- Advice on appropriate LICENSE file format
- Advice on copyright and license blocks at the head of source files
- Advice on npm licensing given that the npm client is bundled with Node.js source and binary downloads:
a. Are there any legal concerns arising from the npm client's new license (https://github.com/npm/npm/blob/master/LICENSE) that will eventually be included in all Node.js release lines.
b. Are there any legal concerns arising from the license as it exists in all current Node.js releases and has existed in the same approximate form since Node.js v0.10.31—specifically: the modification of the Artistic License to include additional terms, the additional terms themselves, and the extension of terms to arbitrarily updatable terms on the npm website.
c. Are there any actions or statements the Foundation needs to make resulting from any concerns that may exist.
The current format may be found at https://raw.githubusercontent.com/nodejs/node/v5.1.0/LICENSE and is displayed in:
- The GitHub repository source view
- The downloadable binary tar files
- The downloadable source tar files
- The downloadable OS X and Microsoft installers, both as files and as click-through agreements
The license
- Starts with an MIT block, copyright assigned to "Node.js contributors".
- Continues with the text "This license applies to parts of Node.js originating from the https://github.com/joyent/node repository:" with copyright assigned to "Joyent, Inc. and other Node contributors." The license then states that "The Node.js license applies to all parts of Node.js that are not externally maintained libraries."
- Lists "externally" maintained libraries under the text "Externally maintained libraries used by Node.js are:" with each library listed with a heading such as "- V8, located at deps/v8. V8's license follows: " followed by the license text taken from the license file provided with that library. Externally maintained libraries listed in the current v5.x release line are: V8, C-Ares, OpenSSL, HTTP Parser, ESLint, tools/cpplint.py, lib/punycode.js, tools/gyp, Zlib, npm, tools/doc/node_modules/marked, test/gc/node_modules/weak, ICU. It has been noted that some of these licenses may currently not match the license files bundled with these projects as highlighted by the discrepancies between the npm license in this file and the contents of the deps/npm/LICENSE file.
Most source files maintained by Node.js used to include a block beginning with "Copyright Joyent, Inc. and other Node contributors." followed by the text of the MIT license.
Prior to the release of io.js v1.0.0, most source files had these blocks removed, beginning with https://github.com/nodejs/node/commit/3e1b1dd and continuing with additional commits to remove it on additional files. It was believed that these blocks are unnecessary from a legal standpoint and their removal was a positive step.
There still exist a number of files with copyright blocks left intact:
- src/debug-agent.cc and src/debug-agent.h: assigning copyright to "Fedor Indutny and other Node contributors." followed by the MIT text
- src/node.d, src/node_provider.d, src/v8abbr.h, test/parallel/test-dgram-exclusive-implicit-bind.js: containing the original Joyent block
- src/string_search.h: assigning copyright to "V8 project authors." with a reference to "Use of this source code is governed by a BSD-style license that can be found in the LICENSE file." (note that the LICENSE file referred to here is not the LICENSE file at the root of the project, although it does contain a copy of the V8 license).
- src/tree.h: assigning copyright to "Niels Provos [email protected]" and includes the BSD-3-Clause text.
- lib/assert.js: begins with "http://wiki.commonjs.org/wiki/Unit_Testing/1.0, THIS IS NOT TESTED NOR LIKELY TO WORK OUTSIDE V8! Originally from narwhal.js (http://narwhaljs.org)" and assigning copyright to "Thomas Robinson <280north.com>" followed by the MIT text.
- lib/v8.js: assigning copyright to "StrongLoop Inc." followed by the ISC text.
- test/message/testcfg.py: assigning copyright to "V8 project authors." followed by the BSD-3-Clause text.
Additionally, src/res/node.rc is used by the Windows installer and sets the LegalCopyright property of installed files to "Copyright Node.js contributors. MIT license."
We would like advice on an appropriate and consistent approach to including, or not including license and copyright blocks in source files.
Advice on npm licensing given that the npm client is bundled with Node.js source and binary downloads
For context, please see nodejs/node#3959 (and linked discussions).
Are there any legal concerns arising from the npm client's new license (https://github.com/npm/npm/blob/master/LICENSE) that will eventually be included in all Node.js release lines.
Isaac Schlueter states at nodejs/node#3959 (comment) that npm are "moving towards" the new text located at https://github.com/npm/npm/blob/master/LICENSE. we presume that this text will be included in versions 2 and 3 of the npm client (v2 is bundled with Node.js v0.12 and v4 LTS, v3 is bundled with Node.js v5) and perhaps version 1 (which is bundled with Node.js v0.10).
We would like to assure concerned community members that the Foundation takes no legal issue with the new form of this license text.
Are there any legal concerns arising from the license as it exists in all current Node.js releases and has existed in the same approximate form since Node.js v0.10.31—specifically: the modification of the Artistic License to include additional terms, the additional terms themselves, and the extension of terms to arbitrarily updatable terms on the npm website.
Concerns have been raised by community members regarding the modifications to the Artistic License, specifically in relation to:
- The actual modification and concerns that the Artistic License forbids such modification.
- Reference to restrictions that may be updated on the npm website from time to time and usage of the npm software binds users by any such changes.
- That users of npm as it was and is bundled with Node.js have been bound by these terms and whether any repairatory action is required.
The current license as it exists in all current v5.x releases can be found at https://raw.githubusercontent.com/nodejs/node/v5.1.0/deps/npm/LICENSE The current license as it exists in all v0.10, v0.12 and v4.x releases can be found at https://raw.githubusercontent.com/nodejs/node/v0.10.30/deps/npm/LICENSE The differences between these are minor
- Change the "npm Logo" from "created by Mathias Pettersson and Brian Hammond, used with permission" to "contributed by Mathias Pettersson and Brian Hammond, use is subject to https://www.npmjs.com/policies/trademark"
- A change of the "Gubblebum Blocky" font copyright owner URL from http to https.
for nodejs/node#3979