Explicitly Unlicensed Item
Severity
High
Short Description
(Experimental) Something was found which is explicitly marked as unlicensed.
Packages
View packages with this alert.Suggestion
Manually review your policy on such materials
Information
The "Explicitly Unlicensed Item" alert on Socket is triggered when a package is missing a proper open-source license. This absence creates legal uncertainty, as users may not have the right to use, modify, or distribute the software.
Without an explicit license, the package may be subject to copyright restrictions, and developers who use it could face potential legal risks.
One of the reasons this is a high severity alert is that it could expose your organization to legal threats, lawsuits, and severe compliance violations.
Here are some scenarios where it could be particularly problematic:
- Commercial Projects: Using an unlicensed package in a commercial product could expose your company to lawsuits or demands for license fees.
- Open Source Projects: Including unlicensed code in your open-source project could violate licensing guidelines and jeopardize your project's legal standing.
- Compliance Issues: Organizations that need to comply with strict software licensing policies may face significant challenges if they unknowingly use unlicensed code.
In all these scenarios, the absence of a license can lead to unexpected liabilities, making it crucial to either obtain proper licensing or avoid using such packages altogether.
Recommended actions
It's essential to verify the licensing status of such packages and, if necessary, seek alternatives with clear and permissive licensing to avoid potential issues.
Examples
Here is an example of a package with this alert.
Clicking through on the alert will show the location of the instance that is flagged. It links to the package.json file.
Detection Method
This alert is present when a package specifies explicitly in package.json that it is unlicensed:
"license":"UNLICENSED",
Additional resources
- Open Source Initiative - Licensing FAQ
- This FAQ provides an overview of open-source licensing, the importance of proper licenses, and the legal risks of using unlicensed software.
- Software Freedom Law Center - Legal Issues in Open Source
- A comprehensive guide on the legal issues surrounding open-source software, including the risks of using unlicensed code.
- Choose a License - No License
- This page explains the implications of using software without a license and the legal uncertainties it introduces.
- GitHub Docs - Open Source Licensing
- A guide on how to choose a license for your GitHub repository and why it's critical to have one.