Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

potential copyright issue from transitive dependency "wordwrap" #11536

Closed
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion blocked This change can't be completed until another issue is resolved evaluating The team will evaluate this issue to decide whether it meets the criteria for inclusion infrastructure Relates to the tools used in the ESLint development process

Comments

@beiwei30
Copy link

wordwrap publishes its test directory in which a text file 'idleness.txt' is included. This may introduce potential copyright issue.

see more from https://github.com/substack/node-wordwrap/issues/21

@beiwei30 beiwei30 added bug ESLint is working incorrectly triage An ESLint team member will look at this issue soon labels Mar 21, 2019
@aladdin-add aladdin-add added infrastructure Relates to the tools used in the ESLint development process evaluating The team will evaluate this issue to decide whether it meets the criteria for inclusion and removed bug ESLint is working incorrectly triage An ESLint team member will look at this issue soon labels Mar 22, 2019
@aladdin-add
Copy link
Member

hi, thanks for creating the issue!
is wordwrap eslint's dependency(I'm not seeing it in package.json)?

@beiwei30
Copy link
Author

here's the dependency tree:

├─┬ eslint@3.19.0
│ └─┬ optionator@0.8.2
│   └── wordwrap@1.0.0

@nzakas nzakas added the blocked This change can't be completed until another issue is resolved label Mar 26, 2019
@nzakas
Copy link
Member

nzakas commented Mar 27, 2019

I’ve contacted the Open JS Foundation to get some insights into whether or not there is a copyright issue here. Thanks for the report, I will update when I hear back.

@nzakas
Copy link
Member

nzakas commented Mar 28, 2019

Given that this has been an issue for four years, there's probably not a huge urgency here. However, we should work with Optionator to see if it would be possible to switch to another dependency.

Related issue: gkz/optionator#31

@ilyavolodin
Copy link
Member

Unfortunately, it seems like optionator is dead at this point. I filed an issue with them a few month back, and never seen any response to it.

@kaicataldo
Copy link
Member

Do we want to be looking for alternatives to optionator?

@ilyavolodin
Copy link
Member

I looked at some of the available packages that deal in the same space, but most of them are very free formed. As in, they will parse whatever is given to them, not enforce specific constrains in terms of type and number of value.

@gkz
Copy link
Contributor

gkz commented Aug 15, 2019

I can look into fixing this guys, for optionator

@gkz
Copy link
Contributor

gkz commented Aug 15, 2019

Feel free to email me at the email in my profile if you have such issues in the future

@kaicataldo
Copy link
Member

@gkz Thank you!

@gkz
Copy link
Contributor

gkz commented Aug 15, 2019

Do you guys have a suggestion for an alternative to using wordwrap? It seems unlikely to be updated

@kaicataldo
Copy link
Member

I'm seeing a number of packages that look similar to wordwrap on npm, though I don't have experience with any of them. Since the project is MIT licensed, another option could potentially be to copy the code (since it's a pretty small module) and its tests into optionator and, if the author of wordwrap ever updates it, switch back.

@kaicataldo
Copy link
Member

Friendly ping - is this still an issue?

@nzakas
Copy link
Member

nzakas commented Oct 22, 2019

@gkz have you been able to replace wordwrap in optionator?

@gkz
Copy link
Contributor

gkz commented Nov 6, 2019

I've updated the dependency to word-wrap instead of wordwrap. Let me look into upgrading other dependencies and then I'll release a new version.

gkz/optionator@bf4b1da

@gkz
Copy link
Contributor

gkz commented Nov 6, 2019

I published Optionator 0.8.3 with this change, let me know if there are any issues.

@kaicataldo
Copy link
Member

Thanks for the update!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.