Transitive dependency on an LGPL module

[raymondfeng]

npm ls finds a transitive dependency on seek-bzip which is LGPL licensed . See https://github.com/cscott/seek-bzip/blob/master/package.json#L11.

Is it a concern of yeoman-generator under MIT?

yeoman-generator@0.20.1 /private/tmp/node_modules/yeoman-generator
├── async@0.9.2
├─┬ chalk@1.1.0
│ ├── ansi-styles@2.1.0
│ ├── escape-string-regexp@1.0.3
│ ├─┬ has-ansi@2.0.0
│ │ └── ansi-regex@2.0.0
│ ├─┬ strip-ansi@3.0.0
│ │ └── ansi-regex@2.0.0
│ └── supports-color@2.0.0
├─┬ class-extend@0.1.1
│ └── lodash@2.4.2
├─┬ cli-table@0.3.1
│ └── colors@1.0.3
├─┬ cross-spawn@0.4.1
│ ├── lru-cache@2.6.5
│ └─┬ spawn-sync@1.0.11
│   ├─┬ concat-stream@1.5.0
│   │ ├── inherits@2.0.1
│   │ ├─┬ readable-stream@2.0.1
│   │ │ ├── core-util-is@1.0.1
│   │ │ ├── isarray@0.0.1
│   │ │ ├── process-nextick-args@1.0.1
│   │ │ ├── string_decoder@0.10.31
│   │ │ └── util-deprecate@1.0.1
│   │ └── typedarray@0.0.6
│   ├── os-shim@0.1.2
│   └─┬ try-thread-sleep@1.0.0
│     └─┬ thread-sleep@1.0.3
│       ├── nan@1.8.4
│       └─┬ node-pre-gyp@0.6.2
│         ├─┬ mkdirp@0.5.0
│         │ └── minimist@0.0.8
│         ├─┬ nopt@3.0.1
│         │ └── abbrev@1.0.5
│         ├─┬ npmlog@0.1.1
│         │ └── ansi@0.3.0
│         ├─┬ rc@0.5.5
│         │ ├── deep-extend@0.2.11
│         │ ├── ini@1.3.2
│         │ ├── minimist@0.0.10
│         │ └── strip-json-comments@0.1.3
│         ├─┬ request@2.51.0
│         │ ├── aws-sign2@0.5.0
│         │ ├─┬ bl@0.9.3
│         │ │ └─┬ readable-stream@1.0.33
│         │ │   ├── core-util-is@1.0.1
│         │ │   ├── inherits@2.0.1
│         │ │   ├── isarray@0.0.1
│         │ │   └── string_decoder@0.10.31
│         │ ├── caseless@0.8.0
│         │ ├─┬ combined-stream@0.0.7
│         │ │ └── delayed-stream@0.0.5
│         │ ├── forever-agent@0.5.2
│         │ ├─┬ form-data@0.2.0
│         │ │ ├── async@0.9.0
│         │ │ └─┬ mime-types@2.0.7
│         │ │   └── mime-db@1.5.0
│         │ ├─┬ hawk@1.1.1
│         │ │ ├── boom@0.4.2
│         │ │ ├── cryptiles@0.2.2
│         │ │ ├── hoek@0.9.1
│         │ │ └── sntp@0.2.4
│         │ ├─┬ http-signature@0.10.1
│         │ │ ├── asn1@0.1.11
│         │ │ ├── assert-plus@0.1.5
│         │ │ └── ctype@0.5.3
│         │ ├── json-stringify-safe@5.0.0
│         │ ├── mime-types@1.0.2
│         │ ├── node-uuid@1.4.2
│         │ ├── oauth-sign@0.5.0
│         │ ├── qs@2.3.3
│         │ ├── stringstream@0.0.4
│         │ ├─┬ tough-cookie@0.12.1
│         │ │ └── punycode@1.3.2
│         │ └── tunnel-agent@0.4.0
│         ├── rimraf@2.2.8
│         ├── semver@4.2.0
│         ├─┬ tar@1.0.3
│         │ ├── block-stream@0.0.7
│         │ ├─┬ fstream@1.0.3
│         │ │ └── graceful-fs@3.0.5
│         │ └── inherits@2.0.1
│         └─┬ tar-pack@2.0.0
│           ├── debug@0.7.4
│           ├─┬ fstream@0.1.31
│           │ ├── graceful-fs@3.0.5
│           │ └── inherits@2.0.1
│           ├─┬ fstream-ignore@0.0.7
│           │ ├── inherits@2.0.1
│           │ └─┬ minimatch@0.2.14
│           │   ├── lru-cache@2.5.0
│           │   └── sigmund@1.0.0
│           ├── graceful-fs@1.2.3
│           ├── once@1.1.1
│           ├─┬ readable-stream@1.0.33
│           │ ├── core-util-is@1.0.1
