Compliance

Using JavaScript Compliantly

Javascript Symbol Picture

To speed up deliv­er­abil­i­ty, the devel­op­ers most­ly dis­trib­ute com­pressed JavaScript libraries that do not con­tain any white­spaces, line feeds, and com­ments. They have mini­fied the libs. As a result, they usu­al­ly con­tain only very rudi­men­ta­ry license infor­ma­tion — at least not the license text itself. But all FOSS licens­es require us to ship some com­pli­ance arti­facts with the code — espe­cial­ly the license text. This is the chal­lenge for using JavaScript com­pli­ant­ly — in bootScore and else­where:

[ en | de ]

Solution

  • Use the Boot­strap JavaScript library as deliv­ered by bootScore
  • Use the JavaScript libraries as deliv­ered by Word­Press
  • Cre­ate a table con­tain­ing the JavaScript com­pli­ance infor­ma­tion
  • For each JavaScript library deliv­ered by bootScore or Word­Press cre­ate a respec­tive row in your JS table.
  • Embed this table into your Open Source Com­pli­ance Page
  • Make this Open Source Com­pli­ance Page acces­si­ble by the foot­er of your pages

Background

bootSCore con­tains some JS com­po­nents. For exam­ple, its own unfold­ed JavaScript libraries1 — implic­it­ly licensed under the MIT license but with­out any explic­it licens­ing state­ment — and the mini­fied Boot­strap JavaScript library2 — explic­it­ly licensed under the MIT by a respec­tive licens­ing state­ment. But none of them con­tain the license text itself.

Also, Word­Press brings with it some own and some mini­fied 3rd par­ty JavaScript libraries3, like the jQuery library4 that is licensed under the MIT and con­tains a respec­tive licens­ing state­ment, but does not cov­er the license text itself. Regard­less, of whom the site own­er has got these libs — from bootScore or Word­Press -, even­tu­al­ly it is she who has to ful­fill the license require­ments because it is her sys­tem that dis­trib­utes the JavaScript libraries to her read­ers.

But what is actu­al­ly the chal­lenge?

Riding a dead horse

Like the JavaScript libraries of Boot­strap and jQuery, most JS libraries are MIT licensed. It requires that the copy­right line and the license text are dis­trib­uted togeth­er with the open-source pro­gram. “The above copy­right notice and this per­mis­sion notice shall be includ­ed in all copies or sub­stan­tial por­tions of the Soft­ware.“5

For (L|A)GPL-licensed JavaScript libraries it is near­ly the same. These licens­es per­mit the dis­tri­b­u­tion of the source code “pro­vid­ed that one con­spic­u­ous­ly and appro­pri­ate­ly pub­lish­es on each copy an appro­pri­ate copy­right notice and dis­claimer of war­ran­ty […] and gives any oth­er recip­i­ents of the Pro­gram a copy of this License along with the Pro­gram”.6

So, we see a con­tra­dic­tion between the claim of the licens­es and the every­day prac­tice. On the one side, a brows­er not only loads down the page text (HTML) but also the JavaScript library. This down­load dis­trib­utes the code and hence trig­gers the neces­si­ty to ful­fill the open-source license require­ments. On the oth­er side, usu­al­ly, the com­pressed libraries — although as a pack­age often offered by the authors — no longer con­tain the required license infor­ma­tion: the small­er the libs, the faster the machine can dis­play the site using that libs.

As site own­ers, we have two options to deal with this chal­lenge. Either we sub­se­quent­ly (and (semi) man­u­al­ly) heal the pack­ages we implic­it­ly have tak­en over by using Word­Press and bootScore. Or we use them as we’ve got them. It’s clear: Heal­ing would imply that we redo that job when­ev­er we update Word­Press or bootScore. So, we tend to go the oth­er way.

The solu­tion is this:

When­ev­er devel­op­ers decide to dis­trib­ute mini­fied JavaScript libraries, they also assume that their ‘cus­tomers’ use their work in that ver­sion. That is a rea­son­able assump­tion. So, we may derive that they implic­it­ly per­mit that kind of use even if it vio­lat­ed the license they’ve cho­sen. Nev­er­the­less, we should offer our users anoth­er option to get the required infor­ma­tion. A sub­sti­tute for bundling the license text, the copy­right infor­ma­tion, etc. with the JavaScript libraries them­selves. How­ev­er, we must take care only to include the mini­fied JavaScript libraries the devel­op­ers them­selves have pro­vid­ed. In the case of the Boot­strap-JS-Lib in bootScore and the Jquery-JS-Lib etc. in Word­Press, we may assume that they did so.

If we apply this process to our 3rd. par­ty JS libraries, we have a strong argu­ment for our posi­tion in case of a legal dis­pute — I’ve nev­er heard of one — and we’re in good com­pa­ny: Even the FSF is propos­ing to do so.7 And the FSF real­ly does­n’t have a rep­u­ta­tion for tak­ing license com­pli­ance light­ly.


And in what way is this …

… part of the over­ar­ch­ing top­ic FOSS Com­pli­ance? For ful­fill­ing the require­ments of FOSS licens­es, we have to con­sid­er spe­cif­ic indi­vid­ual cas­es as well as side effects — for soft­ware, pic­tures, or doc­u­ments. We should unhide trends and write guide­lines. Above all, how­ev­er, we must dri­ve for­ward the automa­tion of license ful­fill­ment, make our licens­ing knowl­edge freely avail­able, cast it into small­er tools, and bring it into larg­er sys­tems: Because FOSS thrives on free­dom through license ful­fill­ment, large and small. That’s what also this arti­cle is about.


  1. cf. ./bootscore/js/theme.js []
  2. cf. ./bootscore/js/lib/bootstrap.bundle.min.js []
  3. cf. https://codex.wordpress.org/Javascript_Reference respec­tive­ly ./wp-includes/js []
  4. cf. wp-includes/js/jquery/ []
  5. cf. MIT License []
  6. pars pro toto cf. GPL‑2.0. Addi­tion­al­ly, the (A)GPL requires that we license our code that uses the (A)GPL-licensed library, etc. also under the (A)GPL (copy­left effect). But that’s not the point in this con­text. []
  7. cf. https://www.gnu.org/licenses/javascript-labels.html, https://www.gnu.org/licenses/javascript-labels-rationale.html, and https://www.iusmentis.com/computerprograms/opensourcesoftware/license-notices-web-applications []

Leave a Comment

Your email address will not be published. Required fields are marked *

To top