An analysis of the licenses used by 75+ Open Source projects across 35 companies

Facebook is nearly alone in their usage of BSD-3 + strong patent retaliation

Raúl Kripalani
Aug 20, 2017 · 5 min read

TL;DR: I analysed 75+ popular Open Source projects (6000+ stars and above) from ~35 companies, and concluded that Facebook is an exception within the Open Source space. The only other company using the same license model I found is Palantir.

“Maybe Facebook is an innovator?”, you could argue. Maybe they are ahead of the game? I’m not so sure. Why?

Update 22nd August 15.10 BST —I wrote another post covering concepts and rationale, including licensing, ASLv2, MPL, OSS contributions, community kindly, etc. Here it is:

Facebook introduced their BSD-3 + patents license 3 years ago

Exactly in October 2014.

Yet no other player in the industry (apart from Palantir) has joined them yet — or at least I wasn’t able to find them.

Notwithstanding, Facebook claims the following in their “Explaining React’s license” article:

We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.

If it really is so wonderful and solves a major headache in the industry — and their purposes are so noble — it begs to ask the question:

“How come almost nobody else in Silicon Valley has followed suit yet?”

Perhaps they will now, with all the attention this issue is bringing. I don’t know.

Scroll below for the data.

Additional points I’d like to make before I give you the data

My previous article received lots of positive feedback — and some backlash from mainly React users. Note that I’m a backend and distributed systems engineer, so I’m neutral with regards to frontend frameworks, and hold no vested interest.

  1. They claim that Facebook doesn’t hold any patents (yet) whose grant they could revoke, hence in their eyes there is no threat. But do they know if there are any patent filings in the work? This license contains a legal provision that is permanently in force for as long as you use React. Not just today.
  2. Do we, software engineers, pick our stack based on status quo? Or do we pick future-proof stacks? Maybe there is no patent today, but there could be tomorrow, right?
  3. They argue that if large companies like Amazon are using React, their startups are also safe. Except that they miss one key point: Amazon has enough manpower to quickly migrate away from React, if need be. They probably also hold a patent arsenal against Facebook ready to attack if the time comes.
  4. Pertaining to the above, their lawyers could have evaluated the risks and determined the license was not enforceable by Facebook. But, does this license embody the true spirit and nature of Open Source? Should companies piggyback on the success of Open Source projects like React to enforce patent restrictions on adopters?
  5. Moreover, if the terms are not enforceable, and everybody apparently knows that, why is Facebook so adamant about keeping this license untouched, instead of migrating to a less conflictive one?
  6. Is this harmful to communities and the overall OSS ecosystem, like I explained in my previous article?

Next, I give you the data.

List of companies and projects grouped by the type of Open Source licenses they use

BSD-3 + strong patent retaliation

Apache Software License v2

MIT License

GNU General Public License

  • MongoDB Inc.=> MongoDB (license, GNU AGPL v3).
  • JPMorgan => Quorum (license, GNU LGPL v3).
  • VMware => Photon (license, GNU LGPL v2.1).

Mozilla Public License 2.0 (MPL v2)


Continue reading the follow-up

22nd August 2017: I received a lot of feedback and questions — so I consolidated my responses in a new post. I also state some questions that I believe Facebook should answer. I highly encourage you to read this post.

Moreover, if you haven’t read the original article yet, here it is.

If you enjoyed this article, please recommend it on Medium (clap/heart it!), and share it on Twitter, LinkedIn, etc.

Feel free to connect with me on Twitter and/or LinkedIn. If you want to reach out directly:

I’m starting a magazine for high-quality Blockchain & Crypto content. Please check out consensusX, and follow us ;-)

Raúl Kripalani

Written by

🎈 Engineer @ Protocol Labs, working on libp2p. Previously: ConsenSys, Red Hat, FuseSource, Atos, freelance. From Tenerife, Canary Islands, Spain.