Dependent library licenses

No video selected.
Each large business application uses a number of dependent libraries, and each of these libraries saves time and resources that may be used for other parts of the system.

WHAT ARE DEPENDENT LIBRARIES?

Software such as YetiForce uses for some business functionalities existing libraries to exploit the potential of the code that has already been created. Each existing library used in the project is called a dependent library. On the practical side, each dependent library may also require different libraries and as a result, these dependencies may cause conflicts.

HOW TO ELIMINATE DEPENDENCY CONFLICTS?

In the very early stage of the project, when we forked it and inherited all the code, we first encountered a dependency problem [i.e. there were numerous the same libraries in different versions], which made it difficult to determine how many libraries were in the system and how many of them required updating. The first step was to create a place where each library is listed [due to the different technologies used in the system, there are 3 main files]:

  • yarn.lock - lists all used JS libraries.
  • composer.lock - lists all used PHP libraries.
  • package.json - default PHP library repository

When all libraries were organized, it was necessary to update them to the latest stable version and improve the code because it was compatible only with older versions of libraries. If any library has been abandoned by a producer, then it was replaced with another library of similar functionality.

VERIFICATION OF LIBRARIES IN TERMS OF LICENSE

After updating and organizing all libraries, we also made a review of their compliance with the standards imposed on the project. It helped to displace all incompatible libraries due to:

  • No information about the copyright holder
  • No license information
  • The license was no longer developed
  • The license imposed "copyleft" or was incompatible with other libraries, e.g. libraries under the gpl/agpl/osl license.

Lista bibliotek zależnych

The up-to-date list of dependent libraries should always be available in the application, because each deployment may require adding or removing libraries. Therefore, the below list of dependent libraries is only an overview list and requires manual verification directly in the application: System configuration >  About application > Licenses.

Summary

  • Apache-2.0 - 5 libraries
  • BSD 2 i 3 - 13 libraries
  • CC-BY-4.0 - sounds set
  • ISC - 5 libraries
  • MIT - 118 libraries
  • MPL 1.1 - 1 library
  • SPL 1.1.2 - several files - library identical to MPL 1.1.
  • VPL 1.1 - several files - library identical to MPL 1.1.

List

Keep in mind that the list can be changed. Each library can be substituted or rewritten in order to change its original license.