Legal

Open-Source Attribution

Last updated

Overview

The Veirox CLI and Veirox Connect binaries are themselves licensed under the Apache License, Version 2.0 (see each project's NOTICE file). Both are built on open-source packages maintained by their own communities, each under its own license.

This page lists the direct dependencies of each binary — what's declared in go.mod (CLI) and Cargo.toml (Connect) — with the license each project publishes. It is not an exhaustive transitive-dependency audit (each has additional indirect dependencies pulled in by these), and it's a summary for a quick vendor-review pass, not a substitute for your own legal review. The authoritative, complete manifest for either binary is its lockfile (go.sum / Cargo.lock) — contact us if you need the full transitive list for a compliance process.

Veirox CLI (Go)

PackageLicense
github.com/spf13/cobraApache-2.0
gopkg.in/ini.v1Apache-2.0
gopkg.in/yaml.v3Apache-2.0 / MIT
github.com/charmbracelet/bubbleteaMIT
github.com/charmbracelet/bubblesMIT
github.com/charmbracelet/lipglossMIT
github.com/charmbracelet/logMIT
github.com/mattn/go-isattyMIT
github.com/pelletier/go-toml/v2MIT
github.com/posthog/posthog-goMIT
github.com/r3labs/sse/v2MIT
github.com/stretchr/testifyMIT
github.com/zalando/go-keyringMIT
github.com/atotto/clipboardBSD-3-Clause
github.com/gofrs/flockBSD-3-Clause
github.com/google/uuidBSD-3-Clause
golang.org/x/syncBSD-3-Clause

Veirox Connect (Rust)

CrateLicense
tokioMIT
tokio-tungsteniteMIT
tracingMIT
tracing-subscriberMIT
sysinfoMIT
nixMIT
anyhowMIT / Apache-2.0
base64MIT / Apache-2.0
clapMIT / Apache-2.0
futures-utilMIT / Apache-2.0
randMIT / Apache-2.0
rcgenMIT / Apache-2.0
reqwestMIT / Apache-2.0
serdeMIT / Apache-2.0
serde_jsonMIT / Apache-2.0
thiserrorMIT / Apache-2.0
uuidMIT / Apache-2.0
x509-parserMIT / Apache-2.0
rustlsApache-2.0 / ISC / MIT
rustls-native-certsApache-2.0 / ISC / MIT
rustls-pemfileApache-2.0 / ISC / MIT
globsetMIT / Unlicense

Verifying this list

License strings above are as declared by each package at the time of writing — dependency versions change over time and some packages relicense between versions. To verify against the exact versions shipped in a given release, check that release's go.sum (CLI) or Cargo.lock (Connect) in the corresponding source tag, or run a license scanner (go-licenses, cargo-license) against it yourself.