Open source is fantastic, you don't need me to tell you about it! However, consuming (and sometimes redistributing) open source is not always a very trivial matter. Especially when we start having to comply with license obligations, like providing license files, attributing people, and so on.

To deal with potential legal issues, we'll set up checks to allow only permissive, good, and well-established open-source licenses to be used in our own software.

🎯 Example: In package.json we have two scripts that run as part of the pre-commit hook and in CI:

"licenses": "npx license-compliance --direct --allow 'MIT;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0;Unlicense;CC0-1.0'",
"licenses:checker": "npx license-compatibility-checker",

These verify that we only use a set of allowed open-source licenses, using license-compliance, and can also use license-compatibility-checker to check for compatibility between our license and our used ones.

Because we are doing server-side applications (i.e. a backend or API), we are not redistributing any code, making our obligations easier to handle and less messy. Webpack will bundle all licenses as well, so we should be all set.