Licensing is important for any open-source project. But as dependencies mount, tracking licenses and changes can be difficult. GitHub is hoping to ease that burden by open-sourcing one of its internal tools.
GitHub’s ‘Licensed’ (they’re very clever at naming products) automates the licensing process. According to Github, the tool is useful for any repo, though companies with large repos that have to keep a careful eye on functionality and compliance will definitely get the most from Licensed.
Curious how Licensed works? Here’s GitHub’s explanation:
Licensed works in any Git repository to find, cache and check license metadata for dependencies. It can detect dependencies from multiple language types and package managers across multiple projects in a single repository. This flexibility allows Licensed to work equally well for a monolith repository as it would for a repository containing a single project.
Licensed operates on the concepts of “applications”, where an application is defined as the combination of a source location and a cache directory. A configuration file is used to specify one or more applications, along with additional configuration settings used when running Licensed.
It enumerates dependencies for an application’s source path. For each dependency found, Licensed finds the source path and extracts metadata such as name and version. Licensed then pings the Ruby gem Licensee to surface license info and return the licensing text.
From there, Licensed caches license data and checks metadata when a repo is updated. GitHub says it will verify all info is current, and notify repo managers if something has changed.
Licensed is a time-saving measure already in use within GitHub. It might seem a bit obscure, but licensing is important to open-source projects. Recently, Facebook had to change its React licensing to the popular MIT license because developers simply weren’t buying into Facebook’s scheme.
A slap-fight between WordPress and Wix also centered on licensing, with WordPress’s founder claiming that Wix simply copy/pasted its editor for use in their own service, right down to the same bugs. Wix naturally denied the claim; in Wix’s repo notes for its editor, the company wrote: “Code in this git repo is licensed MIT, please consider the licenses of the dependencies separately.” WordPress was released under the GPL license, which requires any forking or pinching to also be released under the GPL license.
While Licensed can’t solve licensing dustups, it can help teams identify potential issues before they occur. If the Wix team had been more thoughtful about the GPL license, maybe they’d have used it instead of the MIT license. Who knows.
GitHub says that Licensed is still in development, but isn’t a beta product. Its roadmap involves reducing use-related friction, and making it easier to add new dependency sources as well as support for more dependencies. Naturally, Licensed is also open source (check that license, though!), so anyone can contribute.