No License Found
Severity
Low
Short Description
(Experimental) License information could not be found.
Packages
View packages with this alert.Suggestion
Manually review the licensing
Information
Unlike packages that are explicitly designated as "unlicensed" in pacakge.json, these are packages where there is zero licensing information found. For most intents and purposes, these packages carry the same risks.
This absence of a license creates legal uncertainty, as users may not have the right to use, modify, or distribute the software.
Without an explicit license, the package may be subject to copyright restrictions, and developers who use it could face potential legal risks.
One of the reasons this is a high severity alert is that it could expose your organization to legal threats, lawsuits, and severe compliance violations.
Here are some scenarios where it could be particularly problematic:
- Commercial Projects: Using an unlicensed package in a commercial product could expose your company to lawsuits or demands for license fees.
- Open Source Projects: Including unlicensed code in your open-source project could violate licensing guidelines and jeopardize your project's legal standing.
- Compliance Issues: Organizations that need to comply with strict software licensing policies may face significant challenges if they unknowingly use unlicensed code.
In all these scenarios, the absence of a license can lead to unexpected liabilities, making it crucial to either obtain proper licensing or avoid using such packages altogether.
Recommended actions
It's essential to verify the licensing status of such packages and, if necessary, seek alternatives with clear and permissive licensing to avoid potential issues.
Examples
Here's an example of how this alert appears on a package. It often comes in conjunction with other supply chain risks, as no license is a significant oversight for a package published to a public registry.
Detection Method
Packages with no license found are those where Socket cannot detect cannot detect any license information in the package files, including common license files or references in the metadata, making it unclear if the software is legally safe to use.
Additional resources
- Open Source Initiative - Licensing FAQ
- This FAQ provides an overview of open-source licensing, the importance of proper licenses, and the legal risks of using unlicensed software.
- Software Freedom Law Center - Legal Issues in Open Source
- A comprehensive guide on the legal issues surrounding open-source software, including the risks of using unlicensed code.
- Choose a License - No License
- This page explains the implications of using software without a license and the legal uncertainties it introduces.
- GitHub Docs - Open Source Licensing
- A guide on how to choose a license for your GitHub repository and why it's critical to have one.