False-positive security bug because of non-standard LICENSE.md file

Question

False-positive security bug because of non-standard LICENSE.md file

Closed this issue 3 years ago · 2 comments

Version: 1.2.1

Bug Description

Since you're not using a standard LICENSE.md format it makes things like Enlightn fail and say my project is using packages that I'm not legally allowed to use. Fix your license.

Steps To Reproduce

laravel new app --jet (With --jet since it's Laravel Jetstream requiring this package in my case)
composer require enlightn/enlightn
php artisan englightn Enlightn will fail saying your package is illegal to use.

Expected Behavior

Use of a standard LICENSE.md format that doesn't make security checks fail.

Possible Solution

Use a standard LICENSE.md format...

Answer 1 · 2021-08-02T13:31:45.000Z

Does enlightn have any documentation on how it detects standard licenses?

All the licenses of this package are already in machine readable format in composer.json

Or does it support standard SPDX lincense identifiers?
SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0-only or GPL-3.0-only
https://spdx.dev/ids/

Answer 2 · 2021-08-02T13:50:20.000Z

After further investigation, and deep-diving into the LicenseAnalyzer in Enlightn, it just grabs the array of licenses in the composer.json and it seems to just expect the package has one.

So this might be a problem with Enlightn not supporting multiple license choices.