OSS Attribution

Everybody’s favorite topic: legal requirements!
So if I use frontend PureScript code in a SaaS offering (and distribute the compiled, bundled, minified version), what are the requirements for attribution of any referenced PureScript libraries on my site? So for example, Prelude says it uses the BSD-3-Clause license. Would I need a page that would list purescript-prelude as a dependency of my project with the version number and a copy of the license agreement?
Are there any tools that help with collecting attribution information? (I don’t even have a package-lock.json for PureScript code because it just uses a package set…).
Thanks!

3 Likes

Disclaimer: I am not a lawyer.

There’s a section in the Spago README about how to fetch all the licenses of PureScript dependencies: https://github.com/purescript/spago/blob/master/README.md#get-all-the-licenses-of-my-dependencies.

As for your first question, I’m not entirely sure what the requirements are. However, I am certain that you need to attribute any dependencies (direct and transitive) bundled into the code. So yes, you need to list purescript-prelude as a dependency. This is assuming that the dependency uses a license that requires attribution such as the MIT license, BSD 3-Clause license, or the Apache license.

3 Likes

I totally missed that. Thank you for pointing that out to me!

1 Like