From 72a7d4243288bdbc34a3add3b668f84603383393 Mon Sep 17 00:00:00 2001
From: Martin Torp <martin@socket.dev>
Date: Mon, 8 Jun 2026 10:07:09 +0200
Subject: [PATCH] fix(license): drop unused OFL-1.1 font from the published
 package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The vendored copy of `blessed` pulls in the Terminus bitmap font (external/blessed/usr/fonts/ter-u14*.json), which is licensed OFL-1.1 and is only read by blessed's BigText widget — a widget the CLI never instantiates. Shipping it forced the package's declared license to be `MIT AND OFL-1.1`.

Scope the blessed vendoring keep-list to `usr/*` so the terminfo files are retained while usr/fonts/** is dropped, and declare the license as plain `MIT`. Bump to 1.1.117.
---
 .config/rollup.dist.config.mjs | 8 +++++++-
 CHANGELOG.md                   | 5 +++++
 package.json                   | 4 ++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/.config/rollup.dist.config.mjs b/.config/rollup.dist.config.mjs
index 7857466ad..ecb676aa0 100644
--- a/.config/rollup.dist.config.mjs
+++ b/.config/rollup.dist.config.mjs
@@ -121,7 +121,13 @@ async function copyExternalPackages() {
   // Cleanup package files.
   await Promise.all(
     [
-      [blessedPath, ['lib/**/*.js', 'usr/**/**', 'vendor/**/*.js']],
+      // Keep blessed's terminfo (the flat files in usr/, e.g. usr/xterm) but
+      // NOT usr/fonts/** — the OFL-1.1 Terminus bitmap font is only used by the
+      // unused BigText widget, and shipping it forces an OFL-1.1 license. The
+      // 'usr/*' glob matches one level deep, so usr/fonts/<file> is dropped.
+      // Re-verify usr/ contents on a blessed upgrade (a nested terminfo dir
+      // would be dropped too).
+      [blessedPath, ['lib/**/*.js', 'usr/*', 'vendor/**/*.js']],
       [blessedContribPath, ['lib/**/*.js', 'index.js']],
       [
         socketRegistryPath,
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e0ef0ed0..3fe444dde 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.117](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.117) - 2026-06-08
+
+### Changed
+- The published package no longer bundles the unused Terminus bitmap font (pulled in transitively by the vendored `blessed` dependency), so its declared license is now `MIT` instead of `MIT AND OFL-1.1`.
+
 ## [1.1.116](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.116) - 2026-06-06
 
 ### Changed
diff --git a/package.json b/package.json
index 7165f3538..0de623c21 100644
--- a/package.json
+++ b/package.json
@@ -1,9 +1,9 @@
 {
   "name": "socket",
-  "version": "1.1.116",
+  "version": "1.1.117",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
-  "license": "MIT AND OFL-1.1",
+  "license": "MIT",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/SocketDev/socket-cli.git"