You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Audit whether third-party licenses and existing REUSE/SPDX metadata are correctly represented in this repository.
This is deliberately separate from the SecPal attribution-terms issue. The attribution issue should only add LicenseRef-SecPal-Attribution to AGPL-covered SecPal-owned code/assets; this issue should verify that existing third-party and non-AGPL licensing is correct.
Scope
Review npm/package dependencies and their licenses.
Review Android/Gradle dependencies and their licenses.
Verify whether dependency licenses require attribution, notice files, bundled license texts, source offer handling, or other distribution obligations.
Verify whether project files currently marked CC0-1.0, MIT, Apache-2.0, AGPL-3.0-or-later, generated, Android wrapper/Gradle-specific, or custom LicenseRef-* entries are correctly classified.
Verify that Android resources/assets and generated Capacitor files have appropriate licensing metadata.
Verify that no third-party copyright notice has been replaced with SecPal Contributors.
Verify whether LICENSES/ contains all required license texts for REUSE compliance.
Run reuse lint after any metadata changes.
Important distinction
Do not use this audit to relicense third-party code or dependency code.
Implementation rule:
Third-party code/notices remain under their original licenses.
Goal
Audit whether third-party licenses and existing REUSE/SPDX metadata are correctly represented in this repository.
This is deliberately separate from the SecPal attribution-terms issue. The attribution issue should only add
LicenseRef-SecPal-Attributionto AGPL-covered SecPal-owned code/assets; this issue should verify that existing third-party and non-AGPL licensing is correct.Scope
CC0-1.0,MIT,Apache-2.0,AGPL-3.0-or-later, generated, Android wrapper/Gradle-specific, or customLicenseRef-*entries are correctly classified.SecPal Contributors.LICENSES/contains all required license texts for REUSE compliance.reuse lintafter any metadata changes.Important distinction
Do not use this audit to relicense third-party code or dependency code.
Implementation rule:
Suggested checks
REUSE.tomlannotations and per-file SPDX headers.LICENSES/contents against all SPDX identifiers andLicenseRef-*identifiers used in the repo.Acceptance criteria
LICENSES/.reuse lintpasses after changes.