to "MIT" (implying Expat), even if there's actually no license information in the repository. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature