Hi all, and a @UMB.FYI tip I wanted to let you know about a new concept we are trying out: Documenting the third-party dependencies that Umbraco uses in one place. We have chosen to go with an old-fashioned TXT file for ease of use. Our goal is to document all third-party libraries that Umbraco depends directly on. This is done not only to follow common license guidelines telling us to do so, but also to highlight all the various, exotic, and exciting open-source libraries and packages that compiles, tests, and formats the thousands and thousands lines of code into the product that we all love: Umbraco. We may have missed a few dependencies in the file already, but as always looking for contributions in this area as well. The file can be found here: https://github.com/umbraco/Umbraco-CMS/blob/contrib/NOTICES.txt

@Jacob Overgaard can I make a suggestion. Perhaps you can say what its used for and where in the CMS. And also it would be good to know what are dependencies when we install Umbraco as I know some of these such as Vite, Umbraco.Code etc are dev dependencies and tooling

This is for Umbraco as an open source repository and not only for Umbraco CMS - the product. We find it good to have a central spot to attribute all libraries that we use throughout the main monorepo. As for what is included in the product, we have been considering what a good way could be to show it. Perhaps some kind of UI in the backoffice to list it? Don't know quite yet what could be the best place and what should be included, e.g. version number of the library perhaps.

I personally like the installed packages overview in the backoffice. So name, (nuget/npm/?) package name and version would be nice to have in the backoffice so you can easily see whats 'installed'

I think it can be confusing if you have a page in the backoffice documenting which packages the product is using (not the current installed packages). I would probably expect it to include all implementation specific packages too, eg. React/Vue/Tinyslider/tailwind etc.

Somewhat related - I'd really be interested to see the dependency breakdown between Umbraco versions. I noticed recently the 11ty project had this in their release notes. It's a good indicator of software complexity and potential attack surface, which ideally should improve/reduce over time (such as when we switch to native techniques over third-party packages). https://cdn.discordapp.com/attachments/1361342659284828212/1368161164483231804/image.png?ex=681736e0&is=6815e560&hm=7ea5b8a5c0aac42a879ba444c55c55442dd0927cd1bb1756afcf23ff367b97ea&

Has this file moved? getting a 404 now

The contrib branch is called "main" now, so here is an updated link: https://github.com/umbraco/Umbraco-CMS/blob/main/NOTICES.txt