This document is a reference for the intellectual property protections that apply to the ForgeKit project.
Copyright 2026 ForgeKit Contributors.
All source code in this repository is copyright of the ForgeKit Contributors and is licensed under the Apache License, Version 2.0. See LICENSE for the full text.
Every source file includes an SPDX license header:
// Copyright 2026 ForgeKit Contributors
// SPDX-License-Identifier: Apache-2.0
These headers must be preserved in any fork or derivative work. Removing them is a violation of the Apache 2.0 license and voids the licensee's rights to use the software.
"ForgeKit" and the ForgeKit logomark (the geometric F mark in cyan and green) are trademarks of the ForgeKit project maintainers.
The Apache 2.0 license grants rights to use, modify, and distribute the code. It does not grant rights to use the ForgeKit name or logo.
See TRADEMARK.md for the full trademark policy including permitted uses, prohibited uses, and how to report violations.
The ForgeKit Contributors make no claim of patent rights over the techniques used in this software. To the extent any contributor holds patents that read on this software, those patents are licensed to you under the Apache 2.0 patent grant clause.
If you distribute this software or a derivative work, you must:
- Include a copy of the Apache 2.0 license
- Preserve all existing copyright notices
- Preserve the NOTICE file
- Preserve all SPDX headers in source files
- State any significant changes you made to the original files
Failure to comply with these requirements voids your license to use, distribute, or modify this software.
Every release of forgekit-cli on npm is published with npm provenance via GitHub Actions, cryptographically linking each release to a specific commit in this repository via the Sigstore transparency log. This makes the chain of custody for every published version publicly verifiable and tamper-evident.
- npm package: https://www.npmjs.com/package/forgekit-cli
- Repository: https://github.com/SubhanshuMG/ForgeKit
- Sigstore transparency log: https://search.sigstore.dev (search by package name)
This provenance record makes it impossible for a third party to publish a version of forgekit-cli and claim it originated from this repository.
| Violation Type | Where to Report |
|---|---|
| Trademark infringement on GitHub | https://support.github.com/contact/trademark-policy |
| Copyright / DMCA takedown | https://github.com/contact/dmca |
| Impersonation on GitHub | https://support.github.com/contact/impersonation |
| Fraudulent npm package | https://www.npmjs.com/support |
| General violations | Open an issue tagged trademark-violation |
When filing a report, reference:
- Original repo: https://github.com/SubhanshuMG/ForgeKit
- npm package: https://www.npmjs.com/package/forgekit-cli
- Official site: https://forgekit.build
- First published: March 2026
For legal questions or permission requests, open a GitHub Discussion or issue in this repository.