Browserify depends on unlicensed code

The browserify package depends on various other packages which do not have valid licenses. This makes it hard to install browserify as in doing so you’d be making possibly illegal copies of the dependencies. Some declare that they follow the MIT license in package.json, but as they do not include a copyright notice in the NPM package it would be against the license to make a copy (such as running npm install -g browserify).

I think in most of the cases, the linked issues and pull requests can be resolved to create new releases of the dependencies so I’ve filled this bug to track in browserify. However in the case of jsonify it seems that it may not be so clear and perhaps the best course of action would be to find an alternative solution.

I’ve listed all of the dependencies that I spotted which do not have a valid license and opened issues or PRs on the respective packages:

• jsonify@0.0.0 (Public Domain) - missing full license text
  • See discussion at https://github.com/substack/jsonify/pull/7
• browserify-cipher@1.0.0 (MIT) - missing full license text
  • License added to repo in https://github.com/crypto-browserify/browserify-cipher/issues/2 but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• browserify-des@1.0.0 (MIT) - missing full license text
  • License added to repo in https://github.com/crypto-browserify/browserify-des/issues/2 but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• buffer-from@1.0.0 (MIT) - missing copyright notice, missing full license text
  • Open pull request to solve this, let’s hope the author accepts having a license file and performs a release https://github.com/LinusU/buffer-from/pull/4
• create-ecdh@4.0.0 (MIT) - missing full license text
  • License added to repo in https://github.com/crypto-browserify/createECDH/issues/10 but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• create-hash@1.1.3 (MIT) - missing copyright notice, missing full license text
  • License added to repo in but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• create-hmac@1.1.6 (MIT) - missing copyright notice, missing full license text
  • License added to repo in but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• diffie-hellman@5.0.2 (MIT) - missing full license text
  • Created a PR to add a license file https://github.com/crypto-browserify/diffie-hellman/pull/29
  • The current NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• indexof@0.0.1 (UNKNOWN) - missing copyright notice
  • Published NPM package does not contain a license
  • Master does, filed issue to make a release https://github.com/component/indexof/issues/6
• minimalistic-assert@1.0.0 (ISC) - missing copyright notice, missing full license text
  • Published NPM package does not contain a license
  • Master does, issue tracking release: https://github.com/calvinmetcalf/minimalistic-assert/issues/4
• parse-asn1@5.1.0 (ISC) - missing copyright notice, missing full license text
  • License added to repo in https://github.com/crypto-browserify/parse-asn1/pull/27 but the NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• path-parse@1.0.5 (MIT) - missing full license text
  • Published NPM package does not contain a license
  • There is open PR to add license https://github.com/jbgutierrez/path-parse/pull/2
• public-encrypt@4.0.0 (MIT) - missing copyright notice, missing full license text
  • Open PR to add license https://github.com/crypto-browserify/publicEncrypt/pull/14
  • The current NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice.
• component-indexof@0.0.3 (UNKNOWN) - missing license type, copyright notice
  • Open Issue at https://github.com/component/indexof/issues/6
  • The current NPM package does not yet contain a license file and therefore NPM release is not compliant with the license as it is a copy which does not contain the copyright notice. The repository does indeed contain the license but is unreleased.