Should we reconsider the External Libraries mentions on the credits.php page?

[youknowriad]

Initially added in #17518

At that time the number of third-party libraries used was pretty small. These days we have over a million npm dependencies. I don't have the exact number of "direct dependencies" but that's probably more than a hundred.

I was wondering if we should rethink that part? Should we just highlight the big dependencies? How to decide if a dependency is big enough? Or maybe we can just remove it?

[azaozz]

These days we have over a million npm dependencies.
...
Should we just highlight the big dependencies? How to decide if a dependency is big enough? Or maybe we can just remove it?

Been thinking about this for a while. Generally there are two types of dependencies: software used for "building", and software that is redistributed with WP. When redistributing open source software (afaik) it is considered best practice to "give credit where credit is due", even if that's not explicitly mentioned in the license.

Looking at the npm dependencies: most, if not all, are distributed under the MIT license which requires retainment of the copyright notices (if any). This is already the case, it happens "automatically" when building. See:
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/dist/vendor/react.js#L1,
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/dist/vendor/lodash.js#L2.

This is also the case for the "non-npm" dependencies:
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/jquery/jquery.js#L1
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/jquery/ui/core.min.js#L1
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/mediaelement/mediaelement.js#L1
​https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/backbone.js#L1.

As far as I see there are three options:

• Build and maintain a comprehensive list of all software that is redistributed with WP, and include it in the readme, or perhaps even in an "acknowledgement.txt" file which can be auto-generated at build time.
• Mention only some of the "base" dependencies in the readme. That would probably be: jQuery, React, Backbone, TinyMCE, etc. and also some of the tools used to build WP like Node.js, Grunt, Webpack, etc.
• Consider it "satisfactory" to have the copyright notices in the corresponding files.

[azaozz]

There was a small discussion in Slack today, see the above link.

Perhaps it makes sense to mention some of the "major" build/test tools and dependencies used by the project, the same way as the software that is redistributed. Maybe under another section/subtitle.

Moving to "future release" for consideration, potentially for the 6.0 milestone.