The Problem of Compliance for Javascript Libraries

For improv­ing the per­for­mance, usu­al­ly javascript libraries are com­pressed by eras­ing all blanks, line­feeds and com­ments. Hence, they do not con­tain any license texts and only very brief license infor­ma­tion. This is a prob­lem in case of open source licensed javascript libraries.

Because these licens­es require some­thing oth­er :

Javascript and the permissive MIT-License

The MIT license is a ‘tem­plate’ license: it must be instan­ti­at­ed by the intend­ed copy­right infor­ma­tion. The license then requires that both — the copy­right line and the license text — is dis­trib­uted togeth­er with the open source pro­gram: “The above copy­right notice and this per­mis­sion notice shall be includ­ed in all copies or sub­stan­tial por­tions of the Soft­ware.”

Hence, using the MIT com­po­nents com­pli­ant­ly (only) requires to han­dover the respec­tive licens­es togeth­er with the respec­tive javascript libraries.

Javascript and the Copyleft License GPL

The GPL allows to dis­trib­ute the source code pro­vid­ed that one con­spic­u­ous­ly and appro­pri­ate­ly pub­lish­es on each copy an appro­pri­ate copy­right notice and dis­claimer of war­ran­ty […] and gives any oth­er recip­i­ents of the Pro­gram a copy of this License along with the Pro­gram”. Addi­tion­al­ly, the GPL requires that each code which uses the GPL licensed library etc. is also licensed under the GPL (copy­left effect)

Javascript libraries are ever dis­trib­uted as source­code. But that’s not enough. The license­text clear­ly says, that also the license itself and the infor­ma­tion about the copy­right own­er must be dis­trib­uted togeth­er with the source code.

How can we resolve this inconsistency?

It is clear, that there exists a con­tra­dic­tion between the claim of the licens­es and the every­day prac­tice:

On the one side, it is a fea­ture of web javascript, that it is dis­trib­uted: if the brows­er calls a page con­tain­ing a link to a javascript library, the brows­er not only loads down the page text (html), but also the javascript library. By this down­load the neces­si­ty to ful­fill the open source license require­ments is trig­gered.

On the oth­er side, usu­al­ly the com­pressed library does no longer con­tain the required license infor­ma­tion: the small­er the lib, the faster the down­load.

But it is use­ful, that near­ly each open source license requires the dis­tri­b­u­tion of itself — togeth­er with the copy­right infor­ma­tion. That’s not a legal gim­mick! Only who has received the license can be sure, that he real­ly has the rights the copy­right own­er want to grant —  if these copy­right own­er are known and named in the licens­ing state­ment. There­fore, it is mean­ing­ful to dis­trib­ute also the copy­right line.

Hence, the scrupu­lous user him­self must expand the com­pressed libraries by adding the license text and the copy­right lines into the javascript libraries before he let them load down from his serv­er. That’s indeed legal — as long as he does not mod­i­fy any still exist­ing com­pli­ance infor­ma­tion and as long as the copy­right own­er of the library has not for­bid­den by a sen­tence in the copy­right head­er to mod­i­fy this insuf­fi­cient copy­right head­er. tries to ful­fill the open source require­ments of the open source javascript libraries  used in by ‘re-adding’ the missed infor­ma­tion wher­ev­er pos­si­ble:

jquery.jsMITWe use deliv­ered by Word­Press. It con­tains a respec­tive head­er.

One Comment “The Problem of Compliance for Javascript Libraries”

  • Hi Karsten, I just reread your clas­sic here. It is still the sit­u­a­tion that view sites pro­vide prop­er licens­ing infor­ma­tion for the JS they are dis­trib­ut­ing. It is actu­al­ly worse: All web­sites I looked at only con­sid­er, if they do some­thing at all, the first tier of depen­den­cies. The “ice­berg under the water­line” is whol­ly ignored.

Leave a Comment

Your email address will not be published. Required fields are marked *

To top