fix(license): drop unused OFL-1.1 font from the published package (#1357)

mtorp · web-flow · commit 1b5289dca31a · 2026-06-08T10:55:21.000+02:00
The vendored copy of `blessed` pulls in the Terminus bitmap font (external/blessed/usr/fonts/ter-u14*.json), which is licensed OFL-1.1 and is only read by blessed's BigText widget — a widget the CLI never instantiates. Shipping it forced the package's declared license to be `MIT AND OFL-1.1`.

Scope the blessed vendoring keep-list to `usr/*` so the terminfo files are retained while usr/fonts/** is dropped, and declare the license as plain `MIT`. Bump to 1.1.117.
diff --git a/.config/rollup.dist.config.mjs b/.config/rollup.dist.config.mjs
@@ -121,7 +121,13 @@ async function copyExternalPackages() {
   // Cleanup package files.
   await Promise.all(
     [
-      [blessedPath, ['lib/**/*.js', 'usr/**/**', 'vendor/**/*.js']],
+      // Keep blessed's terminfo (the flat files in usr/, e.g. usr/xterm) but
+      // NOT usr/fonts/** — the OFL-1.1 Terminus bitmap font is only used by the
+      // unused BigText widget, and shipping it forces an OFL-1.1 license. The
+      // 'usr/*' glob matches one level deep, so usr/fonts/<file> is dropped.
+      // Re-verify usr/ contents on a blessed upgrade (a nested terminfo dir
+      // would be dropped too).
+      [blessedPath, ['lib/**/*.js', 'usr/*', 'vendor/**/*.js']],
       [blessedContribPath, ['lib/**/*.js', 'index.js']],
       [
         socketRegistryPath,
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.117](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.117) - 2026-06-08
+
+### Changed
+- The published package no longer bundles the unused Terminus bitmap font (pulled in transitively by the vendored `blessed` dependency), so its declared license is now `MIT` instead of `MIT AND OFL-1.1`.
+
 ## [1.1.116](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.116) - 2026-06-06
 
 ### Changed
diff --git a/package.json b/package.json
@@ -1,9 +1,9 @@
 {
   "name": "socket",
-  "version": "1.1.116",
+  "version": "1.1.117",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
-  "license": "MIT AND OFL-1.1",
+  "license": "MIT",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/SocketDev/socket-cli.git"
