If you sell a product or distribute a project that contains open-source software, you are required to comply with both the licenses and regulation like the European Union’s cyber resilience act.

Specifically, you (1) are required to declare its software bill of materials, (2) need to make sure it does not include unwanted open source code, (3) need to create and deliver correct legal notices, and (4) must monitor security vulnerabilities of current and past deliveries. If you ignore these…