OSS Attribution
Version 6 · effective 5/18/2026
Open-Source Attribution — attestly
Generated 2024-07-30T12:00:00Z · 19 packages
Source repository: Artificial425/attestly
The product utilizes 19 open-source packages. The majority (11) are under permissive licenses such as 0BSD, BSD-2-Clause, MIT, Apache-2.0, BSD-3-Clause, ISC, MPL-2.0, BlueOak-1.0.0, Python-2.0, Unlicense, and CC0-1.0. However, 3 packages are under weak copyleft licenses (LGPL-3.0-or-later, Apache-2.0 AND LGPL-3.0-or-later AND MIT, Apache-2.0 AND LGPL-3.0-or-later) and 5 packages have proprietary or unknown licenses (MIT-0, (Apache-2.0 AND BSD-3-Clause), CC-BY-4.0, (MIT AND Zlib), UNKNOWN), which may introduce compliance risks for a closed-source SaaS.
License breakdown
| License | Tier | Count |
|---|---|---|
| MIT-0 | Proprietary / unknown | 1 |
| 0BSD | Permissive | 1 |
| BSD-2-Clause | Permissive | 1 |
| MIT | Permissive | 1 |
| (Apache-2.0 AND BSD-3-Clause) | Proprietary / unknown | 1 |
| Apache-2.0 | Permissive | 1 |
| BSD-3-Clause | Permissive | 1 |
| LGPL-3.0-or-later | Weak copyleft | 1 |
| Apache-2.0 AND LGPL-3.0-or-later AND MIT | Weak copyleft | 1 |
| Apache-2.0 AND LGPL-3.0-or-later | Weak copyleft | 1 |
| ISC | Permissive | 1 |
| MPL-2.0 | Permissive | 1 |
| BlueOak-1.0.0 | Permissive | 1 |
| Python-2.0 | Permissive | 1 |
| CC-BY-4.0 | Proprietary / unknown | 1 |
| Unlicense | Permissive | 1 |
| CC0-1.0 | Permissive | 1 |
| (MIT AND Zlib) | Proprietary / unknown | 1 |
| UNKNOWN | Proprietary / unknown | 1 |
Packages requiring legal review
The following packages carry copyleft, network-copyleft, or unknown-license terms. Confirm with counsel that your distribution model is compatible with each obligation before shipping.
| Package | License | Tier | Notes |
|---|---|---|---|
postal-mime | MIT-0 | Proprietary / unknown | The MIT-0 license is a permissive license but its specific terms should be reviewed to ensure compatibility with closed-source SaaS distribution models, as it may have unique conditions. |
@bufbuild/protobuf | (Apache-2.0 AND BSD-3-Clause) | Proprietary / unknown | This package combines Apache-2.0 and BSD-3-Clause licenses. While both are generally permissive, the combination should be reviewed to ensure no conflicting obligations arise for a closed-source SaaS. |
@img/sharp-libvips-darwin-arm64 | LGPL-3.0-or-later | Weak copyleft | The LGPL-3.0-or-later license requires that if the linked library is modified and distributed, the modifications must be made available under the LGPL. For SaaS, this typically means making modifications available if the library is distributed to users or if the SaaS itself is considered a distribution. |
@img/sharp-wasm32 | Apache-2.0 AND LGPL-3.0-or-later AND MIT | Weak copyleft | This package combines Apache-2.0, LGPL-3.0-or-later, and MIT licenses. The LGPL-3.0-or-later component requires that if the linked library is modified and distributed, the modifications must be made available under the LGPL. For SaaS, this typically means making modifications available if the library is distributed to users or if the SaaS itself is considered a distribution. |
@img/sharp-win32-arm64 | Apache-2.0 AND LGPL-3.0-or-later | Weak copyleft | This package combines Apache-2.0 and LGPL-3.0-or-later licenses. The LGPL-3.0-or-later component requires that if the linked library is modified and distributed, the modifications must be made available under the LGPL. For SaaS, this typically means making modifications available if the library is distributed to users or if the SaaS itself is considered a distribution. |
caniuse-lite | CC-BY-4.0 | Proprietary / unknown | The CC-BY-4.0 license is a Creative Commons Attribution license, primarily intended for creative works and data. Its application to software components requires careful review to ensure compliance with attribution requirements and to avoid unintended implications for a closed-source SaaS. |
pako | (MIT AND Zlib) | Proprietary / unknown | This package combines MIT and Zlib licenses. While both are generally permissive, the combination should be reviewed to ensure no conflicting obligations arise for a closed-source SaaS. |
png-js | UNKNOWN | Proprietary / unknown | This package has an UNKNOWN license. Using software with an unknown license poses significant legal and compliance risks, as the terms of use, distribution, and modification are undefined. |
Full inventory
| Package | Version | License | Tier |
|---|---|---|---|
postal-mime | 2.7.4 | MIT-0 | Proprietary / unknown |
tslib | 2.8.1 | 0BSD | Permissive |
damerau-levenshtein | 1.0.8 | BSD-2-Clause | Permissive |
@alloc/quick-lru | 5.2.0 | MIT | Permissive |
@bufbuild/protobuf | 2.12.0 | (Apache-2.0 AND BSD-3-Clause) | Proprietary / unknown |
@drizzle-team/brocli | 0.10.2 | Apache-2.0 | Permissive |
protobufjs | 7.5.6 | BSD-3-Clause | Permissive |
@img/sharp-libvips-darwin-arm64 | 1.2.4 | LGPL-3.0-or-later | Weak copyleft |
@img/sharp-wasm32 | 0.34.5 | Apache-2.0 AND LGPL-3.0-or-later AND MIT | Weak copyleft |
@img/sharp-win32-arm64 | 0.34.5 | Apache-2.0 AND LGPL-3.0-or-later | Weak copyleft |
@isaacs/fs-minipass | 4.0.1 | ISC | Permissive |
@resvg/resvg-js | 2.6.2 | MPL-2.0 | Permissive |
minimatch | 10.2.5 | BlueOak-1.0.0 | Permissive |
argparse | 2.0.1 | Python-2.0 | Permissive |
caniuse-lite | 1.0.30001792 | CC-BY-4.0 | Proprietary / unknown |
fast-sha256 | 1.3.0 | Unlicense | Permissive |
language-subtag-registry | 0.3.23 | CC0-1.0 | Permissive |
pako | 1.0.11 | (MIT AND Zlib) | Proprietary / unknown |
png-js | 1.1.0 | UNKNOWN | Proprietary / unknown |