The license risk hiding in your dependency tree
Most teams never check the license of every package they depend on, including the indirect ones pulled in underneath. That is a real risk. Some licenses, like GPL or AGPL, can legally require you to open-source your own product if you use them a certain way. I built Open License Auditor to catch this automatically. It is a GitHub Action that maps every dependency in your repo, direct and indirect,... [read more]


