chore(license): align all license declarations with Apache-2.0 LICENSE#7
Merged
Merged
Conversation
The repository's LICENSE file is Apache 2.0, but several places still
declared the project as MIT-licensed. This was a documentation/metadata
bug — the legal source of truth (LICENSE) was unchanged.
Updated to match LICENSE:
- package.json: "license": "MIT" -> "Apache-2.0"
- sdk/js/package.json: "license": "MIT" -> "Apache-2.0"
- sdk/python/pyproject.toml:
license = {text = "MIT"} -> {text = "Apache-2.0"}
classifier "License :: OSI Approved :: MIT License" ->
"License :: OSI Approved :: Apache Software License"
- CONTRIBUTING.md (x2): "MIT-licensed" / "[MIT](LICENSE)" -> Apache 2.0
- sdk/js/README.md: License section "MIT" -> "Apache 2.0"
- sdk/python/README.md: License section "MIT" -> "Apache 2.0"
Vendored third-party code under images/evm/contracts/lib/forge-std/ is
genuinely MIT-licensed by its upstream authors and is intentionally
left alone.
No code changes. No LICENSE file changes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
License consistency pass. The repository's
LICENSEfile is Apache 2.0, but several package manifests and docs still declared the project as MIT-licensed. This PR aligns every license declaration with the actualLICENSEfile.No legal change.
LICENSEwas already Apache 2.0 and is unmodified by this PR. The MIT references were a documentation/metadata bug.Why
Audit found six places out of sync with the canonical
LICENSEfile:package.json(root npm bootstrapper)"license": "MIT""license": "Apache-2.0"sdk/js/package.json"license": "MIT""license": "Apache-2.0"sdk/python/pyproject.tomllicense = {text = "MIT"}+ MIT classifierApache-2.0+ Apache classifierCONTRIBUTING.md:3CONTRIBUTING.md:363sdk/js/README.mdLicense sectionsdk/python/README.mdLicense sectionThis matters more than typical doc drift because:
pyproject.tomldrives the PyPI metadata. Astacyvmpackage published with the wronglicensefield and OSI classifier misrepresents the legal terms to downstream installers.package.jsondrives the npm registry metadata for both the root bootstrapper (stacyvm-setup) and the JS SDK. Same misrepresentation risk.CONTRIBUTING.md:363told contributors their PRs were licensed under MIT, while the actual project license is Apache 2.0. Anyone who relied on that statement could plausibly claim they intended a different licensing posture.What this PR does NOT do
LICENSE. It was already Apache 2.0.forge-stdlibrary underimages/evm/contracts/lib/forge-std/. That code is genuinely MIT-licensed by its upstream authors (Foundry team) and is correctly marked as such. Changing it would be misrepresentation of third-party code.RATE_LIMIT,RESOURCE_LIMIT, SQLLIMIT, orHISTORY_LIMIT— those are not license-related.Diff size
6 files, +8 / -8 lines. Mechanical text/JSON/TOML edits, no logic changes.
Verification
After this PR, the only files in the tree containing the literal string
MITin a license context are underimages/evm/contracts/lib/forge-std/(vendored, correct).Review focus
MITmetadata that should be re-published with the corrected metadata? If a 0.x release went out withMITin the manifest, the next release should bump version and re-publish so consumers see the correction.