Most of the open-source repositories in networknt GitHub organization are released under the Apache 2.0 license or MIT license except json-overlay and openapi-parser, which are released under EPL 2.0 and EPL 1.0 license.
To provide IP Infringement Indemnity to our customers, we have thoroughly reviewed licenses and update all license/copyright headers in each source file for our open-source repositories.
Here is a list of actions we have done in general.
Make sure we have a LICENSE file in each repository to state the open source license clearly.
Add NOTICE file in each repository to clearly state the license and copyright of dependencies.
Update source code to add license/copyright in the header.
For redistributed source code from the third-party open-source project, make sure that the correct license and copyright header is in each file. Correct the license based on the parent project if necessary.
Update the contribution guideline to ensure that license, copyright and author are in each source file.
Here are all the related commits in each repository for auditing purposes.
Some of the private commercial components have dependencies on proprietary libraries; however, customers who are using these commercial components already have the proper licenses. For example, we have a private project light-mq for IBM MQ integration, which depends on the MQ java client. We assume that customers who are using light-mq have the proper license from IBM.