Skip to main content
SpringerLink
Log in

From one to hundreds: multi-licensing in the JavaScript ecosystem

  • Published:
Empirical Software Engineering Aims and scope Submit manuscript

Abstract

Open source licenses create a legal framework that plays a crucial role in the widespread adoption of open source projects. Without a license, any source code available on the internet could not be openly (re)distributed. Although recent studies provide evidence that most popular open source projects have a license, developers might lack confidence or expertise when they need to combine software licenses, leading to a mistaken project license unification. This license usage is challenged by the high degree of reuse that occurs in the heart of modern software development practices, in which third-party libraries and frameworks are easily and quickly integrated into a software codebase. This scenario creates what we call “multi-licensed” projects, which happens when one project has components that are licensed under more than one license. Although these components exist at the file-level, they naturally impact licensing decisions at the project-level. In this paper, we conducted a mix-method study to shed some light on these questions. We started by parsing 1,426,263 (source code and non-source code) files available on 1,552 JavaScript projects, looking for license information. Among these projects, we observed that 947 projects (61%) employ more than one license. On average, there are 4.7 licenses per studied project (max: 256). Among the reasons for multi-licensing is to incorporate the source code of third-party libraries into the project’s codebase. When doing so, we observed that 373 of the multi-licensed projects introduced at least one license incompatibility issue. We also surveyed with 83 maintainers of these projects aimed to cross-validate our findings. We observed that 63% of the surveyed maintainers are not aware of the multi-licensing implications. For those that are aware, they adopt multiple licenses mostly to conform with third-party libraries’ licenses.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. Available at https://github.com/mrdoob/three.js

  2. Available in: https://github.com/nexB/scancode-toolkit

  3. We could license foobar under MIT if the bar.js file is not changed. If that file is changed, the project has to be licensed under LGPL.

  4. Available in: https://zenodo.org/record/804474

  5. Available in: https://github.com/freeCodeCamp/freeCodeCamp

  6. Available in: https://github.com/facebook/react

  7. Available in: https://github.com/angular/angular.js

  8. Available in: https://doi.org/https://scancode-toolkit.readthedocs.io/en/latest/explanations/overview.html#how-does-scancode-work

  9. https://spdx.org/licenses/

  10. https://github.com/inuyaksa/jquery.nicescroll

  11. Available in: https://github.com/jxcore/jxcore/

  12. Available in: https://github.com/nodejs/node

  13. Available in: https://github.com/elastic/kibana/

  14. Available at: https://github.com/filamentgroup/tablesaw/

  15. Available at: https://github.com/RocketChat/Rocket.Chat

  16. https://opensource.org/licenses

  17. https://enterprise.dejacode.com/licenses/

  18. https://choosealicense.com/non-software/

  19. Available at https://github.com/mathjax/mathjax

  20. Available at https://scripts.sil.org/cms/scripts/page.php?item_id=OFL10_web

  21. https://opensource.org/licenses/OFL-1.1

  22. https://www.gnu.org/licenses/license-list.html#GNUGPLv3

  23. Available at https://github.com/openannotation/annotator

  24. https://github.com/rails/jquery-ujs/

  25. https://github.com/elastic/kibana/

  26. http://13.57.134.254/app/

  27. https://www.fossology.org/

  28. http://findosslicense.cs.ucy.ac.cy/

  29. https://reuse.software/

  30. https://github.com/nodegit/nodegit/blob/02e617bea465ae132bffe012325547875ff73b73/test/tests/convenient_line.js

  31. https://github.com/nodegit/nodegit/tree/02e617bea465ae132bffe012325547875ff73b73/test/tests.

  32. https://reuse.software/faq/#exclude-file.

  33. https://reuse.software/

  34. https://spdx.dev

  35. https://directory.fsf.org/wiki/ScanCode_Toolkit

References

  • (2019) Licensing a repository. https://help.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository

  • (2019a) The state of the octoverse. https://octoverse.github.com/#top-languages

  • (2019b) Usage statistics of javascript as client-side programming language on websites. https://w3techs.com/technologies/details/cp-javascript

  • Abdalkareem R, Nourry O, Wehaibi S, Mujahid S, Shihab E (2017) Why do developers use trivial packages? an empirical case study on npm. In: Proceedings of the 2017 11th joint meeting on foundations of software engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017, pp 385–395

  • Almeida DA, Murphy GC, Wilson G, Hoye M (2017) Do software developers understand open source licenses?. In: Proceedings of the 25th international conference on program comprehension, ICPC ’17. https://doi.org/10.1109/ICPC.2017.7. IEEE Press, Piscataway, pp 1–11

