**Command**: `/oss-eval:licensing`
Analyzes open-source licensing, dependencies, and commercial use restrictions for candidates.
/plugin marketplace add maxamillion/claude-oss-eval-plugin/plugin install maxamillion-oss-eval@maxamillion/claude-oss-eval-pluginCommand: /oss-eval:licensing
Conduct thorough analysis of licensing implications for each candidate, including dependencies, commercial use restrictions, and compliance requirements.
.oss-eval/phase-03-features/feature-matrix.md for candidate listFor each candidate, verify via web search:
Official License File
"<framework>" license site:github.comLicense Type Classification
Version Specificity
CRITICAL: A project's usability depends on ALL its dependencies.
## Dependency License Scan
### Direct Dependencies
| Dependency | License | Compatibility | Notes |
|------------|---------|---------------|-------|
| <dep> | MIT | ✅ Compatible | - |
| <dep> | GPL-3.0 | ⚠️ Copyleft | May require disclosure |
### Transitive Dependencies (High-Risk)
| Dependency | License | Risk | Mitigation |
|------------|---------|------|------------|
| <dep> | AGPL-3.0 | 🔴 High | Network copyleft |
For each candidate, document:
## Commercial Use Assessment: <Candidate>
### Permitted Uses
- [ ] Internal tools
- [ ] SaaS products
- [ ] Embedded in proprietary software
- [ ] Redistribution
- [ ] Modification without disclosure
### Required Actions
- [ ] Attribution required
- [ ] License file inclusion
- [ ] Source disclosure (if modified)
- [ ] Patent grant conditions
### Restrictions
- [ ] Trademark restrictions
- [ ] Patent litigation clauses
- [ ] Network use triggers (AGPL)
Many OSS projects offer commercial licenses. Document:
## Commercial Licensing Options
### <Candidate>
**Open Source License**: <license>
**Commercial License**: <available/not available>
| Tier | Price | Features |
|------|-------|----------|
| Community | Free | <features> |
| Enterprise | $X/yr | <additional features> |
**Trigger for Commercial License**:
- <when required>
Create .oss-eval/phase-04-licensing/licensing-analysis.md:
# Licensing Analysis
Analyzed: <timestamp>
## License Summary
| Candidate | Primary License | Category | Commercial Safe | Dependencies Risk |
|-----------|-----------------|----------|-----------------|-------------------|
| <A> | MIT | Permissive | ✅ Yes | 🟢 Low |
| <B> | Apache 2.0 | Permissive | ✅ Yes | 🟡 Medium |
| <C> | AGPL-3.0 | Strong Copyleft | ⚠️ Conditional | 🔴 High |
## Detailed Analysis
### <Candidate A>
**License**: MIT
**SPDX**: MIT
**Category**: Permissive
#### Permissions
- ✅ Commercial use
- ✅ Modification
- ✅ Distribution
- ✅ Private use
#### Conditions
- ℹ️ License and copyright notice
#### Limitations
- ⚠️ No liability
- ⚠️ No warranty
#### Dependency Analysis
<dependency license breakdown>
#### Commercial License Option
<if available>
---
### <Candidate B>
...
## Compatibility Matrix
For combining candidates with each other or existing systems:
| | <A> | <B> | <C> | Proprietary |
|---|-----|-----|-----|-------------|
| <A> | ✅ | ✅ | ⚠️ | ✅ |
| <B> | ✅ | ✅ | ⚠️ | ✅ |
| <C> | ⚠️ | ⚠️ | ✅ | ❌ |
## Recommendations
### Low Risk
<candidates with permissive licenses and clean dependencies>
### Medium Risk (Manageable)
<candidates requiring specific compliance actions>
### High Risk (Careful Evaluation)
<candidates with copyleft or complex licensing>
## Legal Review Needed
<any candidates requiring legal consultation>
Before completing this phase, verify:
Update .oss-eval/config.json:
{
"phases": {
"4": { "status": "completed", "completedAt": "<timestamp>" }
},
"currentPhase": 5
}
Phase 4 Complete: Licensing analysis for all candidates documented.
Run
/oss-eval:communityto begin Phase 5 (Community Health Check).