│           │ ├── inherits@2.0.1
│           │ ├── isarray@0.0.1
│           │ └── string_decoder@0.10.31
│           ├─┬ tar@0.1.20
│           │ ├── block-stream@0.0.7
│           │ └── inherits@2.0.1
│           └── uid-number@0.0.3
├─┬ dargs@4.0.1
│ └── number-is-nan@1.0.0
├─┬ dateformat@1.0.11
│ ├── get-stdin@4.0.1
│ └─┬ meow@3.3.0
│   ├─┬ camelcase-keys@1.0.0
│   │ ├── camelcase@1.1.0
│   │ └── map-obj@1.0.1
│   ├─┬ indent-string@1.2.1
│   │ └─┬ repeating@1.1.3
│   │   └─┬ is-finite@1.0.1
│   │     └── number-is-nan@1.0.0
│   ├── minimist@1.1.1
│   └── object-assign@3.0.0
├─┬ debug@2.2.0
│ └── ms@0.7.1
├── detect-conflict@1.0.0
├── diff@1.4.0
├─┬ download@4.1.4
│ ├─┬ concat-stream@1.5.0
│ │ ├── inherits@2.0.1
│ │ ├─┬ readable-stream@2.0.1
│ │ │ ├── core-util-is@1.0.1
│ │ │ ├── isarray@0.0.1
│ │ │ ├── process-nextick-args@1.0.1
│ │ │ ├── string_decoder@0.10.31
│ │ │ └── util-deprecate@1.0.1
│ │ └── typedarray@0.0.6
│ ├─┬ each-async@1.1.1
│ │ ├── onetime@1.0.0
│ │ └── set-immediate-shim@1.0.1
│ ├─┬ filenamify@1.2.0
│ │ ├── filename-reserved-regex@1.0.0
│ │ ├─┬ strip-outer@1.0.0
│ │ │ └── escape-string-regexp@1.0.3
│ │ └─┬ trim-repeated@1.0.0
│ │   └── escape-string-regexp@1.0.3
│ ├─┬ got@2.9.2
│ │ ├─┬ duplexify@3.4.2
│ │ │ ├─┬ end-of-stream@1.0.0
│ │ │ │ └─┬ once@1.3.2
│ │ │ │   └── wrappy@1.0.1
│ │ │ └─┬ readable-stream@2.0.1
│ │ │   ├── core-util-is@1.0.1
│ │ │   ├── inherits@2.0.1
│ │ │   ├── isarray@0.0.1
│ │ │   ├── process-nextick-args@1.0.1
│ │ │   ├── string_decoder@0.10.31
│ │ │   └── util-deprecate@1.0.1
│ │ ├── infinity-agent@2.0.3
│ │ ├── is-stream@1.0.1
│ │ ├── lowercase-keys@1.0.0
│ │ ├── nested-error-stacks@1.0.0
│ │ ├── prepend-http@1.0.1
│ │ ├─┬ read-all-stream@2.2.0
│ │ │ └─┬ readable-stream@2.0.1
│ │ │   ├── core-util-is@1.0.1
│ │ │   ├── inherits@2.0.1
│ │ │   ├── isarray@0.0.1
│ │ │   ├── process-nextick-args@1.0.1
│ │ │   ├── string_decoder@0.10.31
│ │ │   └── util-deprecate@1.0.1
│ │ ├── statuses@1.2.1
│ │ └── timed-out@2.0.0
│ ├─┬ gulp-decompress@1.0.2
│ │ ├─┬ archive-type@2.1.0
│ │ │ ├── file-type@2.7.0
│ │ │ ├── get-stdin@4.0.1
│ │ │ └─┬ meow@3.3.0
│ │ │   ├─┬ camelcase-keys@1.0.0
│ │ │   │ ├── camelcase@1.1.0
│ │ │   │ └── map-obj@1.0.1
│ │ │   ├─┬ indent-string@1.2.1
│ │ │   │ └─┬ repeating@1.1.3
│ │ │   │   └─┬ is-finite@1.0.1
│ │ │   │     └── number-is-nan@1.0.0
│ │ │   ├── minimist@1.1.1
│ │ │   └── object-assign@3.0.0
│ │ ├─┬ decompress@2.3.0
│ │ │ ├─┬ buffer-to-vinyl@1.0.0
│ │ │ │ ├── file-type@2.7.0
│ │ │ │ └── uuid@2.0.1
│ │ │ ├─┬ decompress-tar@3.1.0
│ │ │ │ ├── is-tar@1.0.0
│ │ │ │ ├─┬ strip-dirs@1.1.1
│ │ │ │ │ ├─┬ is-absolute@0.1.7
│ │ │ │ │ │ └── is-relative@0.1.3
│ │ │ │ │ ├── is-natural-number@2.0.0
│ │ │ │ │ ├── minimist@1.1.1
│ │ │ │ │ └── sum-up@1.0.2
│ │ │ │ └─┬ tar-stream@1.2.1
│ │ │ │   ├── bl@1.0.0
│ │ │ │   ├─┬ end-of-stream@1.1.0
│ │ │ │   │ └─┬ once@1.3.2
│ │ │ │   │   └── wrappy@1.0.1
│ │ │ │   ├─┬ readable-stream@2.0.1
│ │ │ │   │ ├── core-util-is@1.0.1
│ │ │ │   │ ├── inherits@2.0.1
│ │ │ │   │ ├── isarray@0.0.1
│ │ │ │   │ ├── process-nextick-args@1.0.1
│ │ │ │   │ ├── string_decoder@0.10.31
│ │ │ │   │ └── util-deprecate@1.0.1
│ │ │ │   └── xtend@4.0.0
│ │ │ ├─┬ decompress-tarbz2@3.1.0
