What's the best open source license for Node.js modules ??

By: (plus.google.com) +David Herron; Date: 2012-12-19 11:24

Tags: Node.JS »»»» Open Source Licenses

I've been developing a new software project with Node.js, a (akashacms.com) "content management" system that produces static HTML websites named AkashaCMS.  Last week I made my initial release into npm and knew I needed to put an open source license on the code, and by default I put in the GPL license.  But then I thought to ponder, is the GPL the best choice of license?  Will that license prevent others from using AkashaCMS?  In general, what's the best license for a Node.js open source project?  Does use of a Node module invoke the viral nature of the GPL and infect GPLness into modules that use the GPL'd module?  I didn't think about this myself, but would the GPL license interfere with others who want to contribute patches?  So I sent a query to the Node.js group on Google Groups (linked below), which touched off an insightful conversation.

Before getting into that conversation, Matthew Aslett of the 451 Group happened to write a blog post with (blogs.the451group.com) data showing that the GPL is losing popularity.  I haven't a clue whether the data or conclusion is accurate, but the idea that the GPL is losing popularity is compatible with the discussion on the Node.js group.

Martin Cooper made an insightful reply about what would "linking" mean in a Node.js module.  The viral nature of the GPL rests in the act of "linking" software to a GPL'd work.  JavaScript, as an non-compiled interpreted language, doesn't "link" in the style that C/C++/etc programmers do.  Further, Node.js modules provide great encapsulation so that use of a module is purely from the API it exports.  But as Martin pointed out, that is a technologists interpretation of "linking," not a lawyers interpretation.  The GPL has not been tested in court for this issue.

Martin also claimed that the issue of GPL licensing on JavaScript is so complicated that many companies ban the use of GPL'd JavaScript to avoid the issues.  Another issue he mentioned is that the GPL license is a barrier to contributions back to the project.

One reply, from Austin William Wright, pointed out that "linking" from a Copyright perspective means to "embed another program (compiled or otherwise) within your program and distribute it."  Thank you Austin, that's a great take on the question.

For Node.js modules I think this combination would occur when running npm commands to pull all dependencies into a local node_modules directory, then to redistribute that whole tree (with the node_modules directory created by npm) in some way.

Forrest Norvel of newlogic.com said they'd discussed this at NodeConf last summer, and come away with the conclusion that MIT or BSD is the best license choice.  He went on to say uptake of a GPL3 module would be hampered, "especially if there were some kind of associated Canonical-style contributor's agreement."

Jake Verbaten expressed a sentiment that's probably technically incorrect, but is probably common wisdom.  Namely, that "if I have a dependency on a GPL module no matter how deep in my dependency tree (my larger apps have over a 100 dependencies) my entire app is GPL." Therefore he has zero dependencies on GPL'd code.  That's the viral nature of the GPL .. making people leery of using the GPL.  This is probably not the result Richard Stallman originally had in mind, eh?

One issue is the amount of protection afforded by one license or another.  We have a concern about our hard work on an open source project being stolen by a 3rd party who embeds it in their proprietary closed source product, right?  The viral nature of the GPL is meant to protect against that happening.  I saw a quip a long time ago along the lines that we want other peoples code to be under BSD (or that ilk) of license, but we want our own code to be under GPL.

Isaac Schlueter responded by first saying that npm doesn't care what license we use.  He went on to say his personal opinion is to never use any GPL anything and strongly recommending against using GPL for a very interesting reason.  As a software author consuming other peoples' software projects, he wants the freedom to make his own code "unfree".  But if his code were dependent on a GPL module he'd either have be prevented from making his code unfree, or would have to reimplement that module.

The project owner(s) are the ones who set license terms.  They can do it blindly, like I did with the initial license choice for AkashaCMS, or they can do it consciously with forethought about goals of the project.  Does the project want contributions from 3rd parties?  What context will the project be run in? Do the project owners care about their code becoming part of closed source projects?  Does the project want to be freely used by other projects?  Is the project in part on a quest to convert all software to free software?  ..etc..etc..

Hurm.. still leaves me with a decision on the license for AkashaCMS ... but with more information with which to make the decision.

Read more at:   (groups.google.com) thread on nodejs at googlegroups.com