Open Source and Third-Party Notices

This page lists the primary third-party software, frameworks, SDKs, infrastructure components, and external services intentionally integrated into Attriax. It is a practical notice page for direct dependencies and major runtime components, not an exhaustive dump of every transitive package.

Last updated: April 26, 2026

1. How To Use This Page

Attriax is built from multiple subproducts, including a React dashboard, a NestJS API, a Flutter SDK, deployment infrastructure, and connected third-party services. This page identifies the primary software components we intentionally include or rely on, along with the license family and an upstream reference.

Some listed packages bring their own transitive dependencies or platform-specific native components. Where those apply, the governing license remains the one distributed by the upstream project. If you self-host or redistribute Attriax in a materially different way, you should run your own dependency and legal review for that specific deployment.

Frontend and Public Web

Primary third-party libraries used to build and ship the Attriax dashboard and public site.

React, React DOM, React Router

Single-page application UI, rendering, and routing.

MIT

Source: https://github.com/facebook/react

Vite and @vitejs/plugin-react

Development server and production bundling for the frontend.

MIT

Source: https://vite.dev

Tailwind CSS and @tailwindcss/vite

Styling system and build integration.

MIT

Source: https://tailwindcss.com

Firebase JavaScript SDK

Authentication flows and client identity integration.

Apache-2.0

Source: https://github.com/firebase/firebase-js-sdk

Axios, Zustand, Recharts, lucide-react

HTTP requests, state management, charts, and iconography.

MIT / ISC

Source: https://github.com/axios/axios

lucide-react is ISC; Axios, Zustand, and Recharts are MIT.

Backend and Platform Services

Primary third-party libraries used to run the Attriax API, background work, security, uploads, and integrations.

NestJS

Backend application framework and HTTP platform.

MIT

Source: https://github.com/nestjs/nest

TypeORM and pg

Database persistence layer and PostgreSQL client.

MIT

Source: https://github.com/typeorm/typeorm

Firebase Admin SDK

Server-side Firebase token verification and user integration.

Apache-2.0

Source: https://github.com/firebase/firebase-admin-node

Helmet, Multer, ioredis, node-telegram-bot-api, sharp

Security headers, uploads, Redis access, Telegram ops notifications, and image processing.

MIT / Apache-2.0

Source: https://helmetjs.github.io/

helmet, multer, ioredis, and node-telegram-bot-api are MIT; sharp is Apache-2.0.

MaxMind GeoIP2 Node client

GeoIP lookup support for analytics and fraud detection workflows.

Apache-2.0

Source: https://github.com/maxmind/GeoIP2-node

Flutter SDK and Mobile Tooling

Primary third-party packages used in the Flutter SDK, platform packages, and internal tester app.

Flutter and Dart SDK

SDK runtime, UI framework, and package tooling.

BSD-3-Clause

Source: https://flutter.dev

connectivity_plus, device_info_plus, package_info_plus

Connectivity status, device metadata, and package/app metadata collection.

BSD-3-Clause

Source: https://github.com/fluttercommunity/plus_plugins

http, shared_preferences, plugin_platform_interface, flutter_lints

Networking, local persistence, federated plugin contracts, and lint tooling.

BSD-3-Clause

Source: https://dart.dev

cupertino_icons and flutter_launcher_icons

Icon assets and launcher icon generation for internal tooling.

MIT

Source: https://pub.dev

Infrastructure Components

Primary third-party infrastructure components used in local and self-hosted deployments.

PostgreSQL 17

Primary relational datastore.

PostgreSQL License

Source: https://www.postgresql.org

Redis 7.2

Caching and ephemeral data services in the compose stack.

BSD-3-Clause

Source: https://redis.io

The compose stack is pinned to the 7.2 line because later Redis 7 community releases use different source-available terms.

Nginx

Reverse proxy, host routing, and TLS termination in self-hosted environments.

BSD-2-Clause-like

Source: https://nginx.org

Docker and Docker Compose

Local development and deployment orchestration.

Apache-2.0

Source: https://www.docker.com

5. External Services and Processing Notices

Some features rely on external providers that process account, payment, security, or geolocation-related information under their own terms and privacy policies. Those providers are part of the operational service, not just build-time dependencies.

Google Firebase

Authentication, account identity, and related security workflows.

Terms: https://firebase.google.com/termsPrivacy: https://policies.google.com/privacy

Firebase client and admin SDKs used in this repository are licensed under Apache-2.0.

MaxMind GeoLite2

Approximate IP geolocation data for analytics, fraud review, and geo reporting.

Terms: https://www.maxmind.com/en/geolite2/eulaPrivacy: https://www.maxmind.com/en/privacy-policy

Attribution required: This product includes GeoLite Data created by MaxMind, available from https://www.maxmind.com. GeoLite data is also subject to the Creative Commons Attribution-ShareAlike 4.0 terms referenced in the GeoLite EULA.

6. Important Practical Notes

If you self-host Attriax, keep the Redis image pinned to the reviewed license line unless you intentionally accept and re-review a newer license model.
If you redistribute modified copies of third-party software embedded in Attriax, you are responsible for preserving upstream notices and meeting any source, attribution, or reciprocal obligations that apply.
The MaxMind GeoLite2 data included with the API must retain its attribution notice, and it must not be used to identify a specific household or individual.