│ │ │ │ ├── is-bzip2@1.0.0
│ │ │ │ ├─┬ seek-bzip@1.0.4
│ │ │ │ │ └── commander@2.4.0
│ │ │ │ ├─┬ strip-dirs@1.1.1
│ │ │ │ │ ├─┬ is-absolute@0.1.7
│ │ │ │ │ │ └── is-relative@0.1.3
│ │ │ │ │ ├── is-natural-number@2.0.0
│ │ │ │ │ ├── minimist@1.1.1
│ │ │ │ │ └── sum-up@1.0.2
│ │ │ │ └─┬ tar-stream@1.2.1
│ │ │ │   ├── bl@1.0.0
│ │ │ │   ├─┬ end-of-stream@1.1.0
│ │ │ │   │ └─┬ once@1.3.2
│ │ │ │   │   └── wrappy@1.0.1
│ │ │ │   ├─┬ readable-stream@2.0.1
│ │ │ │   │ ├── core-util-is@1.0.1
│ │ │ │   │ ├── inherits@2.0.1
│ │ │ │   │ ├── isarray@0.0.1
│ │ │ │   │ ├── process-nextick-args@1.0.1
│ │ │ │   │ ├── string_decoder@0.10.31
│ │ │ │   │ └── util-deprecate@1.0.1
│ │ │ │   └── xtend@4.0.0
│ │ │ ├─┬ decompress-targz@3.1.0
│ │ │ │ ├── is-gzip@1.0.0
│ │ │ │ ├─┬ strip-dirs@1.1.1
│ │ │ │ │ ├─┬ is-absolute@0.1.7
│ │ │ │ │ │ └── is-relative@0.1.3
│ │ │ │ │ ├── is-natural-number@2.0.0
│ │ │ │ │ ├── minimist@1.1.1
│ │ │ │ │ └── sum-up@1.0.2
│ │ │ │ └─┬ tar-stream@1.2.1
│ │ │ │   ├── bl@1.0.0
│ │ │ │   ├─┬ end-of-stream@1.1.0
│ │ │ │   │ └─┬ once@1.3.2
│ │ │ │   │   └── wrappy@1.0.1
│ │ │ │   ├─┬ readable-stream@2.0.1
│ │ │ │   │ ├── core-util-is@1.0.1
│ │ │ │   │ ├── inherits@2.0.1
│ │ │ │   │ ├── isarray@0.0.1
│ │ │ │   │ ├── process-nextick-args@1.0.1
│ │ │ │   │ ├── string_decoder@0.10.31
│ │ │ │   │ └── util-deprecate@1.0.1
│ │ │ │   └── xtend@4.0.0
│ │ │ ├─┬ decompress-unzip@3.3.0
│ │ │ │ ├── is-zip@1.0.0
│ │ │ │ ├── stat-mode@0.2.1
│ │ │ │ ├─┬ strip-dirs@1.1.1
│ │ │ │ │ ├─┬ is-absolute@0.1.7
│ │ │ │ │ │ └── is-relative@0.1.3
│ │ │ │ │ ├── is-natural-number@2.0.0
│ │ │ │ │ ├── minimist@1.1.1
│ │ │ │ │ └── sum-up@1.0.2
│ │ │ │ ├─┬ through2@2.0.0
│ │ │ │ │ ├─┬ readable-stream@2.0.1
│ │ │ │ │ │ ├── core-util-is@1.0.1
│ │ │ │ │ │ ├── inherits@2.0.1
│ │ │ │ │ │ ├── isarray@0.0.1
│ │ │ │ │ │ ├── process-nextick-args@1.0.1
│ │ │ │ │ │ ├── string_decoder@0.10.31
│ │ │ │ │ │ └── util-deprecate@1.0.1
│ │ │ │ │ └── xtend@4.0.0
│ │ │ │ ├─┬ vinyl@0.5.0
│ │ │ │ │ ├── clone@1.0.2
│ │ │ │ │ ├── clone-stats@0.0.1
│ │ │ │ │ └── replace-ext@0.0.1
│ │ │ │ └─┬ yauzl@2.3.1
│ │ │ │   ├── fd-slicer@1.0.1
│ │ │ │   └── pend@1.2.0
│ │ │ ├── get-stdin@4.0.1
│ │ │ ├─┬ meow@3.3.0
│ │ │ │ ├─┬ camelcase-keys@1.0.0
│ │ │ │ │ ├── camelcase@1.1.0
│ │ │ │ │ └── map-obj@1.0.1
│ │ │ │ ├─┬ indent-string@1.2.1
│ │ │ │ │ └─┬ repeating@1.1.3
│ │ │ │ │   └─┬ is-finite@1.0.1
│ │ │ │ │     └── number-is-nan@1.0.0
│ │ │ │ ├── minimist@1.1.1
│ │ │ │ └── object-assign@3.0.0
│ │ │ └─┬ vinyl-assign@1.2.0
│ │ │   ├── object-assign@3.0.0
│ │ │   └─┬ readable-stream@2.0.1
│ │ │     ├── core-util-is@1.0.1
│ │ │     ├── inherits@2.0.1
│ │ │     ├── isarray@0.0.1
│ │ │     ├── process-nextick-args@1.0.1
│ │ │     ├── string_decoder@0.10.31
│ │ │     └── util-deprecate@1.0.1
│ │ ├─┬ gulp-util@3.0.6
│ │ │ ├── array-differ@1.0.0
│ │ │ ├── array-uniq@1.0.2
│ │ │ ├── beeper@1.1.0
│ │ │ ├── lodash._reescape@3.0.0
│ │ │ ├── lodash._reevaluate@3.0.0
│ │ │ ├── lodash._reinterpolate@3.0.0
│ │ │ ├─┬ lodash.template@3.6.2
│ │ │ │ ├── lodash._basecopy@3.0.1
│ │ │ │ ├── lodash._basetostring@3.0.1
│ │ │ │ ├── lodash._basevalues@3.0.0
│ │ │ │ ├── lodash._isiterateecall@3.0.9
│ │ │ │ ├── lodash.escape@3.0.0
