Open-source doesn't necessarily mean it's free to use in all cases. Do you read licenses?
Do you read the license of an open-source package you're using?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
In the 8 years I've been developing alongside an OSS package ecosystem, I have never once reviewed a license before implementing it in production. As far as I can tell, companies only address this if they have a target on their back, or they're engaged in a compliance audit that covers the topic.
I acknowledge that mindset could set the org up for headaches in the future, but those are tomorrow's theoretical headaches, we'll tackle them and formalize a compliance process should the need arise.