Skip to main content

License information

Understanding how dependencies are licensed is crucial, especially in commercial applications, because the license defines usage, modification, and sharing rights.

How Trusty reports license information

Trusty identifies license information from the package registry and the source code repository to surface all claims a package makes about its licensing. Along with a link to the full license text, Trusty reports the Blue Oak Council rating of the license and whether it is approved by the Open Source Initiative (OSI).

The Blue Oak Council is a non-profit organization that publishes software licensing information and guidance. A license is rated Gold, Silver, Bronze, or Lead according to the council's judgment of its permissiveness and legal rigor.

OSI-approved licenses comply with the Open Source Definition – in brief, they allow software to be freely used, modified, and shared.

In cases where the license information from the package registry and the source code repository are different, both licenses are listed. Trusty indicates the source of each identified license.

Multi-licensed packages

Some projects explicitly allow consumers to choose from more than one license. Such cases are represented using an OR operator, like "MIT License OR Apache License 2.0". In other situations, multiple licenses apply simultaneously to a package. These are represented using an AND operator, like "MIT License AND Apache License 2.0".