│ │ │ │ ├─┬ lodash.keys@3.1.2
│ │ │ │ │ ├── lodash._getnative@3.9.1
│ │ │ │ │ ├── lodash.isarguments@3.0.4
│ │ │ │ │ └── lodash.isarray@3.0.4
│ │ │ │ ├── lodash.restparam@3.6.1
│ │ │ │ └── lodash.templatesettings@3.1.0
│ │ │ ├── minimist@1.1.1
│ │ │ ├─┬ multipipe@0.1.2
│ │ │ │ └─┬ duplexer2@0.0.2
│ │ │ │   └─┬ readable-stream@1.1.13
│ │ │ │     ├── core-util-is@1.0.1
│ │ │ │     ├── inherits@2.0.1
│ │ │ │     ├── isarray@0.0.1
│ │ │ │     └── string_decoder@0.10.31
│ │ │ ├── object-assign@3.0.0
│ │ │ ├── replace-ext@0.0.1
│ │ │ ├─┬ through2@2.0.0
│ │ │ │ ├─┬ readable-stream@2.0.1
│ │ │ │ │ ├── core-util-is@1.0.1
│ │ │ │ │ ├── inherits@2.0.1
│ │ │ │ │ ├── isarray@0.0.1
│ │ │ │ │ ├── process-nextick-args@1.0.1
│ │ │ │ │ ├── string_decoder@0.10.31
│ │ │ │ │ └── util-deprecate@1.0.1
│ │ │ │ └── xtend@4.0.0
│ │ │ └─┬ vinyl@0.5.0
│ │ │   ├── clone@1.0.2
│ │ │   └── clone-stats@0.0.1
│ │ └─┬ through2@0.6.5
│ │   ├─┬ readable-stream@1.0.33
│ │   │ ├── core-util-is@1.0.1
│ │   │ ├── inherits@2.0.1
│ │   │ ├── isarray@0.0.1
│ │   │ └── string_decoder@0.10.31
│ │   └── xtend@4.0.0
│ ├── gulp-rename@1.2.2
│ ├── is-url@1.2.1
│ ├── object-assign@2.1.1
│ ├─┬ read-all-stream@3.0.0
│ │ ├─┬ pinkie-promise@1.0.0
│ │ │ └── pinkie@1.0.0
│ │ └─┬ readable-stream@2.0.1
│ │   ├── core-util-is@1.0.1
│ │   ├── inherits@2.0.1
│ │   ├── isarray@0.0.1
│ │   ├── process-nextick-args@1.0.1
│ │   ├── string_decoder@0.10.31
│ │   └── util-deprecate@1.0.1
│ ├─┬ stream-combiner2@1.0.2
│ │ ├─┬ duplexer2@0.0.2
│ │ │ └─┬ readable-stream@1.1.13
│ │ │   ├── core-util-is@1.0.1
│ │ │   ├── inherits@2.0.1
│ │ │   ├── isarray@0.0.1
│ │ │   └── string_decoder@0.10.31
│ │ └─┬ through2@0.5.1
│ │   ├─┬ readable-stream@1.0.33
│ │   │ ├── core-util-is@1.0.1
│ │   │ ├── inherits@2.0.1
│ │   │ ├── isarray@0.0.1
│ │   │ └── string_decoder@0.10.31
│ │   └── xtend@3.0.0
│ ├─┬ through2@2.0.0
│ │ ├─┬ readable-stream@2.0.1
│ │ │ ├── core-util-is@1.0.1
│ │ │ ├── inherits@2.0.1
│ │ │ ├── isarray@0.0.1
│ │ │ ├── process-nextick-args@1.0.1
│ │ │ ├── string_decoder@0.10.31
│ │ │ └── util-deprecate@1.0.1
│ │ └── xtend@4.0.0
│ ├─┬ vinyl@0.4.6
│ │ ├── clone@0.2.0
│ │ └── clone-stats@0.0.1
│ ├─┬ vinyl-fs@1.0.0
│ │ ├─┬ duplexify@3.4.2
│ │ │ ├─┬ end-of-stream@1.0.0
│ │ │ │ └─┬ once@1.3.2
│ │ │ │   └── wrappy@1.0.1
│ │ │ └─┬ readable-stream@2.0.1
│ │ │   ├── core-util-is@1.0.1
│ │ │   ├── inherits@2.0.1
│ │ │   ├── isarray@0.0.1
│ │ │   ├── process-nextick-args@1.0.1
│ │ │   ├── string_decoder@0.10.31
│ │ │   └── util-deprecate@1.0.1
│ │ ├─┬ glob-stream@4.1.1
│ │ │ ├─┬ glob@4.5.3
│ │ │ │ ├─┬ inflight@1.0.4
│ │ │ │ │ └── wrappy@1.0.1
│ │ │ │ ├── inherits@2.0.1
│ │ │ │ └─┬ once@1.3.2
│ │ │ │   └── wrappy@1.0.1
│ │ │ ├─┬ glob2base@0.0.12
│ │ │ │ └── find-index@0.1.1
│ │ │ ├─┬ minimatch@2.0.8
│ │ │ │ └─┬ brace-expansion@1.1.0
│ │ │ │   ├── balanced-match@0.2.0
│ │ │ │   └── concat-map@0.0.1
│ │ │ ├── ordered-read-streams@0.1.0
│ │ │ └─┬ unique-stream@2.2.0
│ │ │   └─┬ through2-filter@2.0.0
│ │ │     ├─┬ through2@2.0.0
│ │ │     │ └─┬ readable-stream@2.0.1
│ │ │     │   ├── core-util-is@1.0.1
│ │ │     │   ├── inherits@2.0.1
│ │ │     │   ├── isarray@0.0.1
│ │ │     │   ├── process-nextick-args@1.0.1
│ │ │     │   ├── string_decoder@0.10.31
