In the 8 years I've been developing alongside an OSS package ecosystem, I have never once reviewed a license before implementing it in production. As far as I can tell, companies only address this if they have a target on their back, or they're engaged in a compliance audit that covers the topic.

I acknowledge that mindset could set the org up for headaches in the future, but those are tomorrow's theoretical headaches, we'll tackle them and formalize a compliance process should the need arise.