The license field of package.json is MIT, but Apache-2.0 is defined in the LICENSE file.
Now this usually wouldn't matter, since the licenses are similar (for the most part). But tools like pnpm-licenses partially misinterpret the license to be MIT.
I don't know how much of a legal issue this is, since I've found packages like through that use both. But it just seems like sloppy to me.
Example:
- Create a new npm project
- Install pnpm
- Run
pnpm i @pkgjs/parseargs
- Run
npx pnpm-licenses list -o ./licenses.json
- View the
licenses.json file.
Result:
[
{
"name": "@pkgjs/parseargs",
"license": "MIT", // Incorrect
"author": "",
"homepage": "https://github.com/pkgjs/parseargs#readme",
"description": "Polyfill of future proposal for `util.parseArgs()`",
"version": "0.11.0",
"licenseText": "Apache License\n Version 2.0, January 2004... You get the idea" // Correct
}
]
The license field of
package.jsonisMIT, butApache-2.0is defined in theLICENSEfile.Now this usually wouldn't matter, since the licenses are similar (for the most part). But tools like pnpm-licenses partially misinterpret the license to be MIT.
I don't know how much of a legal issue this is, since I've found packages like through that use both. But it just seems like sloppy to me.
Example:
pnpm i @pkgjs/parseargsnpx pnpm-licenses list -o ./licenses.jsonlicenses.jsonfile.Result:
[ { "name": "@pkgjs/parseargs", "license": "MIT", // Incorrect "author": "", "homepage": "https://github.com/pkgjs/parseargs#readme", "description": "Polyfill of future proposal for `util.parseArgs()`", "version": "0.11.0", "licenseText": "Apache License\n Version 2.0, January 2004... You get the idea" // Correct } ]