WordPress.org

Make WordPress Core

Opened 11 months ago

Last modified 9 months ago

#48579 new enhancement

Should we reconsider the External Libraries mentions on the credits.php page?

Reported by: youknowriad Owned by:
Milestone: Awaiting Review Priority: low
Severity: normal Version:
Component: Help/About Keywords:
Focuses: docs Cc:

Description

Initially added in #17518

At that time the number of third-party libraries used was pretty small. These days we have over a million npm dependencies. I don't have the exact number of "direct dependencies" but that's probably more than a hundred.

I was wondering if we should rethink that part? Should we just highlight the big dependencies? How to decide if a dependency is big enough? Or maybe we can just remove it?

Change History (2)

#1 @SergeyBiryukov
11 months ago

  • Component changed from General to Help/About

#2 @azaozz
9 months ago

These days we have over a million npm dependencies.
...
Should we just highlight the big dependencies? How to decide if a dependency is big enough? Or maybe we can just remove it?

Been thinking about this for a while. Generally there are two types of dependencies: software used for "building", and software that is redistributed with WP. When redistributing open source software (afaik) it is considered best practice to "give credit where credit is due", even if that's not explicitly mentioned in the license.

Looking at the npm dependencies: most, if not all, are distributed under the MIT license which requires retainment of the copyright notices (if any). This is already the case, it happens "automatically" when building. See:
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/dist/vendor/react.js#L1,
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/dist/vendor/lodash.js#L2.

This is also the case for the "non-npm" dependencies:
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/jquery/jquery.js#L1
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/jquery/ui/core.min.js#L1
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/mediaelement/mediaelement.js#L1
https://build.trac.wordpress.org/browser/tags/5.3.2/wp-includes/js/backbone.js#L1.

As far as I see there are three options:

  • Build and maintain a comprehensive list of all software that is redistributed with WP, and include it in the readme, or perhaps even in an "acknowledgement.txt" file which can be auto-generated at build time.
  • Mention only some of the "base" dependencies in the readme. That would probably be: jQuery, React, Backbone, TinyMCE, etc. and also some of the tools used to build WP like Node.js, Grunt, Webpack, etc.
  • Consider it "satisfactory" to have the copyright notices in the corresponding files.
Note: See TracTickets for help on using tickets.