i have a question regarding the open source license compliance (in commercial software).
How do you handle it?
For homogenous npm projects there are solutions.
I have tried https://fossa.io and https://whitesourcesoftware.com
Both found a lot of npm dependencies, over 300 libraries with licenses in their package.json
But they also struggle with the meteor oecosystem.
This is in the source directory the .meteor/versions file.
For me the meteor is only the development platform and at the moment of build, the outcome should be a regular nodejs compatible file which can be deployed on any nodejs server.
Please correct me if i am wrong or if there are details i missed.
If i then search for jquery there is not any file/directory with this name in the build directory.
How does the nodejs server know that jquery is needed and where is it loaded from.
Can anyone help me to understand the mechanic?
Back to the initial question, how do you handle this?
Have you found other automatic workflows to generate an overview of used liceneses?
How do you create a list of all used libraries, which i think have to be published somewhere in the product?
Side-question: Do you take care about deep-dependencies or is a top-level MIT license, like meteor has, good enough?
I would appreciate any kind of feedback / discussion.
Thank you very much for your help