│ │ │     │   └── util-deprecate@1.0.1
│ │ │     └── xtend@4.0.0
│ │ ├─┬ glob-watcher@0.0.8
│ │ │ └─┬ gaze@0.5.1
│ │ │   └─┬ globule@0.1.0
│ │ │     ├─┬ glob@3.1.21
│ │ │     │ ├── graceful-fs@1.2.3
│ │ │     │ └── inherits@1.0.0
│ │ │     ├── lodash@1.0.2
│ │ │     └─┬ minimatch@0.2.14
│ │ │       ├── lru-cache@2.6.5
│ │ │       └── sigmund@1.0.1
│ │ ├── graceful-fs@3.0.8
│ │ ├── merge-stream@0.1.8
│ │ ├─┬ strip-bom@1.0.0
│ │ │ ├── first-chunk-stream@1.0.0
│ │ │ └── is-utf8@0.2.0
│ │ └─┬ through2@0.6.5
│ │   ├─┬ readable-stream@1.0.33
│ │   │ ├── core-util-is@1.0.1
│ │   │ ├── inherits@2.0.1
│ │   │ ├── isarray@0.0.1
│ │   │ └── string_decoder@0.10.31
│ │   └── xtend@4.0.0
│ └─┬ ware@1.3.0
│   └─┬ wrap-fn@0.1.4
│     └── co@3.1.0
├─┬ findup-sync@0.2.1
│ └─┬ glob@4.3.5
│   ├─┬ inflight@1.0.4
│   │ └── wrappy@1.0.1
│   ├── inherits@2.0.1
│   ├─┬ minimatch@2.0.8
│   │ └─┬ brace-expansion@1.1.0
│   │   ├── balanced-match@0.2.0
│   │   └── concat-map@0.0.1
│   └─┬ once@1.3.2
│     └── wrappy@1.0.1
├─┬ github-username@2.0.0
│ ├─┬ gh-got@1.1.0
│ │ ├─┬ got@3.3.0
│ │ │ ├─┬ duplexify@3.4.2
│ │ │ │ ├─┬ end-of-stream@1.0.0
│ │ │ │ │ └─┬ once@1.3.2
│ │ │ │ │   └── wrappy@1.0.1
│ │ │ │ └─┬ readable-stream@2.0.1
│ │ │ │   ├── core-util-is@1.0.1
│ │ │ │   ├── inherits@2.0.1
│ │ │ │   ├── isarray@0.0.1
│ │ │ │   ├── process-nextick-args@1.0.1
│ │ │ │   ├── string_decoder@0.10.31
│ │ │ │   └── util-deprecate@1.0.1
│ │ │ ├── infinity-agent@2.0.3
│ │ │ ├── is-redirect@1.0.0
│ │ │ ├── is-stream@1.0.1
│ │ │ ├── lowercase-keys@1.0.0
│ │ │ ├── nested-error-stacks@1.0.0
│ │ │ ├── prepend-http@1.0.1
│ │ │ ├─┬ read-all-stream@2.2.0
│ │ │ │ └─┬ readable-stream@2.0.1
│ │ │ │   ├── core-util-is@1.0.1
│ │ │ │   ├── inherits@2.0.1
│ │ │ │   ├── isarray@0.0.1
│ │ │ │   ├── process-nextick-args@1.0.1
│ │ │ │   ├── string_decoder@0.10.31
│ │ │ │   └── util-deprecate@1.0.1
│ │ │ ├── statuses@1.2.1
│ │ │ └── timed-out@2.0.0
│ │ └── object-assign@2.1.1
│ └─┬ meow@3.3.0
│   ├─┬ camelcase-keys@1.0.0
│   │ ├── camelcase@1.1.0
│   │ └── map-obj@1.0.1
│   ├─┬ indent-string@1.2.1
│   │ ├── get-stdin@4.0.1
│   │ └─┬ repeating@1.1.3
│   │   └─┬ is-finite@1.0.1
│   │     └── number-is-nan@1.0.0
│   ├── minimist@1.1.1
│   └── object-assign@3.0.0
├─┬ glob@5.0.13
│ ├─┬ inflight@1.0.4
│ │ └── wrappy@1.0.1
│ ├── inherits@2.0.1
│ ├─┬ minimatch@2.0.8
│ │ └─┬ brace-expansion@1.1.0
│ │   ├── balanced-match@0.2.0
│ │   └── concat-map@0.0.1
│ └─┬ once@1.3.2
│   └── wrappy@1.0.1
├─┬ gruntfile-editor@1.0.0
│ └─┬ ast-query@1.0.1
│   ├─┬ escodegen@1.6.1
│   │ ├── esprima@1.2.5
│   │ ├── estraverse@1.9.3
│   │ ├── esutils@1.1.6
│   │ ├─┬ optionator@0.5.0
│   │ │ ├── deep-is@0.1.3
│   │ │ ├── fast-levenshtein@1.0.6
│   │ │ ├── levn@0.2.5
│   │ │ ├── prelude-ls@1.1.2
│   │ │ ├── type-check@0.3.1
│   │ │ └── wordwrap@0.0.3
│   │ └─┬ source-map@0.1.43
│   │   └── amdefine@1.0.0
│   ├── esprima@2.4.1
│   └── traverse@0.6.6
├─┬ html-wiring@1.1.0
│ └─┬ cheerio@0.19.0
│   ├─┬ css-select@1.0.0
│   │ ├── boolbase@1.0.0
│   │ ├── css-what@1.0.0
│   │ ├─┬ domutils@1.4.3
│   │ │ └── domelementtype@1.3.0
│   │ └── nth-check@1.0.1
│   ├─┬ dom-serializer@0.1.0
│   │ └── domelementtype@1.1.3
│   ├── entities@1.1.1
│   └─┬ htmlparser2@3.8.3
