Unclear license status
GB-Chris opened this issue · 2 comments
I downloaded release 2.4.0 and plan to use bcrypt.min.js
. According to the comment inside the file, it's licensed under Apache-2.0:
(function(){/*
bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
Released under the Apache License, Version 2.0
see: https://github.com/dcodeIO/bcrypt.js for details
*/
[...]
The build.js
mentioned in the comment, first includes a header with an MIT license notice followed by a comment naming Apache-2.0:
/*
Copyright (c) 2012 Nevins Bartolomeo <nevins.bartolomeo@gmail.com>
Copyright (c) 2012 Shane Girish <shaneGirish@gmail.com>
Copyright (c) 2014 Daniel Wirtz <dcode@dcode.io>
Redistribution and use in source and binary forms, with or without
[...]
*/
/**
* @license bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
* Released under the Apache License, Version 2.0
* see: https://github.com/dcodeIO/bcrypt.js for details
*/
(function(global, factory) {
[...]
Then there is the LICENSE
file, which contains the same MIT license notice as build.js
Which license applies to bcrypt.min.js
? Apache-2.0? MIT? Either (giving me the choice)? Both?
Bonus question: there is also dist/bcrypt.min.js
in the repository which is a different file than bcrypt.min.js
found in release 2.4.0. But it includes the same Apache-2.0 comment. Which file is up-to-date?
Thank you!
Chris
New-BSD / MIT license should be correct. Looks like the Apache-2.0 comment accidentally sneaked in when adding the wrapper code.
That was fast, thanks!
And to answer my own bonus question:
Bonus question: there is also dist/bcrypt.min.js in the repository which is a different file than bcrypt.min.js found in release 2.4.0. But it includes the same Apache-2.0 comment. Which file is up-to-date?
The file in the dist folder is the current work-in-progress build (~2.4.3 according to the commits). Unfortunately, no releases after 2.4.0 were made available on Github (only npm).