Package distributions are not licensed

[honzajavorek]

Hi @gaearon et al 👋 The code of the create-react-app monorepo is licensed under MIT, and that's great. But according to MIT, the license text needs to be attached everywhere:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

The npm packages as they're published and distributed, do not comply with this as they do not contain the license files. Effectively, without the full license text they're proprietary code and cannot be used by anyone who cares about licenses. The SPDX identifier in the package.json is not satisfactory (not only) for the reasons mentioned above. There are two solutions to this:

1. Upgrade to Lerna@3, as it has the licensing built-in now
2. Copy & paste the root license to all projects in the packages directory, so it gets picked up by npm during publishing, and to re-publish all of them with a new patch version.

For more information, see lerna/lerna#1465 (comment), babel/babel#7308 (comment), babel/babel#8409 (comment).

---

A similar issue: facebook/regenerator#354

[Timer]

We'll upgrade to Lerna 3 soon. Thanks for the heads up!

[Timer]

We added all the license files by hand for now in #5192 (instead of upgrading Lerna).
Lerna has an outstanding bug preventing us from using it: lerna/lerna#1687.