Skip to content

Add license exception for @img/sharp-libvips-linuxmusl-* due to LGPL-3.0-or-later#33

Merged
reedloden merged 1 commit intomainfrom
ml/claude-exceptions
Jan 27, 2026
Merged

Add license exception for @img/sharp-libvips-linuxmusl-* due to LGPL-3.0-or-later#33
reedloden merged 1 commit intomainfrom
ml/claude-exceptions

Conversation

@maclockard
Copy link
Contributor

@maclockard maclockard commented Jan 22, 2026

Description

Motivated by https://github.com/hex-inc/hex/pull/38936. These dependencies are needed for claude code, a dev only dependency

Testing

@maclockard maclockard requested a review from reedloden January 22, 2026 00:00
@reedloden reedloden force-pushed the ml/claude-exceptions branch from 5389210 to 2a44ee9 Compare January 27, 2026 19:36
@maclockard maclockard force-pushed the ml/claude-exceptions branch from 2a44ee9 to 9f1c770 Compare January 27, 2026 19:36
@reedloden reedloden changed the title Add claude code exceptions Add license exception for @img/sharp-libvips-linuxmusl-* due to LGPL-3.0-or-later Jan 27, 2026
@reedloden reedloden force-pushed the ml/claude-exceptions branch from 9f1c770 to 2a44ee9 Compare January 27, 2026 19:37
@reedloden reedloden merged commit 55031a7 into main Jan 27, 2026
7 checks passed
@reedloden reedloden deleted the ml/claude-exceptions branch January 27, 2026 19:38
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

pkg:pypi/chardet
pkg:pypi/chardet,
pkg:npm/@img/sharp-libvips-linuxmusl-arm64,
pkg:npm/@img/sharp-libvips-linuxmusl-x64
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing platform variants for sharp license exceptions

Low Severity

The comment at line 83 says npm/@img/sharp* implying all sharp packages need license exceptions, but only two linuxmusl variants are added to allow-dependencies-licenses. The @img/sharp-libvips-* packages exist for multiple platforms (darwin-arm64, darwin-x64, linux-arm64, linux-x64, win32-x64, etc.) that all likely have the same LGPL-3.0-or-later license. The lancedb entry in this same file demonstrates the pattern of listing all platform variants. If the dependency review encounters non-linuxmusl variants in the lockfile, those would fail the license check.

Additional Locations (1)

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants