Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

potential copyright issue from transitive dependency "wordwrap" #11536

Closed
beiwei30 opened this issue Mar 21, 2019 · 17 comments · May be fixed by rsumner868/librealsense2.1#1, rsumner868/librealsense#4, O330oei/node#4 or O330oei/node#11

Comments

@beiwei30
Copy link

@beiwei30 beiwei30 commented Mar 21, 2019

wordwrap publishes its test directory in which a text file 'idleness.txt' is included. This may introduce potential copyright issue.

see more from substack/node-wordwrap#21

@aladdin-add
Copy link
Member

@aladdin-add aladdin-add commented Mar 22, 2019

hi, thanks for creating the issue!
is wordwrap eslint's dependency(I'm not seeing it in package.json)?

@beiwei30
Copy link
Author

@beiwei30 beiwei30 commented Mar 22, 2019

here's the dependency tree:

├─┬ eslint@3.19.0
│ └─┬ optionator@0.8.2
│   └── wordwrap@1.0.0
@nzakas nzakas added the blocked label Mar 26, 2019
@nzakas
Copy link
Member

@nzakas nzakas commented Mar 27, 2019

I’ve contacted the Open JS Foundation to get some insights into whether or not there is a copyright issue here. Thanks for the report, I will update when I hear back.

@nzakas
Copy link
Member

@nzakas nzakas commented Mar 28, 2019

Given that this has been an issue for four years, there's probably not a huge urgency here. However, we should work with Optionator to see if it would be possible to switch to another dependency.

Related issue: gkz/optionator#31

@ilyavolodin
Copy link
Member

@ilyavolodin ilyavolodin commented Mar 29, 2019

Unfortunately, it seems like optionator is dead at this point. I filed an issue with them a few month back, and never seen any response to it.

@kaicataldo
Copy link
Member

@kaicataldo kaicataldo commented May 29, 2019

Do we want to be looking for alternatives to optionator?

@ilyavolodin
Copy link
Member

@ilyavolodin ilyavolodin commented May 31, 2019

I looked at some of the available packages that deal in the same space, but most of them are very free formed. As in, they will parse whatever is given to them, not enforce specific constrains in terms of type and number of value.

@gkz
Copy link
Contributor

@gkz gkz commented Aug 15, 2019

I can look into fixing this guys, for optionator

@gkz
Copy link
Contributor

@gkz gkz commented Aug 15, 2019

Feel free to email me at the email in my profile if you have such issues in the future

@kaicataldo
Copy link
Member

@kaicataldo kaicataldo commented Aug 15, 2019

@gkz Thank you!

@gkz
Copy link
Contributor

@gkz gkz commented Aug 15, 2019

Do you guys have a suggestion for an alternative to using wordwrap? It seems unlikely to be updated

@kaicataldo
Copy link
Member

@kaicataldo kaicataldo commented Aug 16, 2019

I'm seeing a number of packages that look similar to wordwrap on npm, though I don't have experience with any of them. Since the project is MIT licensed, another option could potentially be to copy the code (since it's a pretty small module) and its tests into optionator and, if the author of wordwrap ever updates it, switch back.

@kaicataldo
Copy link
Member

@kaicataldo kaicataldo commented Sep 29, 2019

Friendly ping - is this still an issue?

@nzakas
Copy link
Member

@nzakas nzakas commented Oct 22, 2019

@gkz have you been able to replace wordwrap in optionator?

@gkz
Copy link
Contributor

@gkz gkz commented Nov 6, 2019

I've updated the dependency to word-wrap instead of wordwrap. Let me look into upgrading other dependencies and then I'll release a new version.

gkz/optionator@bf4b1da

@gkz
Copy link
Contributor

@gkz gkz commented Nov 6, 2019

I published Optionator 0.8.3 with this change, let me know if there are any issues.

@kaicataldo
Copy link
Member

@kaicataldo kaicataldo commented Nov 6, 2019

Thanks for the update!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.