Unclear license status

[GB-Chris]

I downloaded release 2.4.0 and plan to use bcrypt.min.js. According to the comment inside the file, it's licensed under Apache-2.0:

(function(){/*
 bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
 Released under the Apache License, Version 2.0
 see: https://github.com/dcodeIO/bcrypt.js for details
*/
[...]

The build.js mentioned in the comment, first includes a header with an MIT license notice followed by a comment naming Apache-2.0:

/*
 Copyright (c) 2012 Nevins Bartolomeo <nevins.bartolomeo@gmail.com>
 Copyright (c) 2012 Shane Girish <shaneGirish@gmail.com>
 Copyright (c) 2014 Daniel Wirtz <dcode@dcode.io>

 Redistribution and use in source and binary forms, with or without
[...]
 */

/**
 * @license bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
 * Released under the Apache License, Version 2.0
 * see: https://github.com/dcodeIO/bcrypt.js for details
 */
(function(global, factory) {
[...]

Then there is the LICENSE file, which contains the same MIT license notice as build.js

Which license applies to bcrypt.min.js? Apache-2.0? MIT? Either (giving me the choice)? Both?

Bonus question: there is also dist/bcrypt.min.js in the repository which is a different file than bcrypt.min.js found in release 2.4.0. But it includes the same Apache-2.0 comment. Which file is up-to-date?

Thank you!
Chris

[dcodeIO]

New-BSD / MIT license should be correct. Looks like the Apache-2.0 comment accidentally sneaked in when adding the wrapper code.

[GB-Chris]

That was fast, thanks!

And to answer my own bonus question:

Bonus question: there is also dist/bcrypt.min.js in the repository which is a different file than bcrypt.min.js found in release 2.4.0. But it includes the same Apache-2.0 comment. Which file is up-to-date?

The file in the dist folder is the current work-in-progress build (~2.4.3 according to the commits). Unfortunately, no releases after 2.4.0 were made available on Github (only npm).