Tom Morris on Nostr: Fun discovery today. Imagine an NPM package where the package.json says it is ...
Fun discovery today. Imagine an NPM package where the package.json says it is licensed under MIT, but the LICENSE file contains a completely different license like GPL.
GitHub pulls the data from the LICENSE file and says it is GPL, NPM pulls from package.json and says it is MIT.
Published at
2023-11-24 13:00:36Event JSON
{
"id": "c235da689802266f22efe607230b0525f6f064601d16cc6f3f2b370bd40ab8d8",
"pubkey": "3fb03273ccfb93b475b4da1adbc77095e599011eb4cd3d3eb32200cd3ea04668",
"created_at": 1700830836,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/tommorris/statuses/111465649730049046",
"activitypub"
]
],
"content": "Fun discovery today. Imagine an NPM package where the package.json says it is licensed under MIT, but the LICENSE file contains a completely different license like GPL.\n\nGitHub pulls the data from the LICENSE file and says it is GPL, NPM pulls from package.json and says it is MIT.",
"sig": "9ee371837d6801b9f8ea5bffe0fe73bd74c58abb4a5a299df9a5fd3c81918fbfd1a86d3e23f433df5c329900d951987438c9b687aeddc378a0df3fd46daef12f"
}
