Compliance Programming

Using JavaScript Compliantly

/ by Karsten Reincke | Leave a comment

To speed up deliv­er­abil­i­ty, JavaScript libraries — embed­ded in a web­site — are usu­al­ly com­pressed by delet­ing all white­space, line feeds, and com­ments. They are mini­fied. As a result, they usu­al­ly con­tain only very rudi­men­ta­ry license infor­ma­tion — at least not the license text itself. But all FOSS licens­es require us to ship some com­pli­ance arti­facts with the code — espe­cial­ly the license text. This is the chal­lenge with using JavaScript — in bootScore and else­where

[ en | de ]

Solution

  • Use the Boot­strap JavaScript library as deliv­ered by bootScore
  • Use the JavaScript libraries as deliv­ered by Word­Press
  • Cre­ate a table for con­tain­ing the JavaScript com­pli­ance infor­ma­tion
  • For each JavaScript library deliv­ered by bootScore or Word­Press cre­ate a respec­tive row in your JS table.
  • Embed this table into your Open Source Com­pli­ance Page
  • Make this Open Source Com­pli­ance Page acces­si­ble by the foot­er of your pages

Background

bootSCore con­tains some JS com­po­nents. For exam­ple, its own unfold­ed JavaScript libraries1 — implic­it­ly licensed under the MIT license but with­out any explic­it licens­ing state­ment — and the mini­fied Boot­strap JavaScript library2 — explic­it­ly licensed under the MIT by a respec­tive licens­ing state­ment. But none of them con­tain the license text itself. Also, Word­Press brings with it some own and some mini­fied 3rd par­ty JavaScript libraries3, like the jQuery library4 that is licensed under the MIT and con­tains a respec­tive licens­ing state­ment, but does not cov­er the license text itself. Regard­less, of whom the site own­er has got these libs — from bootScore or Word­Press -, even­tu­al­ly it is she who has to ful­fill the license require­ments because it is her sys­tem that dis­trib­utes the JavaScript libraries to her read­ers.

But what is actu­al­ly the chal­lenge?

Riding a dead horse

Like the JavaScript libraries of Boot­strap and jQuery, most JS libraries are MIT licensed. This FOSS license requires that both — the copy­right line and the license text — are dis­trib­uted togeth­er with the open-source pro­gram: “The above copy­right notice and this per­mis­sion notice shall be includ­ed in all copies or sub­stan­tial por­tions of the Soft­ware.“5

For (L|A)GPL-licensed JavaScript libraries it is near­ly the same. These licens­es per­mit the dis­tri­b­u­tion of the source code “pro­vid­ed that one con­spic­u­ous­ly and appro­pri­ate­ly pub­lish­es on each copy an appro­pri­ate copy­right notice and dis­claimer of war­ran­ty […] and gives any oth­er recip­i­ents of the Pro­gram a copy of this License along with the Pro­gram”.6

So, we see a con­tra­dic­tion between the claim of the licens­es and the every­day prac­tice: On the one side, a brows­er not only loads down the page text (HTML) but also the JavaScript library. This down­load dis­trib­utes the code and hence trig­gers the neces­si­ty to ful­fill the open-source license require­ments. On the oth­er side, usu­al­ly, the com­pressed libraries — although as a pack­age often offered by the authors — no longer con­tain the required license infor­ma­tion: the small­er the libs, the faster the site is pre­sent­ed on the read­er’s machines.

As site own­ers, we have two options to deal with this chal­lenge: Either we sub­se­quent­ly (and (semi) man­u­al­ly) heal the pack­ages we implic­it­ly have tak­en over by using Word­Press and bootScore. Or we use them as we’ve got them. It’s clear: Heal­ing would imply that we redo that job when­ev­er we update Word­Press or bootScore. So, we tend to go the oth­er way — if there nev­er­the­less was an option, not to vio­late the idea and the require­ments of free soft­ware licens­es.

The solu­tion is this:

When­ev­er the devel­op­ers of the JavaScript libraries have decid­ed to dis­trib­ute mini­fied ver­sions of their work, they also assume that they are used in that ver­sion. Thus — as we may derive from that fact — they simul­ta­ne­ous­ly implic­it­ly per­mit that kind of use even if it vio­lat­ed the license they’ve cho­sen. But — as a sub­sti­tute of bundling the license text, the copy­right infor­ma­tion, etc. with the JavaScript libraries them­selves — we should offer our users anoth­er option to get this infor­ma­tion. How­ev­er, we must addi­tion­al­ly take care only to include the mini­fied JavaScript libraries in our site that the devel­op­ers them­selves have pro­vid­ed. In the case of the Boot­strap-JS-Lib in bootScore and the Jquery-JS-Lib etc. in Word­Press we may assume that they did so.

If we apply this process to our 3rd. par­ty JS libraries, we have a strong argu­ment for our posi­tion in case of a legal dis­pute — I’ve nev­er heard of one — and we’re in good com­pa­ny: Even the FSF is propos­ing to do so.7 And the FSF real­ly does­n’t have a rep­u­ta­tion for tak­ing license com­pli­ance light­ly.

  1. cf. ./bootscore/js/theme.js []
  2. cf. ./bootscore/js/lib/bootstrap.bundle.min.js []
  3. cf. https://codex.wordpress.org/Javascript_Reference respec­tive­ly ./wp-includes/js []
  4. cf. wp-includes/js/jquery/ []
  5. cf. MIT License []
  6. pars pro toto cf. GPL‑2.0. Addi­tion­al­ly, the (A)GPL requires that each code that uses the (A)GPL-licensed library, etc. is also licensed under the (A)GPL (copy­left effect). But that’s not the point in this con­text. []
  7. cf. https://www.gnu.org/licenses/javascript-labels.html, https://www.gnu.org/licenses/javascript-labels-rationale.html, and https://www.iusmentis.com/computerprograms/opensourcesoftware/license-notices-web-applications []

Leave a Comment

Your email address will not be published. Required fields are marked *

To top