Licensing: new dependency on frozendict (LGPLv3) introduced in #352 breaks downstream allowlists

[csy1204]

Hi team, thank you for the great work on compressed-tensors.

Context

• We use compressed-tensors via vLLM. After upgrading to vLLM 0.10.2, it pulls compressed-tensors 0.11.0.
• In 0.11.0, a new runtime dependency on frozendict was introduced for “safer defaulting” as part of Transform: Construct on GPU, cache on CPU #352.
• frozendict is licensed under LGPLv3. Many downstreams (including KServe, Apache-2.0) enforce a license allowlist that excludes LGPLv3, so our license scan now fails on install.

https://github.com/kserve/kserve/actions/runs/17708342463/job/50335946579?pr=4685

2025-09-15 12:39:48,100 [INFO] pkg frozendict <importlib.metadata.PathDistribution object at 0x7facf0015430>
2025-09-15 12:39:48,100 [INFO] license_info GNU Lesser General Public License v3 (LGPLv3)
Traceback (most recent call last):
  File "/workspace/storage/cephrbd/git/study/kserve/python/pip-licenses.py", line 372, in <module>
    main()
  File "/workspace/storage/cephrbd/git/study/kserve/python/pip-licenses.py", line 348, in main
    license_text, notice_text = format_plain_vertical(
                                ^^^^^^^^^^^^^^^^^^^^^^
  File "/workspace/storage/cephrbd/git/study/kserve/python/pip-licenses.py", line 263, in format_plain_vertical
    check_license_allowlist(
  File "/workspace/storage/cephrbd/git/study/kserve/python/pip-licenses.py", line 218, in check_license_allowlist
    raise ValueError(
ValueError: License 'GNU Lesser General Public License v3 (LGPLv3)' is not in the allowed list found for package frozendict

Impact

• This blocks adoption in environments with strict allowlists and legal policies. We’d like to keep using vllm and compressed-tensors but cannot ship LGPLv3 dependencies.

Request

• Would you consider replacing frozendict with a permissive alternative? Options include:
  • immutables.Map (MIT)
  • pyrsistent.pmap (MIT)
  • a small internal FrozenDict implemented with types.MappingProxyType (stdlib)

Workarounds we’re using

• Temporarily pin vLLM to 0.10.1.1 to avoid pulling compressed-tensors 0.11.0 (and thus frozendict), or use an internal patched wheel of compressed-tensors without frozendict.

Thanks for considering! We’re happy to help test or contribute a PR.

[brian-dellabetta]

Hi @csy1204 , thank you for the detailed description and suggestions. We didn't realize frozendict had the licensing issue, but types.MappingProxyType looks like a good way to resolve without adding a new dependency. I will create a PR for this over the next couple days

[csy1204]

Thanks for your helpful works! @brian-dellabetta