  • Borges H, Hora A, Valente MT (2016) Understanding the factors that impact the popularity of github repositories. In: 2016 IEEE international conference on software maintenance and evolution (ICSME), pp 334–344. https://doi.org/10.1109/ICSME.2016.31

  • Campos U, Smethurst G, Moraes JP, Bonifácio R, Pinto G (2019) Mining rule violations in javascript code snippets. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26-27 May 2019, Montreal, Canada, pp 195–199

  • Chebbi A (2019) Choosing the best programming language for mobile app development. https://developer.ibm.com/articles/choosing-the-best-programming-language-for-mobile-app-development/

  • Comino S, Manenti FM (2011) Dual licensing in open source software markets. Information Economics and Policy 23(3):234–242. https://doi.org/10.1016/j.infoecopol.2011.07.001, http://www.sciencedirect.com/science/article/pii/S016762451100028X

    Article  Google Scholar 

  • Di Penta M, German DM, Guéhéneuc Y, Antoniol G (2010) An exploratory study of the evolution of software licensing. In: 2010 ACM/IEEE 32Nd international conference on software engineering. https://doi.org/10.1145/1806799.1806824, vol 1, pp 145–154

  • Dirk Riehle M, Dorner M (2019) A comparison study of open source license crawler. Master’s thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg

  • Duan R, Bijlani A, Xu M, Kim T, Lee W (2017) Identifying open-source license violation and 1-day security risk at large scale. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS ’17. https://doi.org/10.1145/3133956.3134048. Association for Computing Machinery, New York, pp 2169–2185

  • Elliott E (2019) How popular is javascript in 2019? https://doi.org/https://medium.com/javascript-scene/how-popular-is-javascript-in-2019-823712f7c4b1

  • Evenrud A (2019) Os.js is an open-source javascript web desktop. https://www.os-js.org/

  • Fortuna P (2016) Javascript – a linguagem perfeita para a internet das coisas (iot). https://imasters.com.br/desenvolvimento/javascript-a-linguagem-perfeita-para-a-internet-das-coisas-iot

  • German DM, Hassan AE (2009) License integration patterns: Addressing license mismatches in component-based development. In: 2009 IEEE 31st international conference on software engineering, pp 188–198 . https://doi.org/10.1109/ICSE.2009.5070520

  • Gobeille R (2008) The fossology project. In: Proceedings of the 2008 international working conference on mining software repositories. https://doi.org/10.1145/1370750.1370763. Association for Computing Machinery, New York, pp 47–50

  • Harvey D (2019) The database that syncs! https://pouchdb.com/

  • Holck J, Zicari RV (2007) A framework analysis of business models for open source software products with dual licensing. Copenhagen Business School Department of Informatics, Frederiksberg, Denmark

  • Kapitsaki GM, Tselikas ND, Foukarakis IE (2015) An insight into license tools for open source software systems. J Syst Softw 102:72–87

    Article  Google Scholar 

  • Kapitsaki GM, Kramer F, Tselikas ND (2017) Automating the license compatibility process in open source software with SPDX. J Syst Softw 131:386–401

    Article  Google Scholar 

  • Kechagia M, Spinellis D, Androutsellis-Theotokis S (2010) Open source licensing across package dependencies. In: 2010 14th Panhellenic conference on informatics, pp 27–32. https://doi.org/10.1109/PCI.2010.28

  • Kitchenham BA, Pfleeger SL (2008) Personal Opinion Surveys. Springer, London, pp 63–92

    Google Scholar 

  • Koski HA (2005) Oss production and licensing strategies of software firms. Review of Economic Research on Copyright Issues 2(2):111–125

    Google Scholar 

  • Laurent AMS (2004) Understanding open source and free software licensing: guide to navigating licensing issues in existing & new software. ” O’Reilly Media, Inc

  • Maryka T, German D, Poo-Caamaño G (2015) On the variability of the bsd and mit licenses. 451, 146–156. https://doi.org/10.1007/978-3-319-17837-0_14

  • McIntosh S, Adams B, Hassan AE (2012) The evolution of java build systems. Empir Softw Eng 17(4-5):578–608

    Article  Google Scholar 

  • Meeker HJ (2017) Open source for business: a practical guide to open source software licensing. CreateSpace Independant publishing Platform

  • Meloca R, Pinto G, Baiser L, Mattos M, Polato I, Wiese IS, German DM (2018) Understanding the usage, impact, and adoption of non-osi approved licenses. In: Proceedings of the 15th international conference on mining software repositories, MSR ’18. ACM, New York, pp 270–280https://doi.org/10.1145/3196398.3196427

  • Oliveira W, Oliveira R, Castor F (2017) A study on the energy consumption of android app development approaches. In: Proceedings of the 14th International Conference on Mining Software Repositories, MSR 2017, Buenos Aires, Argentina, May 20-28, 2017, pp 42–52

  • Oliveira W, Oliveira R, Castor F, Fernandes B, Pinto G (2019) Recommending energy-efficient java collections. In: Proceedings of the 16th international conference on mining software repositories, MSR 2019, 26-27 May 2019, Montreal, Canada, pp 160–170

  • Paschalides D, Kapitsaki GM (2016) Validate your spdx files for open source license violations. In: Proceedings of the 2016 24th ACM SIGSOFT international symposium on foundations of software engineering, FSE 2016. https://doi.org/10.1145/2950290.2983939. Association for Computing Machinery, New York, pp 1047–1051

  • Storey MD, Zagalsky A, Filho FMF, Singer L, Germán DM (2017) How social and communication channels shape and challenge a participatory culture in software development. IEEE Trans Software Eng 43(2):185–204

    Article  Google Scholar 

  • Strauss A, Corbin JM (2007) Basics of Qualitative Research : Techniques and Procedures for Developing Grounded Theory, 3rd edn. SAGE Publications

  • Valimaki M (2003) Dual licensing in open source software industry. Systemes dInformation et Management 8(1):63–75

    MathSciNet  Google Scholar 

  • Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German DM, Poshyvanyk D (2015) When and why developers adopt and change software licenses. In: 2015 IEEE international conference on software maintenance and evolution (ICSME), pp 31–40 . https://doi.org/10.1109/ICSM.2015.7332449

  • Vendome C, Vásquez ML, Bavota G, Penta MD, Germán DM, Poshyvanyk D (2015) License usage and changes: a large-scale study of java projects on github. In: Proceedings of the 2015 IEEE 23rd international conference on program comprehension, ICPC 2015, Florence/Firenze, Italy, May 16-24, 2015, pp 218–228

  • Vendome C, Bavota G, Penta MD, Linares-Vásquez M, German D, Poshyvanyk D (2017) License usage and changes: a large-scale study on github. Empirical Softw Engg 22 (3):1537–1577. https://doi.org/10.1007/s10664-016-9438-4

    Article  Google Scholar 

  • Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German D, Poshyvanyk D (2017) Machine learning-based detection of open source license exceptions. In: 2017 IEEE/ACM 39th international conference on software engineering (ICSE), pp 118–129 . https://doi.org/10.1109/ICSE.2017.19

  • Vendome C, German DM, Di Penta M, Bavota G, Linares-Vásquez M, Poshyvanyk D (2018) To distribute or not to distribute?: Why licensing bugs matter. In: Proceedings of the 40th international conference on software engineering, ICSE ’18. ACM, New York, pp 268–279 https://doi.org/10.1145/3180155.3180221

  • Wu Y, Manabe Y, Kanda T, German DM, Inoue K (2015) A method to detect license inconsistencies in large-scale open source projects. In: 2015 IEEE/ACM 12th working conference on mining software repositories, pp 324–333 . https://doi.org/10.1109/MSR.2015.37

  • Wu Y, Manabe Y, Kanda T, German DM, Inoue K (2017) Analysis of license inconsistency in large collections of open source projects. Empirical Softw Engg 22(3):1194–1222. https://doi.org/10.1007/s10664-016-9487-8

    Article  Google Scholar 

  • Zhang T, Upadhyaya G, Reinhardt A, Rajan H, Kim M (2018) Are code examples on an online q&a forum reliable?: a study of API misuse on stack overflow. In: Proceedings of the 40th international conference on software engineering, ICSE 2018, Gothenburg, Sweden, May 27 - June 03, 2018, pp. 886–896

Download references

Acknowledgements

We thank the survey participants who collaborated with our research and the reviewers for their helpful comments. This work is partially supported by CNPq (#309032/2019-9), FAPESPA, and UFPA.

Author information

Authors and Affiliations

  1. Federal University of Pará (UFPA), Belém, Brazil

    João Pedro Moraes, Filipe Saraiva & Gustavo Pinto

  2. Federal Technological University of Paraná (UTFPR), Apucarana, Brazil

    Ivanilton Polato & Igor Wiese

  3. KDE e.V., Berlin, Germany

    Filipe Saraiva

Authors
  1. João Pedro Moraes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivanilton Polato
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Wiese
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Filipe Saraiva
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gustavo Pinto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gustavo Pinto.

Additional information

Communicated by: Massimiliano Di Penta

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Moraes, J.P., Polato, I., Wiese, I. et al. From one to hundreds: multi-licensing in the JavaScript ecosystem. Empir Software Eng 26, 39 (2021). https://doi.org/10.1007/s10664-020-09936-2

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10664-020-09936-2

Keywords

Search

Navigation