Reviews for node-moo
All reviews for this package from team members (across all versions).
| Reviewer | Version | Allocated | Started | Status | Completed | Comment | |
|---|---|---|---|---|---|---|---|
| siretart | 0.5.2-1 | 16 hours ago | 16 hours ago | rejected | 1 hour ago | Thanks for your work on this package. I've identified several policy compliance issues that should be addressed before the package is uploaded to the archive. Missing documentation: test/kurt-tokens.txt is a large (11k+ lines) test oracle file that contains a tokenized LGPL-3.0+ copyright and license header (lines 2-32). This file is entirely undocumented in debian/copyright, which is a significant documentation gap for a file carrying a secondary license. Verbatim accuracy: The wildcard "Files: *" entry in debian/copyright lists "2012 - 2017". However, the main library code (BSD-3-Clause) only dates back to 2017. The 2012 date belongs exclusively to the LGPL-licensed kurt test files. Mixing these in the main entry is inaccurate and misrepresents the main project's history. Secondary license presence: test/__snapshots__/test.js.snap contains verbatim LGPL-3.0+ license text as part of its snapshot data. While this is generated data, it confirms the presence of LGPL-licensed content that isn't fully acknowledged in the current copyright file. -rt | View |