TL;DR the ruby gem licencee (on which GitHub depends) is not recognizing my ISC licence due to a licence-3rd-party file, but that file only has one dependency which also has an ISC license. Is there anything I can do in the license-3rd-party file to get it recognized by licensee.
I would like to add a license to an existing GitHub project, as described in this question. My project has an ISC license as described in a LICENCE.md file, and I made sure the license text is exactly as it should be.
I would like the cool license overview that you can see in other projects, such as in the idb project by Jake Archibald which I use as an optional dependency in my project:
And I would like my license type to show explicitly on the home page:
But when I add my ISC license file, I don't get the overview, and the license isn't recognized on the home page:
I've played around with naming (license, LICENSE, LICENSE.md). I've checked my package.json, it in fact has ISC license. Both are the same as the 'idb' project, except of course the author name, yet that project gets the attribution, and mine does not.
I learned that GitHub uses the ruby gem 'licencee' to pick up the license text. After quite an ordeal of installing ruby, getting past many install errors, I finally got licensee on a device. I ran it against mine and got this output:
License: NOASSERTION
Matched files: LICENSE.md, license-3rd-party, package.json
LICENSE.md:
Content hash: d168f98624be864548b2bbf4f198fdbf702d6743
Attribution: Copyright (c) 2019, Paul Wilcox <t78t78@gmail.com>
Confidence: 100.00%
Matcher: Licensee::Matchers::Exact
License: ISC
license-3rd-party:
Content hash: 13a69c2398f27e92914f6e544f7304d21adf9ae4
License: NOASSERTION
package.json:
Confidence: 90.00%
Matcher: Licensee::Matchers::NpmBower
License: ISC
Well, it seems to me that the culprit is the licence-3rd-party file. So I renamed it to xlicense-3rd-party just to see what would happen with the output:
License: ISC
Matched files: LICENSE.md, package.json
LICENSE.md:
Content hash: d168f98624be864548b2bbf4f198fdbf702d6743
Attribution: Copyright (c) 2019, Paul Wilcox <t78t78@gmail.com>
Confidence: 100.00%
Matcher: Licensee::Matchers::Exact
License: ISC
package.json:
Confidence: 90.00%
Matcher: Licensee::Matchers::NpmBower
License: ISC
Bingo! As of this writing, the overview is not yet reflecting on my GitHub project, but I believe this is a caching issue or something similar. I think it will reflect soon. But the fact that line 1 above now reflects ISC is certainly progress enough for this question.
The license-3rd-party file just reflects one dependency, the 'idb' project, which also has an ISC file:
Name: idb
Version: 2.1.3
License: ISC
Private: false
Description: IndexedDB but with promises
Repository: git://github.com/jakearchibald/indexeddb-promised.git
Homepage: https://github.com/jakearchibald/indexeddb-promised#readme
Author: Jake Archibald
License Copyright:
===
ISC License (ISC)
Copyright (c) 2016, Jake Archibald <jaffathecake@gmail.com>
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
So, now, the question:
What can I do, if anything, to change this license-3rd-party file so that licensee doesn't kill the overall finding that my project is ISC?