│     ├── domelementtype@1.3.0
│     ├── domhandler@2.3.0
│     ├── domutils@1.5.1
│     ├── entities@1.0.0
│     └─┬ readable-stream@1.1.13
│       ├── core-util-is@1.0.1
│       ├── inherits@2.0.1
│       ├── isarray@0.0.1
│       └── string_decoder@0.10.31
├─┬ inquirer@0.8.5
│ ├── ansi-regex@1.1.1
│ ├── cli-width@1.0.1
│ ├── figures@1.3.5
│ ├─┬ readline2@0.1.1
│ │ ├── mute-stream@0.0.4
│ │ └── strip-ansi@2.0.1
│ ├── rx@2.5.3
│ └── through@2.3.8
├─┬ istextorbinary@1.0.2
│ ├── binaryextensions@1.0.0
│ └── textextensions@1.0.1
├── lodash@3.10.0
├─┬ mem-fs-editor@2.0.4
│ ├── commondir@1.0.1
│ ├── ejs@2.3.2
│ ├─┬ globby@2.1.0
│ │ ├─┬ array-union@1.0.1
│ │ │ └── array-uniq@1.0.2
│ │ ├── async@1.3.0
│ │ └── object-assign@3.0.0
│ ├─┬ multimatch@2.0.0
│ │ ├── array-differ@1.0.0
│ │ ├─┬ array-union@1.0.1
│ │ │ └── array-uniq@1.0.2
│ │ └─┬ minimatch@2.0.8
│ │   └─┬ brace-expansion@1.1.0
│ │     ├── balanced-match@0.2.0
│ │     └── concat-map@0.0.1
│ ├─┬ through2@2.0.0
│ │ ├─┬ readable-stream@2.0.1
│ │ │ ├── core-util-is@1.0.1
│ │ │ ├── inherits@2.0.1
│ │ │ ├── isarray@0.0.1
│ │ │ ├── process-nextick-args@1.0.1
│ │ │ ├── string_decoder@0.10.31
│ │ │ └── util-deprecate@1.0.1
│ │ └── xtend@4.0.0
│ └─┬ vinyl@0.5.0
│   ├── clone@1.0.2
│   ├── clone-stats@0.0.1
│   └── replace-ext@0.0.1
├── mime@1.3.4
├─┬ mkdirp@0.5.1
│ └── minimist@0.0.8
├─┬ nopt@3.0.3
│ └── abbrev@1.0.7
├── path-is-absolute@1.0.0
├─┬ pretty-bytes@1.0.4
│ ├── get-stdin@4.0.1
│ └─┬ meow@3.3.0
│   ├─┬ camelcase-keys@1.0.0
│   │ ├── camelcase@1.1.0
│   │ └── map-obj@1.0.1
│   ├─┬ indent-string@1.2.1
│   │ └─┬ repeating@1.1.3
│   │   └─┬ is-finite@1.0.1
│   │     └── number-is-nan@1.0.0
│   ├── minimist@1.1.1
│   └── object-assign@3.0.0
├── read-chunk@1.0.1
├─┬ rimraf@2.4.1
│ └─┬ glob@4.5.3
│   ├─┬ inflight@1.0.4
│   │ └── wrappy@1.0.1
│   ├── inherits@2.0.1
│   ├─┬ minimatch@2.0.8
│   │ └─┬ brace-expansion@1.1.0
│   │   ├── balanced-match@0.2.0
│   │   └── concat-map@0.0.1
│   └─┬ once@1.3.2
│     └── wrappy@1.0.1
├─┬ run-async@0.1.0
│ └─┬ once@1.3.2
│   └── wrappy@1.0.1
├── shelljs@0.4.0
├─┬ sinon@1.15.4
│ ├── formatio@1.1.1
│ ├── lolex@1.1.0
│ ├── samsam@1.1.2
│ └─┬ util@0.10.3
│   └── inherits@2.0.1
├── text-table@0.2.0
├─┬ through2@0.6.5
│ ├─┬ readable-stream@1.0.33
│ │ ├── core-util-is@1.0.1
│ │ ├── inherits@2.0.1
│ │ ├── isarray@0.0.1
│ │ └── string_decoder@0.10.31
│ └── xtend@4.0.0
├── underscore.string@3.1.1
├── user-home@1.1.1
├── xdg-basedir@1.0.1
├── yeoman-assert@2.0.0
├─┬ yeoman-environment@1.2.6
│ ├── escape-string-regexp@1.0.3
│ ├─┬ globby@2.1.0
│ │ ├─┬ array-union@1.0.1
│ │ │ └── array-uniq@1.0.2
│ │ ├── async@1.3.0
│ │ └── object-assign@3.0.0
│ ├─┬ grouped-queue@0.3.0
│ │ ├── lodash@2.4.2
│ │ └── setimmediate@1.0.2
│ ├── log-symbols@1.0.2
│ ├─┬ mem-fs@1.1.0
│ │ ├─┬ vinyl@0.4.6
│ │ │ ├── clone@0.2.0
│ │ │ └── clone-stats@0.0.1
│ │ └─┬ vinyl-file@1.2.1
│ │   ├── graceful-fs@4.1.2
│ │   ├─┬ strip-bom@2.0.0
│ │   │ └── is-utf8@0.2.0
│ │   ├─┬ strip-bom-stream@1.0.0
│ │   │ └── first-chunk-stream@1.0.0
│ │   └─┬ vinyl@0.5.0
│ │     ├── clone@1.0.2
│ │     ├── clone-stats@0.0.1
│ │     └── replace-ext@0.0.1
│ └─┬ untildify@2.1.0
│   └── os-homedir@1.0.0
└── yeoman-welcome@1.0.1

