Open Source Licensing: What Mid-Level Developers Must Know to Avoid Legal Trouble
Source: Dev.to
Permissive Licenses (The “Do Almost Anything” Bunch)
Examples: MIT, Apache 2.0, BSD
What they mean:
You can use the code in your own projects, even if your project is proprietary, closed‑source, and generates significant revenue.
Your only obligation:
Include the original copyright and license text somewhere in your application’s documentation (e.g., an “Acknowledgments” screen).
Copyleft Licenses (The “Viral” Bunch)
Examples: GPL v2, GPL v3, AGPL
What they mean:
If you incorporate a GPL‑licensed library into your application, the entire application is considered a derivative work.
The consequence:
You must make your entire application’s source code publicly available under the same GPL license. This “viral” effect can force a company to release proprietary code.
Example scenario
- You’re building a proprietary, million‑dollar algorithm.
- You find a small command‑line‑parser library on GitHub licensed under GPL v3.
- You use it and ship the product.
- A competitor discovers the GPL component and sues.
- A court could require you to either stop selling the product or release the full source code of your algorithm for free.
This mistake can be fatal for a company.
Affero GPL (AGPL)
Used by: MongoDB (historically), Grafana, and many “open core” tools.
What it means:
The AGPL is like the GPL but adds a network‑use clause. If you run an AGPL program on a server and users interact with it (e.g., a SaaS product), you must make the (potentially modified) source code available to those users.
The rule:
- If you only use an unmodified AGPL component (e.g., your app talks to a standard MongoDB database), you’re generally fine.
- If you modify the AGPL code itself, you must publish those modifications to all users.
Practical Steps for Mid‑Level Developers
Check before you install
Before running npm install (or any package manager command), spend a few seconds to:
- Visit the repository.
- Review the
LICENSEfile.
Know your company’s policy
Most mature tech companies maintain an “approved” list of licenses—typically MIT, Apache, BSD. Anything else, especially GPL or AGPL, should be cleared with legal first.
Use tooling
Automate license compliance in your CI/CD pipeline with tools such as:
- Snyk
- FOSSA
- WhiteSource
These scanners analyze all dependencies, flag high‑risk licenses, and prevent problematic code from being merged into main.
Conclusion
Understanding open‑source licensing isn’t about avoiding OSS; it’s about being a professional. Just as a carpenter knows the difference between a nail and a screw, a developer must know the difference between MIT and GPL. Mastering this knowledge is a key milestone in your career progression and helps you become a trusted engineer rather than just a coder.
For more information, please refer to our blog.