First, I am relatively new to Meteor but so far I am really loving it.
I think the community packages are adding huge value every day.
I am however, finding one downside, which is the number of packages without licenses and the inability to check quickly what the license of a packages required packages is. This is really problematic for any commercial product that needs to the know the license of packages it is using.
I think there should be some type of enforcement policy in which people have to add a license file before publishing to atmosphere, if not then it should be assumed MIT or another relative license.
There’s a link to Github in Atmosphere. License files are usually there.
I do think there should be a default in Meteor license agreement that any package submitted or used is without warranty/liability unless otherwise stated.
@davidjaenisch You are correct about the link, however, a large number of these packages still lack licenses inside the github repository. Some of these are very popular packages as well.
Boosting this back up as I honestly believe this is a serious issue with packages that needs to be solved. I still think the best way would for it to work like codepen, whereas unless stated otherwise all packages on Atmosphere should be released under the MIT license.
If you want to use a package that has no license, just open an issue for it in the GitHub repository and suggest MIT as choice. If the package author doesn’t respond, you shouldn’t use the package anyway.
That is what I currently do.
IMO the packages available through the community are one of Meteors biggest strong points, but, for it to work the way it is meant to work there needs to be some kind of minimum standards enforced. If this doesn’t happen it will eventually become cluttered with packages that can’t/shouldn’t be used making it less valuable in the long run.