Screening NPM Packages: Package Licensing
There are over 1.3 million packages available out there in the main npm registry. Developers can take benefit of the open source libraries and do not need to reinvent the already invented, but when it comes to the licensing of these open source libraries , most of us might get confused in choosing the right one. There are more than 200 open source licenses out there but only half are approved by open source initiative. It’s not an easy job for a developer to select the library on certain open source licenses to ensure it fulfils their requirement and the product remains compliant.
We will touch upon the popular OSI-approved licenses which are widely used and will also see how one can choose the right one.
Most of the open source licenses generally fall into one of these types:
Public Domain
This is the most permissive type of software license. When the software is in the public domain, anyone can modify and use the software without any restriction. But you still need to make sure it is secure before adding it to your codebase. Please note: code that does not have an explicit license is NOT automatically in the public domain. This includes snippets that you find on the Internet.
Permissive
Permissive licenses are also referred to as “Apache style” or “BSD style”. They contain minimum requirements on how the software may be modified or redistributed. This type of software license is perhaps the most popular license used with free and open source software. In addition to the Apache license and the BSD license, another common variant is the MIT license.
GNU Lesser General Public License
The GNU Lesser General Public License allows you to link to open source libraries in your software. If you just compile or link an LGPL licensed library with your code, you can publish your app under any license you want, even a proprietary license. But if you modify the library or copy parts of it into your code, you will need to publish your application in terms similar to LGPL.
Copyleft
Under the terms of a copyleft license, the licensed code may be modified or distributed as part of a software project if the new code is distributed under the same software license.
This means that if the code included in the software product was specified to be for “personal use only,” the new product being distributed must carry that same designation/restriction.
Proprietary
These software licenses make the software ineligible for copying, modifying, or distribution. This is the most restrictive type of software license, protecting the developer or owner from unauthorised use of the software.
Here are some of the most popular and widely used licenses:
MIT
A short and simple permissive license with conditions only requiring preservation of copyright and license notices. Licensed works, modifications, and larger works may be distributed under different terms and without source code.
Apache 2.0
A permissive license whose main conditions require preservation of copyright and license notices. Contributors provide an express grant of patent rights. Licensed works, modifications, and larger works may be distributed under different terms and without source code.
BSD 3-Clause
This license has also been called the “New BSD License” or “Modified BSD License”. The BSD 3-clause license allows you almost unlimited freedom with the software so long as you include the BSD copyright and license notice in it (found in full text). The same also apply to the other commonly used BSD license variant, the BSD 2-Clause License, with the exception of anything related to the non-endorsement clause. (The non-endorsement clause is not part of the BSD 2-Clause License.)
ISC
A permissive license lets people do anything with your code with proper attribution and without warranty. The ISC license is functionally equivalent to the BSD 2-Clause and MIT licenses, removing some language that is no longer necessary.
GNU GPLv3
Permissions of this strong copyleft license are conditioned on making available complete source code of licensed works and modifications, which include larger works using a licensed work, under the same license. Copyright and license notices must be preserved. Contributors provide an express grant of patent rights.
References:
For detailed comparison you can also refer to following url : https://choosealicense.com/appendix/
