DeepAI AI Chat
Log In Sign Up

From One to Hundreds: Multi-Licensing in the JavaScript Ecosystem

by   João Pedro Moraes, et al.

Open source licenses create a legal framework that plays a crucial role in the widespread adoption of open source projects. Without a license, any source code available on the internet could not be openly (re)distributed. Although recent studies provide evidence that most popular open source projects have a license, developers might lack confidence or expertise when they need to combine software licenses, leading to a mistaken project license unification.This license usage is challenged by the high degree of reuse that occurs in the heart of modern software development practices, in which third-party libraries and frameworks are easily and quickly integrated into a software codebase.This scenario creates what we call "multi-licensed" projects, which happens when one project has components that are licensed under more than one license. Although these components exist at the file-level, they naturally impact licensing decisions at the project-level. In this paper, we conducted a mix-method study to shed some light on these questions. We started by parsing 1,426,263 (source code and non-source code) files available on 1,552 JavaScript projects, looking for license information. Among these projects, we observed that 947 projects (61 licenses per studied project (max: 256). Among the reasons for multi-licensing is to incorporate the source code of third-party libraries into the project's codebase. When doing so, we observed that 373 of the multi-licensed projects introduced at least one license incompatibility issue. We also surveyed with 83 maintainers of these projects aimed to cross-validate our findings. We observed that 63 implications. For those that are aware, they adopt multiple licenses mostly to conform with third-party libraries' licenses.


Why Software Projects need Heroes (Lessons Learned from 1100+ Projects)

A "hero" project is one where 80 the 20 since they might cause bottlenec...

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software developmen...

Software Supply Chain Map: How Reuse Networks Expand

Clone-and-own is a typical code reuse approach because of its simplicity...

An Exploratory Study of Documentation Strategies for Product Features in Popular GitHub Projects

[Background] In large open-source software projects, development knowled...

PExReport: Automatic Creation of Pruned Executable Cross-Project Failure Reports

Modern software development extensively depends on existing libraries wr...

Differential coverage: automating coverage analysis

While it is easy to automate coverage data collection, it is a time cons...