Incorrect detection and confusing licenses in https://raw.githubusercontent.com/Stuk/jszip/ #4112
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
We are not detecting licenses exactly right in https://github.com/Stuk/jszip
The text further contains a full MIT and a truncated GPL 3 text, where the tail text after
END OF TERMS AND CONDITIONShas been removed."license": "MIT or GPLv3",. And here also the GPL mention does not state other later versions, just plain v3."license": "MIT or GPLv3",. And here also the GPL mention does not state other later versions, just plain v3.https://github.com/Stuk/jszip/blob/2ceb998e29d4171b4f3f2ecab1a2195c696543c0/package.json#L66 has a SPDX license expression as
"license": "(MIT OR GPL-3.0-or-later)"with a choice of later GPLhttps://github.com/Stuk/jszip/blob/2ceb998e29d4171b4f3f2ecab1a2195c696543c0/dist/jszip.js#L7 and https://github.com/Stuk/jszip/blob/2ceb998e29d4171b4f3f2ecab1a2195c696543c0/dist/jszip.min.js have another notice:
Here again no other GPL version. The upstream copyright notice has not been carried forward,
A ScanCode.io scan of the code from https://github.com/Stuk/jszip/archive/2ceb998e29d4171b4f3f2ecab1a2195c696543c0.zip attached shows that there is also code under the zlib license likely from https://github.com/nodeca/pako/ (and many other licenses but for the PKzip spec, as well as several test files, examples and documentation, but not core code, therefore I ignore these for now)
The text was updated successfully, but these errors were encountered: