Enforcer Labs Private Limited
Effective Date: May 1, 2026
Last Updated: May 17, 2026
Applies To: Enforcer Marketing | Enforcer Dashboard
1. Overview
Enforcer Labs products incorporate open source software components. This document provides disclosure of significant open source components, their licenses, and applicable obligations in compliance with open source license requirements.
Enforcer Labs' proprietary software is not open source. It is proprietary software licensed under the terms set forth in the EULA and Enterprise License Terms. The use of open source components within our products does not change the proprietary nature of the Enforcer Labs software.
2. Open Source License Categories
The open source components used in Enforcer Labs products fall under the following license categories:
| License Category | Implication | Risk Level |
|---|---|---|
| MIT License | Permissive; minimal restrictions | Low |
| Apache License 2.0 | Permissive; patent grant included | Low |
| BSD (2-Clause / 3-Clause) | Permissive; attribution required | Low |
| ISC License | Permissive; functionally equivalent to MIT | Low |
| PSF License | Python Software Foundation; permissive | Low |
| LGPL | Weak copyleft; dynamic linking permitted | Medium |
Enforcer Labs does not incorporate any AGPL, GPL, SSPL, or strong copyleft licensed components in its proprietary products.
3. Enforcer Marketing — Open Source Components
The Enforcer Marketing website uses the following major open source frameworks and libraries:
| Component | Version | License | Purpose |
|---|---|---|---|
| Next.js | 16.2.5 | MIT | Web application framework |
| React | 19.2.4 | MIT | UI rendering library |
| React DOM | 19.2.4 | MIT | DOM rendering for React |
| Tailwind CSS | 4.x | MIT | Utility-first CSS framework |
| Lucide React | 1.14.x | ISC | Icon library |
| MDX (loader, react, next) | 3.x | MIT | Markdown/JSX content |
| TypeScript | 5.x | Apache-2.0 | Type-safe JavaScript |
| ESLint | 9.x | MIT | Code linting |
| Autoprefixer | 10.x | MIT | CSS vendor prefixing |
| PostCSS | 8.x | MIT | CSS transformation |
4. Enforcer Dashboard — Open Source Components
4.1 Backend (Python)
| Component | Version | License | Purpose |
|---|---|---|---|
| FastAPI | 0.115.x | MIT | API framework |
| Uvicorn | 0.34.x | BSD-3-Clause | ASGI server |
| SQLAlchemy | 2.0.x | MIT | ORM and database toolkit |
| Asyncpg | 0.30.x | Apache-2.0 | PostgreSQL async driver |
| Alembic | 1.18.x | MIT | Database migrations |
| Pydantic | 2.10.x | MIT | Data validation |
| Dynaconf | 3.2.x | MIT | Configuration management |
| HTTPX | 0.28.x | BSD-3-Clause | HTTP client |
| PyJWT | 2.12.x | MIT | JSON Web Token handling |
| Passlib | 1.7.x | BSD-3-Clause | Password hashing |
| SlowAPI | 0.1.x | MIT | Rate limiting |
| Boto3 | 1.43.x | Apache-2.0 | AWS SDK |
| Prefect | 3.6.x | Apache-2.0 | Workflow orchestration |
| OpenAI | 1.60.x | MIT | OpenAI API client |
| LangChain | 0.3.x | MIT | LLM framework |
| LangChain-OpenAI | 0.3.x | MIT | LangChain OpenAI integration |
| Pytz | 2026.x | MIT | Timezone handling |
| Python-Multipart | 0.0.x | Apache-2.0 | Multipart form parsing |
4.2 Frontend (Node.js)
| Component | Version | License | Purpose |
|---|---|---|---|
| Next.js | 16.2.5 | MIT | Web application framework |
| React | 19.2.4 | MIT | UI rendering library |
| React DOM | 19.2.4 | MIT | DOM rendering |
| Tailwind CSS | 4.x | MIT | CSS framework |
| TypeScript | 5.x | Apache-2.0 | Type-safe JavaScript |
4.3 Infrastructure
| Component | Version | License | Purpose |
|---|---|---|---|
| PostgreSQL | 16.x | PostgreSQL License | Primary database |
| Redis | 7.x | BSD-3-Clause | Caching and message broker |
| Nginx | 1.x | BSD-2-Clause | Reverse proxy |
| PgBouncer | 1.x | ISC | Connection pooling |
| Docker | 24.x | Apache-2.0 | Containerization |
5. License Obligations
5.1 Attribution
All open source components retain their original copyright notices and license text. Attribution is provided in this
document and within the Software's LICENSES directory (where applicable).
5.2 MIT / ISC / BSD Licenses
These permissive licenses require:
(a) retention of copyright notices in redistributed source code;
(b) inclusion of license text in binary distributions;
(c) no endorsement claims using the authors' names without permission (BSD-3-Clause).
No restrictions on proprietary use, modification, or distribution.
5.3 Apache License 2.0
In addition to attribution requirements:
(a) a patent license is granted from contributors;
(b) modifications must be documented with a NOTICE file if applicable;
(c) no trademark license is granted.
6. SBOM (Software Bill of Materials)
Enforcer Labs maintains a machine-readable Software Bill of Materials (SBOM) for each release of Enforcer Dashboard. The SBOM is available:
(a) within the release artifacts in CycloneDX or SPDX format;
(b) upon request to licensed customers at legal@enforcer-cca.com.
7. Vulnerability Disclosure
Enforcer Labs monitors all open source dependencies for known vulnerabilities using automated scanning tools. Critical vulnerabilities in dependencies are addressed per the timeline in the Security Responsibility document (09_security_responsibility.md).
8. No Copyleft Contamination
8.1 Enforcer Labs confirms that no component of its proprietary software is derived from, linked with, or distributed alongside software under GPL, AGPL, SSPL, or other strong copyleft licenses that would require disclosure of Enforcer Labs' proprietary source code.
8.2 All open source components are used in accordance with their respective license terms and in a manner that preserves the proprietary nature of Enforcer Labs' software.
9. Contact
For open source licensing inquiries:
Enforcer Labs Private Limited
Email: legal@enforcer-cca.com
This document is subject to attorney review. The open source component list should be regenerated from the actual SBOM before each major release.