Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transitive lz-string library uses WTFPL #1187

Closed
Blacktiger opened this issue Oct 31, 2022 · 5 comments
Closed

Transitive lz-string library uses WTFPL #1187

Blacktiger opened this issue Oct 31, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@Blacktiger
Copy link

Blacktiger commented Oct 31, 2022
edited

This library depends on lz-string which according to npm is licensed by the WTFPL. That license is a banned license at many organizations (including my employer). Please consider replacing it with something that includes a sane license since npm and yarn don't provide any good way to replace the library with a different one.

Describe the feature you'd like:

Replace the lz-string dependency with something else. It includes a license file declaring the license as WTFPL which is a banned license at many organizations.

Suggested implementation:

The only place I see in the code which uses lz-string is:

dom-testing-library/src/screen.ts

Line 17 in 4f965e9

return lzString.compressToEncodedURIComponent(unindent(value))

If there is no decoding done on the string it doesn't even seem like that method does anything so maybe it can be simply removed? Or replaced with some alternative library/algorithm? It does seem like lz-string is also used in the testing-playground but I don't know how that relates to this project.

Describe alternatives you've considered:

I tried to see if yarn would allow me to replace the dependency with something else. The original library now has an MIT license file on the github repository, but there doesn't seem to be any way to get it re-published under that license without forking (possible to do just for dom-testing-library if that library is important).
@revelt
Copy link

revelt commented Jan 24, 2023

Linking the issue ticket on lz-string: pieroxy/lz-string#147

@eps1lon
Copy link
Member

eps1lon commented Jan 28, 2023

(possible to do just for dom-testing-library if that library is important).

Do you have any legal references if we can just do that? Like, can we just fork the current state and publish under @testing-library/lz-string? Would that not mean that all the current code is under WTFPL?

@eps1lon eps1lon added the enhancement New feature or request label Jan 28, 2023
@Blacktiger
Copy link
Author

If the current codebase has an MIT license I would think so. According to the above ticket it appears the author may finally be re-publishing the package soon.

@eps1lon
Copy link
Member

eps1lon commented Feb 9, 2023

Doesn't seem like they published it yet. Will ask again in a week and then just publish it from a fork if they forget again. I thought we would also have to relicense (which I'm not familiar with). But the source is already licensed under MIT which means we can just publish it anywhere.

@MatanBobi
Copy link
Member

Closing since this was resolved in #1219

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Blacktiger @revelt @eps1lon @MatanBobi