Skip to content

LICENSES.md

Latest commit

 

History

History
200 lines (152 loc) · 5.82 KB

LICENSES.md

File metadata and controls

200 lines (152 loc) · 5.82 KB

Open Source Licenses Report

Project: partner-alliance-suite-on-aws
Generated on: 2025-10-26
Version: 1.0.0

This document lists all dependencies used in the project with their respective licenses.

📦 Frontend (packages/frontend)

Production Dependencies

Package Version License
@aws-sdk/client-cognito-identity ^3.830.0 Apache-2.0
@aws-sdk/credential-providers ^3.830.0 Apache-2.0
@types/dompurify ^3.0.5 MIT
@types/marked ^5.0.2 MIT
axios ^1.9.0 MIT
bootstrap-icons ^1.13.1 MIT
commander ^14.0.1 MIT
docx ^9.5.1 MIT
dompurify ^3.2.6 (MPL-2.0 OR Apache-2.0)
marked ^16.1.0 MIT
oidc-client-ts ^3.2.1 Apache-2.0
svelte-i18n ^4.0.1 MIT

Total: 12 dependencies

Development Dependencies

Package Version License
@sveltejs/adapter-auto ^6.0.0 MIT
@sveltejs/adapter-static ^3.0.8 MIT
@sveltejs/kit ^2.16.0 MIT
@sveltejs/vite-plugin-svelte ^5.0.0 MIT
@tailwindcss/typography ^0.5.16 MIT
@testing-library/jest-dom ^6.1.4 MIT
@testing-library/svelte ^5.2.0-next.3 MIT
@testing-library/user-event ^14.5.1 MIT
@types/node ^24.5.2 MIT
@vitest/coverage-v8 ^1.0.4 MIT
autoprefixer ^10.4.21 MIT
cross-env ^10.1.0 MIT
daisyui ^4.12.14 MIT
glob ^11.0.3 ISC
jsdom ^23.0.1 MIT
postcss ^8.5.6 MIT
svelte ^5.0.0 MIT
svelte-check ^4.0.0 MIT
tailwindcss ^3.4.18 MIT
tsx ^4.20.5 MIT
typescript ^5.0.0 Apache-2.0
vite ^6.2.6 MIT
vite-plugin-devtools-json ^0.2.0 MIT
vitest ^1.0.4 MIT

Total: 24 development dependencies

🏗️ Backend / CDK (packages/cdk)

Production Dependencies

Package Version License
@aws-sdk/client-bedrock ^3.865.0 Apache-2.0
@aws-sdk/client-bedrock-runtime ^3.363.0 Apache-2.0
@aws-sdk/client-cloudformation ^3.363.0 Apache-2.0
@aws-sdk/client-cloudfront ^3.363.0 Apache-2.0
@aws-sdk/client-cognito-identity ^3.830.0 Apache-2.0
@aws-sdk/client-cognito-identity-provider ^3.363.0 Apache-2.0
@aws-sdk/client-dynamodb ^3.363.0 Apache-2.0
@aws-sdk/client-sts ^3.363.0 Apache-2.0
@aws-sdk/credential-providers ^3.830.0 Apache-2.0
@aws-sdk/lib-dynamodb ^3.363.0 Apache-2.0
aws-cdk-lib ^2.211.0 Apache-2.0
axios ^1.4.0 MIT
constructs ^10.0.0 Apache-2.0
jszip ^3.10.1 (MIT OR GPL-3.0-or-later)
uuid ^9.0.1 MIT

Total: 15 dependencies

Development Dependencies

Package Version License
@types/aws-lambda ^8.10.149 MIT
@types/node ^18.14.6 MIT
@types/uuid ^9.0.8 MIT
@vitest/coverage-v8 ^2.1.8 MIT
@vitest/ui ^2.1.8 MIT
aws-cdk ^2.1025.0 Apache-2.0
aws-sdk-client-mock ^4.1.0 MIT
cross-env ^7.0.3 MIT
dotenv-cli ^10.0.0 MIT
esbuild ^0.25.9 MIT
glob ^11.0.3 ISC
ts-node ^10.9.1 MIT
typescript ~4.9.5 Apache-2.0
vitest ^2.1.8 MIT

Total: 14 development dependencies

📊 License Summary

Distribution by License Type

License Number of Packages Percentage
MIT 43 66.2%
Apache-2.0 18 27.7%
ISC 2 3.1%
(MPL-2.0 OR Apache-2.0) 1 1.5%
(MIT OR GPL-3.0-or-later) 1 1.5%

Total: 65 unique packages

Permissive Licenses

All licenses used in this project are permissive open source licenses:

  • MIT License: Very permissive license allowing commercial use without restrictions
  • Apache-2.0: Permissive license with explicit patent protection
  • ISC: Similar to MIT, very permissive
  • MPL-2.0: Mozilla Public License, weak copyleft license
  • GPL-3.0: Strong copyleft license (used as alternative with MIT for jszip)

Packages with Multiple Licenses

Some packages offer a choice between multiple licenses:

  1. dompurify: MPL-2.0 OR Apache-2.0

    • You can choose to use either MPL-2.0 or Apache-2.0

  2. jszip: MIT OR GPL-3.0-or-later

    • You can choose to use either MIT or GPL-3.0

⚖️ Legal Compliance

Main Obligations

MIT and ISC Licenses

  • Attribution required (preserve copyright notices)
  • No restrictions on commercial use
  • No obligation to share modifications

Apache-2.0 License

  • Attribution required
  • Preserve copyright and license notices
  • Indicate modifications made
  • Explicit protection against patent claims

MPL-2.0 License

  • Share modifications to MPL-2.0 files
  • Can be combined with proprietary code
  • Attribution required

Recommendations

  1. Preserve LICENSE files: All LICENSE files from dependencies must be preserved
  2. Attribution: Include copyright notices in documentation
  3. Modifications: Document any modifications made to Apache-2.0 packages
  4. Distribution: When distributing, include this license report

🔄 Update

To regenerate this report after modifying dependencies:

npm run licenses:generate

This script automatically analyzes package.json files and queries the npm registry to get up-to-date license information.

📝 Important Notes

  1. Regular verification: This report should be updated with each dependency addition or update
  2. Security audit: Regularly run npm audit to detect vulnerabilities
  3. Transitive licenses: This report only covers direct dependencies. Transitive dependencies may have other licenses
  4. Compliance: Consult a legal advisor for any specific questions about license compliance

Automatically generated on: 2025-10-26
Tool: scripts/generate-licenses-report.mjs
Project version: 1.0.0