February 2023
3 minute read time
A developer-friendly introduction to open source licenses
Martin Torp
By Martin Torp
Cofounder of Coana
PhD in Computer Science

<m>The word 'license' probably triggers a sense of discomfort with most developers.
We may think of open licenses as a legal issue that belongs to the legal department, and thus as an issue largely to be ignored in our day-to-day work.
However, if you work with open source libraries and frameworks, which you almost certainly do, then you have to have at least a little bit of basic knowledge of open source licenses.
Licenses can be long, complicated, and full of legal jargon, but luckily, we, as developers can often ignore much of the content in the license by following some basic principles 😌</m>

<m>Let's first briefly consider why we need to care about open source licenses.
If a project is open source, it means that anybody can view, copy and build on top of the source under some *conditions*.
Those conditions are an important part of the license.
Generally, there are two types of licenses we need to distinguish between known as *copyleft licenses* and *permissive licenses*.
Here is the basic distinction.</m>

<m>**Copyleft:** You may copy, reuse and build on top of a copyleft-licensed project as long as you release your project using a compatible copyleft license.</m>

<m>**Permissive:** You may copy, reuse and build on top of the permissively-licensed project. You are typically required to credit (add attribution) the project.</m>

<m>If you want to build a project that is closed source, all of your dependencies should be licensed with a permissive license.
If you want to build an open source project, you should either license it with a copyleft license or only use permissively licensed dependencies.
Keep in mind that an open source library or framework tends to have a much broader adoption when it is permissively licensed exactly because it allows others to use it in closed source products.</m>

<m>The list below shows some of the most commonly used licenses and whether they are copyleft or permissive.</m>

<m>| License | Type                                             |
| MIT     | Permissive                                       |
| Apache  | Permissive                                       |
| BSD     | Permissive                                       |
| WTFPL   | Permissive                                       |
| AFL     | Permissive                                       |
| CC0     | Public domain (less restrictive than permissive) |
| GPL     | Copyleft                                         |</m>

<m>To check the license of a project you can either refer to the LICENSE file on its GitHub page or use one of the many tools available for providing an overview of used licenses.</m>

<m>For example:
- [NPM License Checker](https://www.npmjs.com/package/license-checker)
- [Debricked Compliance](https://debricked.com/tools/license-compliance/)
- [Snyk Open Source](https://snyk.io/product/open-source-security-management/)</m>

<m>If you use pnpm, which we highly recommend (see [this post on phantom dependencies](https://www.coana.tech/post/a-quick-introduction-to-phantom-dependencies)), then you can also use the `pnpm licenses` command.</m>

<m>We hope this quick introduction to open source licenses was useful.
Please keep in mind that there are many other aspects to licensing that this post doesn't cover.
We are also not legal advisors and cannot be held responsible for any legal violations.</m>

Questions or opinions?

Feel free to reach out to us by email or through our Slack Community anytime. We'd love to hear from you.

Subscribe to future posts via email?

(or grab the RSS feed)