Snyk High Severity License Warning (re AGPL-3.0 License)
martin-fogelman opened this issue · 2 comments
Hi,
Snyk recently flagged/disclosed a high severity license issue with this library b/c of standard-error@1.1.0 which is introduced via archetype@0.11.3. Any thoughts or idea of the exposure involved, or if there is any suggested or planned workaround?
It does, however, seem like the standard-error creator intends to carve out linking/use as a library to some extent, though perhaps not in a standardized way...
Thanks in advance for your thoughts — and in general for your work on this project.
My organization and Google forbid use of libraries that have a direct or transient dependency on a library licensed under the AGPL.
Google's Policy and explanation
https://opensource.google/docs/using/agpl-policy/#:~:text=WARNING%3A%20Code%20licensed%20under%20the,NOT%20be%20used%20at%20Google.&text=Using%20AGPL%20software%20requires%20that,be%20licensed%20under%20the%20AGPL.
This project depends on archetype which in turn depends on standard-error. standard-error is licensed under the AGPL.
https://github.com/moll/js-standard-error/blob/master/LICENSE
I have created issues through the dependency tree but hopefully it would be resolved quickly by standard-error adjusting their license.
boosterfuels/archetype#23
Thanks for your feedback. We will remove the dependency on standard error from archetype next week