Chuyển tới nội dung chính

Special License Notes

This document details special considerations and compliance notes for specific licenses used in the UIP - Urban Intelligence Platform.

1. Hippocratic License 2.1 (REMOVED - December 2025)

Migration Complete

The react-leaflet packages (Hippocratic-2.1) have been replaced with MIT-compatible alternatives:

Old PackageNew PackageLicense
react-leafletreact-map-glMIT
@react-leaflet/coremaplibre-glBSD-3-Clause
leaflet.heatNative MapLibre heatmapBSD-3-Clause
react-leaflet-clusterNative MapLibre clusteringBSD-3-Clause

Result: 100% MIT-compatible frontend licensing achieved.

2. Eclipse Public License (EPL-1.0) / Eclipse Distribution License (EDL-1.0) (REMOVED - December 2025)

Packages Affected REMOVED

PackageVersionStatus
jsts2.7.1REMOVED
@turf/jsts2.7.2REMOVED
Migration Complete

These packages have been removed from the project to achieve 100% MIT-compatible licensing.

Replacement: Native MapLibre GL JS features and MIT-licensed @turf/turf functions.

Result: No EPL/EDL dependencies remain in the project.

3. Mozilla Public License 2.0 (MPL-2.0)

Packages Affected

PackageVersionUsage
tqdm4.67.1Progress bars (dual-licensed)
certifi2025.11.12CA certificates
pathspec0.12.1Path matching

License Selection

tqdm: MPL-2.0 / MIT ← Selected

Note (2025-12): pyphen has been removed from the project (was GPL/LGPL dependency of weasyprint).

Compliance

This project uses the MIT or MPL-1.1 license option where available,
avoiding any copyleft obligations.

4. Development-Only Tools (All MIT)

Current Development Stack

PackageVersionLicenseUsage
ruff0.1+MITLinting & import sorting
black23.11+MITCode formatting
mypy1.7+MITType checking
pytest7.4+MITTesting framework

Note (2025-12): Previously used GPL tools (pylint, astroid) have been replaced with MIT-licensed ruff.

Compliance Status

flowchart LR
    A[Development] -->|Uses| B[ruff - MIT]
    C[Production] -->|Uses| D[MIT-only code]

5. LGPL Packages (Library Linking)

Packages Affected

PackageVersionLicenseCompliance
psycopg2-binary2.9.10LGPL-3.0✅ Dynamic linking

LGPL Compliance

LGPL allows proprietary applications to link to LGPL libraries without copyleft obligations, provided:

  1. The LGPL library is linked dynamically (✅ pip install)
  2. Users can replace the LGPL library (✅ standard pip)
  3. License and source availability is communicated (✅ this document)

6. Creative Commons Licenses

CC-BY-3.0 / CC-BY-4.0

PackageLicenseAttribution
caniuse-liteCC-BY-4.0Data from caniuse.com
spdx-license-idsCC0-1.0SPDX data

Attribution Requirement

Browser compatibility data from caniuse.com (https://caniuse.com)
Licensed under CC-BY-4.0

7. Python Software Foundation License

Packages Affected

PackageVersionLicense
typing-extensions4.xPSF-2.0
python-dateutil2.xApache-2.0/PSF

Compliance

PSF-2.0 is a permissive license similar to BSD, fully MIT-compatible.

License Compliance Checklist

Before Each Release

  • Run pip-licenses --fail-on="GPL;AGPL"
  • Run npx license-checker --failOn "GPL;LGPL;AGPL"
  • Verify dev-only packages excluded from production
  • Update THIRD_PARTY_LICENSES.md if dependencies changed
  • Verify SPDX headers in all source files

Automated Verification

# .github/workflows/license-check.yml
name: License Check
on: [push, pull_request]
jobs:
  python:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install pip-licenses
      - run: pip-licenses --fail-on="GPL;AGPL"
  
  npm:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npx license-checker --production --failOn "GPL;LGPL;AGPL"

Contact for License Questions

For questions about licensing or third-party dependencies:

External References