Open Source software is software that the author has licensed in a way that makes it free to use, redistribute, and sometimes modify. The Open Source community has given rise to an entire ecosystem of free programs, packages, and libraries that enable companies and hobbyists alike to build technology and products efficiently. It has also served to create a resource pool of software that is– practically speaking– peer reviewed, because it is open to public scrutiny and contributions by other engineers. Whether it is a framework, small package, or large component, much of today’s software gets built utilizing Open Source components.
Today we will be discussing one primary family of software licenses referred to as copyleft. When you are deciding which Open Source software components you might use to fulfill specific needs while planning your project, you should look at any software licensed under the family of copyleft licenses carefully.
Copyleft licenses often allow anyone to freely use, modify, or redistribute the software in question, just like many permissive use licenses such as the MIT license (MIT license is not a copyleft license). The critical difference when using copyleft software is that copyleft licenses usually contain some provision(s) that limit what you can do with the software you are building on top of it. Some licenses in the copyleft family could put limitations on your ability to monetize the concept you built. Copyleft licenses are also referred to as reciprocal licenses because they typically contain provisions that could require you to make your source code available under an equally or more permissive use license, depending on how you use the copyleft material in question. This may not be a big deal if you are building something for personal use, but it could have huge implications when selecting software libraries or components that are intended for use in a publicly available product, especially if you intend to monetize by selling your product, or you want to keep your own source code private.
If you have never heard of copyleft licenses you may be thinking that they are not common, or they are not used for critical software, and you would be both right and wrong. We have found that we do not run into copyleft licenses very often when using everyday packages registered through sharing registries such as npm (for NodeJS). However, we have recently run into an important encryption protocol that is copyleft. The Signal Protocol library is cryptographically secure library for securing messages using end-to-end encryption that is both used and built by the folks who brought you the Signal App. It is also used by WhatsApp. However its copyleft nature means that anyone incorporating it into their own software must educate themselves on both the license itself and how that license may impact their product and their plans.
If you are considering using a library, protocol, or component that has a copyleft license, we would recommend speaking with an attorney familiar with software licensing who can discuss your plans for your own product to ensure that your use of the copyleft software in question will not conflict with your plans and goals. You may find that based on how you plan to use the copyleft software in your work and your plans for the final product, using software licensed under a specific copyleft license poses no problems. However, you may also discover that use of that copyleft material conflicts with your intentions or plans for your project, at which point it makes sense to explore other alternatives such as paid services that offer the functionality you may need or, depending on your priorities and the expertise involved, you might spend the time and money to build that functionality from scratch and retain full copyright of your source code.