[sindresorhus]

Why?

[raymondfeng]

I'm wondering if MIT license allows inclusion of LGPL module dependencies. For example, Apache projects explicitly prohibits dependencies on LGPL libraries, see http://www.apache.org/legal/resolved.html#category-x.

[sindresorhus]

I have no idea. That's why I'm asking. I would assume not since it's just downloaded on install time and not bundled, but IANAL.

// @kemitchell

[kemitchell]

yeoman-generator has a mighty deep dependency tree, indeed! seek-gzip's LGPL license aside, several dependencies are just plain missing license metadata:

https://gist.github.com/kemitchell/6a25ab437a5ce809eb84

As for MIT-LGPL compatibility, unfortunately, I can't go around GitHub handing out legal opinions, nor would I do any good passing off such opinions as "the right answers". The Apache FAQ admits more or less the same, taking pains to point out that it reflects Apache's point of view of Apache's license for Apache people on Apache projects. Whether the combination of LGPL and MIT is too risky or inconvenient is really a question for individual companies.

As for respecting the expectations of seek-gzip's author, @cscott, why not ask him?

[cscott]

Sorry, I can't change the LGPL licence of seek-bzip myself. My code builds on node-bzip from @skeggse and bzip2.js from @antimatter15. @antimatter15 used an MIT-like license, but @skeggse chose LGPL. I had to chose a license compatible with @skeggse's choice.

If @skeggse wants to relicense I'd probably be willing to go along.

Alternatively decompress-tarbz2 could make seek-bzip an optional dependency and shell out to the bzip2 binary if it is not installed.

[skeggse]

I'd be happy to relicense! I probably licensed it wrong to begin with, I was trying to be compatible with antimatter15's original bzip.js (which has since changed to MIT). Do I just need to push an updated LICENSE?

