chore(license): set SPDX license metadata to match Apache-2.0 LICENSE#21
Merged
KooshaPari merged 1 commit intomainfrom Apr 24, 2026
Merged
chore(license): set SPDX license metadata to match Apache-2.0 LICENSE#21KooshaPari merged 1 commit intomainfrom
KooshaPari merged 1 commit intomainfrom
Conversation
… (audit #106) Per worklogs/GOVERNANCE.md LICENSE coverage audit (task #106). BytePort already carries a canonical Apache-2.0 LICENSE at the repo root. This PR is a metadata-only fix: align Cargo.toml and package.json files to declare the SPDX license identifier so crates.io / npm / GitHub licensee detection all agree with the on-disk LICENSE. Changes: - frontend/web/src-tauri/Cargo.toml: license = "" -> "Apache-2.0" - frontend/web/package.json: add "license": "Apache-2.0" - .github/frontend/package.json: add "license": "Apache-2.0" No LICENSE file changes; repo already has canonical Apache-2.0 text. Sister PRs: PhenoKits#14, PhenoPlugins#3, PhenoMCP#5, DataKit#4 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
the
size:XS
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (3 files)
Reviewed by step-3.5-flash · 86,751 tokens |
|
CodeAnt AI finished reviewing your PR. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds the Apache-2.0 license to configuration files across the frontend and Tauri components. A review comment highlights a potential conflict in .github/frontend/package.json, where the private property remains set to true, which may prevent the package from being published as intended.
| "name": "frontend", | ||
| "version": "0.0.1", | ||
| "private": true, | ||
| "license": "Apache-2.0", |
There was a problem hiding this comment.
This package is marked as "private": true (on line 4), which prevents it from being published to npm. While adding a license is good for metadata, it appears to conflict with the private setting and the PR's stated goal of unblocking publishing. If this package is intended for publication, consider removing "private": true. If it is intended to be private, this change is fine for consistency, but please be aware that it will not enable publishing.
KooshaPari
pushed a commit
that referenced
this pull request
Apr 24, 2026
Supersedes 0.31.0 bump. 0.35.0 is the first patched version covering both the critical GHSA-v778-237x-gjrc and the high-severity GHSA-hcg3-q754-cr77 advisories across all 4 go.mod manifests: - backend/byteport/go.mod - backend/nvms/go.mod - backend/nvms/Demonstrator/go.mod - backend/nvms/Provisioner/go.mod Resolves Dependabot alerts: CRIT: #16, #20, #22, #24 (GHSA-v778-237x-gjrc) HIGH: #18, #21, #23, #25 (GHSA-hcg3-q754-cr77) Verified via go build ./... in each module. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
KooshaPari
added a commit
that referenced
this pull request
Apr 24, 2026
…fixes) (#19) * chore(deps): bump golang.org/x/crypto to 0.31.0 (4 CRIT CVE fixes) Fixes 4 CRITICAL Dependabot alerts (< 0.31.0) across the 4 backend Go modules. Transitively upgrades golang.org/x/sys to 0.28.0 and golang.org/x/text to 0.21.0 via go mod tidy. Modules updated: - backend/byteport: v0.29.0 -> v0.31.0 (direct) - backend/nvms: v0.28.0 -> v0.31.0 (indirect) - backend/nvms/Demonstrator: v0.28.0 -> v0.31.0 (indirect) - backend/nvms/Provisioner: v0.28.0 -> v0.31.0 (indirect) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(deps): bump golang.org/x/crypto to 0.35.0 (4 CRIT + 4 HIGH CVEs) Supersedes 0.31.0 bump. 0.35.0 is the first patched version covering both the critical GHSA-v778-237x-gjrc and the high-severity GHSA-hcg3-q754-cr77 advisories across all 4 go.mod manifests: - backend/byteport/go.mod - backend/nvms/go.mod - backend/nvms/Demonstrator/go.mod - backend/nvms/Provisioner/go.mod Resolves Dependabot alerts: CRIT: #16, #20, #22, #24 (GHSA-v778-237x-gjrc) HIGH: #18, #21, #23, #25 (GHSA-hcg3-q754-cr77) Verified via go build ./... in each module. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Forge <forge@phenotype.dev> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Summary
Per worklogs/GOVERNANCE.md LICENSE coverage audit (task #106).
BytePort already carries a canonical Apache-2.0
LICENSEat the repo root, so no LICENSE file changes are needed here. This PR is a metadata-only fix: alignCargo.tomlandpackage.jsonfiles to declare the SPDX license identifier so crates.io / npm / GitHub licensee detection all agree with the on-disk LICENSE.Changes
frontend/web/src-tauri/Cargo.toml:license = ""→"Apache-2.0"frontend/web/package.json: add"license": "Apache-2.0".github/frontend/package.json: add"license": "Apache-2.0"Why
LICENSEtextSister PRs: PhenoKits#14, PhenoPlugins#3, PhenoMCP#5, DataKit#4, Tracera#341.
Test plan
cargo metadatainfrontend/web/src-taurireportslicense: "Apache-2.0"npm view/ package managers see the new license fieldNote
Low Risk
Low risk metadata-only change that only affects package manifest fields for publishing/license detection.
Overview
Sets SPDX license metadata to
Apache-2.0in.github/frontend/package.jsonandfrontend/web/package.json, and replaces the emptylicensefield infrontend/web/src-tauri/Cargo.tomlwithApache-2.0so npm/crates tooling and GitHub license detection align with the repoLICENSE.Reviewed by Cursor Bugbot for commit 8aff456. Bugbot is set up for automated code reviews on this repo. Configure here.
CodeAnt-AI Description
Add Apache-2.0 license metadata to frontend packages
What Changed
Impact
✅ Clearer license display on package pages✅ Fewer publishing issues for frontend and Rust packages✅ Consistent license detection across registries and GitHub🔄 Retrigger CodeAnt AI Review
Details
💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.