New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace css-select? #8
Comments
Agreed, this is important. I'm looking for a replacement now. |
This turned out to be more surgical than I anticipated. It'll take more than the time I have on my hand. Now, since the mentioned packages are quite stable, the only reason we have for replacing them is the licensing issue. Thankfully, the author has selected an open-source license for each repo. It's only the published npm content that doesn't have a license clause. So, one way to move forward would be to just fork all of these packages and re-publish them while preserving their original repository license. What do you think @honzajavorek? |
@AriaMinaei yes that is certainly a viable solution. We did our research yesterday too and I can confirm all the repos contains valid licenses. Although author decided to remove "Software" word from the license files and replaced it with "this". But that is for lawyers to decide if this is still valid license. If we just republish all these packages with patch version update it could fix the licensing issues. I don't think we will be able to get access to authors original npm registry so either we will fix all package.json files to point to our new npm packages or we can use There is still long term problem, that we're using 6 years old code that is not maintained anymore. (but I can live with that for now). |
Partially fixes AriaMinaei#8
Partially fixes AriaMinaei#8
Partially fixes AriaMinaei#8
Better later then never ;] |
We're doing legal and security audits of our dependencies and so far one of the most problematic parts is the
css-select
project and its dependencies. See following issues:In many cases, there is no response from @fb55 for a long time and the issues are quite important as technically, legally, nobody should be really using packages distributed without explicit license. A code without license is to be considered proprietary by default and using such code could be easily classified as theft. This makes it problematic to use
RenderKid
in any company or by any individual who actually cares about licensing.Moreover, the
css-select
project seems to be more or less abandoned. It seems to me @fb55's dependencies and thecss-select
project act as a single point of failure in your project. Even if you don't care about licensing, it's apparently naive to expect the dependencies will ever get updated, bugs fixed, etc.The text was updated successfully, but these errors were encountered: