Abstract
Open source licenses create a legal framework that plays a crucial role in the widespread adoption of open source projects. Without a license, any source code available on the internet could not be openly (re)distributed. Although recent studies provide evidence that most popular open source projects have a license, developers might lack confidence or expertise when they need to combine software licenses, leading to a mistaken project license unification. This license usage is challenged by the high degree of reuse that occurs in the heart of modern software development practices, in which third-party libraries and frameworks are easily and quickly integrated into a software codebase. This scenario creates what we call “multi-licensed” projects, which happens when one project has components that are licensed under more than one license. Although these components exist at the file-level, they naturally impact licensing decisions at the project-level. In this paper, we conducted a mix-method study to shed some light on these questions. We started by parsing 1,426,263 (source code and non-source code) files available on 1,552 JavaScript projects, looking for license information. Among these projects, we observed that 947 projects (61%) employ more than one license. On average, there are 4.7 licenses per studied project (max: 256). Among the reasons for multi-licensing is to incorporate the source code of third-party libraries into the project’s codebase. When doing so, we observed that 373 of the multi-licensed projects introduced at least one license incompatibility issue. We also surveyed with 83 maintainers of these projects aimed to cross-validate our findings. We observed that 63% of the surveyed maintainers are not aware of the multi-licensing implications. For those that are aware, they adopt multiple licenses mostly to conform with third-party libraries’ licenses.
Similar content being viewed by others
Notes
Available at https://github.com/mrdoob/three.js
Available in: https://github.com/nexB/scancode-toolkit
We could license foobar under MIT if the bar.js file is not changed. If that file is changed, the project has to be licensed under LGPL.
Available in: https://zenodo.org/record/804474
Available in: https://github.com/freeCodeCamp/freeCodeCamp
Available in: https://github.com/facebook/react
Available in: https://github.com/angular/angular.js
Available in: https://github.com/jxcore/jxcore/
Available in: https://github.com/nodejs/node
Available in: https://github.com/elastic/kibana/
Available at: https://github.com/filamentgroup/tablesaw/
Available at: https://github.com/RocketChat/Rocket.Chat
Available at https://github.com/mathjax/mathjax
Available at https://github.com/openannotation/annotator
References
(2019) Licensing a repository. https://help.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository
(2019a) The state of the octoverse. https://octoverse.github.com/#top-languages
(2019b) Usage statistics of javascript as client-side programming language on websites. https://w3techs.com/technologies/details/cp-javascript
Abdalkareem R, Nourry O, Wehaibi S, Mujahid S, Shihab E (2017) Why do developers use trivial packages? an empirical case study on npm. In: Proceedings of the 2017 11th joint meeting on foundations of software engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017, pp 385–395
Almeida DA, Murphy GC, Wilson G, Hoye M (2017) Do software developers understand open source licenses?. In: Proceedings of the 25th international conference on program comprehension, ICPC ’17. https://doi.org/10.1109/ICPC.2017.7. IEEE Press, Piscataway, pp 1–11
Borges H, Hora A, Valente MT (2016) Understanding the factors that impact the popularity of github repositories. In: 2016 IEEE international conference on software maintenance and evolution (ICSME), pp 334–344. https://doi.org/10.1109/ICSME.2016.31
Campos U, Smethurst G, Moraes JP, Bonifácio R, Pinto G (2019) Mining rule violations in javascript code snippets. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26-27 May 2019, Montreal, Canada, pp 195–199
Chebbi A (2019) Choosing the best programming language for mobile app development. https://developer.ibm.com/articles/choosing-the-best-programming-language-for-mobile-app-development/
Comino S, Manenti FM (2011) Dual licensing in open source software markets. Information Economics and Policy 23(3):234–242. https://doi.org/10.1016/j.infoecopol.2011.07.001, http://www.sciencedirect.com/science/article/pii/S016762451100028X
Di Penta M, German DM, Guéhéneuc Y, Antoniol G (2010) An exploratory study of the evolution of software licensing. In: 2010 ACM/IEEE 32Nd international conference on software engineering. https://doi.org/10.1145/1806799.1806824, vol 1, pp 145–154
Dirk Riehle M, Dorner M (2019) A comparison study of open source license crawler. Master’s thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg
Duan R, Bijlani A, Xu M, Kim T, Lee W (2017) Identifying open-source license violation and 1-day security risk at large scale. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS ’17. https://doi.org/10.1145/3133956.3134048. Association for Computing Machinery, New York, pp 2169–2185
Elliott E (2019) How popular is javascript in 2019? https://doi.org/https://medium.com/javascript-scene/how-popular-is-javascript-in-2019-823712f7c4b1
Evenrud A (2019) Os.js is an open-source javascript web desktop. https://www.os-js.org/
Fortuna P (2016) Javascript – a linguagem perfeita para a internet das coisas (iot). https://imasters.com.br/desenvolvimento/javascript-a-linguagem-perfeita-para-a-internet-das-coisas-iot
German DM, Hassan AE (2009) License integration patterns: Addressing license mismatches in component-based development. In: 2009 IEEE 31st international conference on software engineering, pp 188–198 . https://doi.org/10.1109/ICSE.2009.5070520
Gobeille R (2008) The fossology project. In: Proceedings of the 2008 international working conference on mining software repositories. https://doi.org/10.1145/1370750.1370763. Association for Computing Machinery, New York, pp 47–50
Harvey D (2019) The database that syncs! https://pouchdb.com/
Holck J, Zicari RV (2007) A framework analysis of business models for open source software products with dual licensing. Copenhagen Business School Department of Informatics, Frederiksberg, Denmark
Kapitsaki GM, Tselikas ND, Foukarakis IE (2015) An insight into license tools for open source software systems. J Syst Softw 102:72–87
Kapitsaki GM, Kramer F, Tselikas ND (2017) Automating the license compatibility process in open source software with SPDX. J Syst Softw 131:386–401
Kechagia M, Spinellis D, Androutsellis-Theotokis S (2010) Open source licensing across package dependencies. In: 2010 14th Panhellenic conference on informatics, pp 27–32. https://doi.org/10.1109/PCI.2010.28
Kitchenham BA, Pfleeger SL (2008) Personal Opinion Surveys. Springer, London, pp 63–92
Koski HA (2005) Oss production and licensing strategies of software firms. Review of Economic Research on Copyright Issues 2(2):111–125
Laurent AMS (2004) Understanding open source and free software licensing: guide to navigating licensing issues in existing & new software. ” O’Reilly Media, Inc
Maryka T, German D, Poo-Caamaño G (2015) On the variability of the bsd and mit licenses. 451, 146–156. https://doi.org/10.1007/978-3-319-17837-0_14
McIntosh S, Adams B, Hassan AE (2012) The evolution of java build systems. Empir Softw Eng 17(4-5):578–608
Meeker HJ (2017) Open source for business: a practical guide to open source software licensing. CreateSpace Independant publishing Platform
Meloca R, Pinto G, Baiser L, Mattos M, Polato I, Wiese IS, German DM (2018) Understanding the usage, impact, and adoption of non-osi approved licenses. In: Proceedings of the 15th international conference on mining software repositories, MSR ’18. ACM, New York, pp 270–280https://doi.org/10.1145/3196398.3196427
Oliveira W, Oliveira R, Castor F (2017) A study on the energy consumption of android app development approaches. In: Proceedings of the 14th International Conference on Mining Software Repositories, MSR 2017, Buenos Aires, Argentina, May 20-28, 2017, pp 42–52
Oliveira W, Oliveira R, Castor F, Fernandes B, Pinto G (2019) Recommending energy-efficient java collections. In: Proceedings of the 16th international conference on mining software repositories, MSR 2019, 26-27 May 2019, Montreal, Canada, pp 160–170
Paschalides D, Kapitsaki GM (2016) Validate your spdx files for open source license violations. In: Proceedings of the 2016 24th ACM SIGSOFT international symposium on foundations of software engineering, FSE 2016. https://doi.org/10.1145/2950290.2983939. Association for Computing Machinery, New York, pp 1047–1051
Storey MD, Zagalsky A, Filho FMF, Singer L, Germán DM (2017) How social and communication channels shape and challenge a participatory culture in software development. IEEE Trans Software Eng 43(2):185–204
Strauss A, Corbin JM (2007) Basics of Qualitative Research : Techniques and Procedures for Developing Grounded Theory, 3rd edn. SAGE Publications
Valimaki M (2003) Dual licensing in open source software industry. Systemes dInformation et Management 8(1):63–75
Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German DM, Poshyvanyk D (2015) When and why developers adopt and change software licenses. In: 2015 IEEE international conference on software maintenance and evolution (ICSME), pp 31–40 . https://doi.org/10.1109/ICSM.2015.7332449
Vendome C, Vásquez ML, Bavota G, Penta MD, Germán DM, Poshyvanyk D (2015) License usage and changes: a large-scale study of java projects on github. In: Proceedings of the 2015 IEEE 23rd international conference on program comprehension, ICPC 2015, Florence/Firenze, Italy, May 16-24, 2015, pp 218–228
Vendome C, Bavota G, Penta MD, Linares-Vásquez M, German D, Poshyvanyk D (2017) License usage and changes: a large-scale study on github. Empirical Softw Engg 22 (3):1537–1577. https://doi.org/10.1007/s10664-016-9438-4
Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German D, Poshyvanyk D (2017) Machine learning-based detection of open source license exceptions. In: 2017 IEEE/ACM 39th international conference on software engineering (ICSE), pp 118–129 . https://doi.org/10.1109/ICSE.2017.19
Vendome C, German DM, Di Penta M, Bavota G, Linares-Vásquez M, Poshyvanyk D (2018) To distribute or not to distribute?: Why licensing bugs matter. In: Proceedings of the 40th international conference on software engineering, ICSE ’18. ACM, New York, pp 268–279 https://doi.org/10.1145/3180155.3180221
Wu Y, Manabe Y, Kanda T, German DM, Inoue K (2015) A method to detect license inconsistencies in large-scale open source projects. In: 2015 IEEE/ACM 12th working conference on mining software repositories, pp 324–333 . https://doi.org/10.1109/MSR.2015.37
Wu Y, Manabe Y, Kanda T, German DM, Inoue K (2017) Analysis of license inconsistency in large collections of open source projects. Empirical Softw Engg 22(3):1194–1222. https://doi.org/10.1007/s10664-016-9487-8
Zhang T, Upadhyaya G, Reinhardt A, Rajan H, Kim M (2018) Are code examples on an online q&a forum reliable?: a study of API misuse on stack overflow. In: Proceedings of the 40th international conference on software engineering, ICSE 2018, Gothenburg, Sweden, May 27 - June 03, 2018, pp. 886–896
Acknowledgements
We thank the survey participants who collaborated with our research and the reviewers for their helpful comments. This work is partially supported by CNPq (#309032/2019-9), FAPESPA, and UFPA.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: Massimiliano Di Penta
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Moraes, J.P., Polato, I., Wiese, I. et al. From one to hundreds: multi-licensing in the JavaScript ecosystem. Empir Software Eng 26, 39 (2021). https://doi.org/10.1007/s10664-020-09936-2
Accepted:
Published:
DOI: https://doi.org/10.1007/s10664-020-09936-2