@simon this only covers you for the legal costs of defending the copyright lawsuit and potential damages though, which is not super relevant for something that goes up on PyPI. It doesn’t cover the reputation damage or the engineering effort required for your users to rip out the dependency, if they’re not paying you for it. It would make me feel pretty comfortable shipping something in a product but open sourcing it seems riskier.