Skip to main content

Special License Notes

This document details special considerations and compliance notes for specific licenses used in the UIP - Urban Intelligence Platform.

1. Hippocratic License 2.1 (REMOVED - December 2025)​

Migration Complete

The react-leaflet packages (Hippocratic-2.1) have been replaced with MIT-compatible alternatives:

Old PackageNew PackageLicense
react-leafletreact-map-glMIT
@react-leaflet/coremaplibre-glBSD-3-Clause
leaflet.heatNative MapLibre heatmapBSD-3-Clause
react-leaflet-clusterNative MapLibre clusteringBSD-3-Clause

Result: 100% MIT-compatible frontend licensing achieved.

2. Eclipse Public License (EPL-1.0) / Eclipse Distribution License (EDL-1.0) (REMOVED - December 2025)​

Packages Affected REMOVED​

PackageVersionStatus
jsts2.7.1REMOVED
@turf/jsts2.7.2REMOVED
Migration Complete

These packages have been removed from the project to achieve 100% MIT-compatible licensing.

Replacement: Native MapLibre GL JS features and MIT-licensed @turf/turf functions.

Result: No EPL/EDL dependencies remain in the project.

3. Mozilla Public License 2.0 (MPL-2.0)​

Packages Affected​

PackageVersionUsage
tqdm4.67.1Progress bars (dual-licensed)
certifi2025.11.12CA certificates
pathspec0.12.1Path matching

License Selection​

tqdm: MPL-2.0 / MIT ← Selected

Note (2025-12): pyphen has been removed from the project (was GPL/LGPL dependency of weasyprint).

Compliance​

This project uses the MIT or MPL-1.1 license option where available,
avoiding any copyleft obligations.

4. Development-Only Tools (All MIT)​

Current Development Stack​

PackageVersionLicenseUsage
ruff0.1+MITLinting & import sorting
black23.11+MITCode formatting
mypy1.7+MITType checking
pytest7.4+MITTesting framework

Note (2025-12): Previously used GPL tools (pylint, astroid) have been replaced with MIT-licensed ruff.

Compliance Status​

flowchart LR
    A[Development] -->|Uses| B[ruff - MIT]
    C[Production] -->|Uses| D[MIT-only code]

5. LGPL Packages (Library Linking)​

Packages Affected​

PackageVersionLicenseCompliance
psycopg2-binary2.9.10LGPL-3.0βœ… Dynamic linking

LGPL Compliance​

LGPL allows proprietary applications to link to LGPL libraries without copyleft obligations, provided:

  1. The LGPL library is linked dynamically (βœ… pip install)
  2. Users can replace the LGPL library (βœ… standard pip)
  3. License and source availability is communicated (βœ… this document)

6. Creative Commons Licenses​

CC-BY-3.0 / CC-BY-4.0​

PackageLicenseAttribution
caniuse-liteCC-BY-4.0Data from caniuse.com
spdx-license-idsCC0-1.0SPDX data

Attribution Requirement​

Browser compatibility data from caniuse.com (https://caniuse.com)
Licensed under CC-BY-4.0

7. Python Software Foundation License​

Packages Affected​

PackageVersionLicense
typing-extensions4.xPSF-2.0
python-dateutil2.xApache-2.0/PSF

Compliance​

PSF-2.0 is a permissive license similar to BSD, fully MIT-compatible.

License Compliance Checklist​

Before Each Release​

  • Run pip-licenses --fail-on="GPL;AGPL"
  • Run npx license-checker --failOn "GPL;LGPL;AGPL"
  • Verify dev-only packages excluded from production
  • Update THIRD_PARTY_LICENSES.md if dependencies changed
  • Verify SPDX headers in all source files

Automated Verification​

# .github/workflows/license-check.yml
name: License Check
on: [push, pull_request]
jobs:
  python:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install pip-licenses
      - run: pip-licenses --fail-on="GPL;AGPL"
  
  npm:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npx license-checker --production --failOn "GPL;LGPL;AGPL"

Contact for License Questions​

For questions about licensing or third-party dependencies:

External References​