[raymondfeng]

@skeggse That would be great! Typically, you need to push an updated LICENSE that contains the MIT license and update package.json following the convention established by npm - https://docs.npmjs.com/files/package.json#license.

[cscott]

@skeggse and then ping me (or file an issue on cscott/seek-bzip) and I'll follow suit.​

[raymondfeng]

@skeggse Any update?

[skeggse]

@raymondfeng thanks for the poke, just pushed skeggse/node-bzip@0dd3c81.

[raymondfeng]

@skeggse Thank you for the prompt action. Once you publish a new release, @cscott can cascade the license change to cscott/seek-bzip.

[skeggse]

I did publish a new release.

[cscott]

Hm, not so fast: although @antimatter15 and @skeggse relicensed their contributions, as far as I can tell, Rob Landley (rob@landley.net)'s original version (from which all these have sprung) was originally and has always been LGPL. I don't think we can relicense to MIT without explicit permission from Rob Landley.

[skeggse]

Rob Landley's work, just to make the trail of contributions longer, includes the following:

    Based on bzip2 decompression code by Julian R Seward (jseward@acm.org),
    which also acknowledges contributions by Mike Burrows, David Wheeler,
    Peter Fenwick, Alistair Moffat, Radford Neal, Ian H. Witten,
    Robert Sedgewick, and Jon L. Bentley.

    This code is licensed under the LGPLv2:
        LGPL (http://www.gnu.org/copyleft/lgpl.html

— http://www.landley.net/code/ under micro-bunzip

And Julian R Seward is credited in the bzip2 utility installed on my distribution of arch-linux as "Copyright (C) 1996-2010 by Julian Seward." Julian R Seward's work doesn't seem to use a specific license, so I'm not sure if it's compatible with the MIT license:

This program, "bzip2", the associated library "libbzip2", and all
documentation, are copyright (C) 1996-2010 Julian R Seward.  All
rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

2. The origin of this software must not be misrepresented; you must 
   not claim that you wrote the original software.  If you use this 
   software in a product, an acknowledgment in the product 
   documentation would be appreciated but is not required.

3. Altered source versions must be plainly marked as such, and must
   not be misrepresented as being the original software.

4. The name of the author may not be used to endorse or promote 
   products derived from this software without specific prior written 
   permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Julian Seward, jseward@bzip.org
bzip2/libbzip2 version 1.0.6 of 6 September 2010

[cscott]

Julian Seward's license is a "BSD-like" license. It is half BSD and half zlib. It's compatible with the LGPL (Rob's chosen license) but really both licenses should appear in the distribution ("some portions are (c) Julian Seward..." with the complete Seward license).

I've emailed Rob Landley, we'll see what he feels about relicensing. If he wants to stick with the LGPL, I believe the rest of us ought to (have to) do so as well.

That said, I don't think there is really any problem using LGPL libraries from an MIT-licensed application. That's what the LGPL is for, after all.

[skeggse]

I read through the LGPL and GPL, and a couple of analyses of the former. I've come to the conclusion that @antimatter15, @cscott, and I must license our libraries under the LGPL (or GPL) unless Julian Seward (EDIT: I meant Rob Landley) gives permission to license our libraries under a different license.

The LGPL has provisions for libraries which link to LGPL libraries: "A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License." I'm going to consider an npm dependency as a form of linking, so I think decompress-tarbz2 is welcome to use any license. Anything which subsequently depends on decompress-tarbz2 can similarly use any license, provided decompress-tarbz2's license permits it - that is, libraries which depend on decompress-tarbz2 must comply with decompress-tarbz2's license, but need not comply with seek-bzip's license or micro-bunzip's license.

Similarly, I don't think any module which depends on a derivative of micro-bunzip needs to worry about the license of bzip2.

As such, I think this specific issue (issue #830) is no longer a concern, but those of us who have works derived from micro-bunzip need to choose a compatible license, barring written permission from Julian Seward (EDIT: I meant Rob Landley).

[cscott]

@skeggse Julian actually used a BSD license. It's Rob who chose LGPL, and he just wrote me in personal email that he's willing to relicense. I encouraged him to repost here (or on his website) so we have a paper trail.

[cscott]

Rob has switched to a "zero clause" BSD license. In his words:

I updated the landley.net/code page to say:

Note: Newer versions of this code are used by BusyBox and by the Linux kernel's bzip mode. Toybox also uses this code, where it's under the toybox license and has a couple of important fixes as well as refactoring to make a multi-threaded implementation easier to do.

Rob also makes clear that he is not actually using any code from Julian's implementation, so Julian's almost-BSD license shouldn't apply to our derivatives.

So I think we're back to the point where we can switch to the MIT license, although we should also probably take Rob's advice to apply his fixes!

[eddiemonge]

so complicated

[cscott]

Published a new release. seek-bzip is now MIT (and the two bugs that Rob Landley pointed out have been fixed).

@kemitchell's point about missing licenses for many of the other dependencies is still valid.

[SBoudrias]

FWIW, we'll try to implement automatic license checking for the Yeoman projects eventually yeoman/yeoman#1523

[SBoudrias]

So, are we all good now?