How do you handle license risk in projects with a lot of dependencies?
Do you check licenses before installing packages, or only later when it becomes a problem?
I built this tool because I wanted a quick overview of what I had actually pulled into one of my projects. It turned out one dependency was AGPL-3.0, which would have required me to open source the entire project if distributed.
That wasn’t my intention, so I replaced it with an alternative. But it made me realize how easy it is to accidentally introduce strong copyleft licenses without noticing.
Do you actively monitor dependency licenses, or is it something you only think about when legal/security gets involved?