Licensing pt. 2: Electric Boogaloo (a.k.a. potential license incompatibility with permissively-licensed projects)

[ChlodAlejandro]

This repo doesn't have Discussions enabled, so I'll just make this as an issue instead.

I've been nerd sniped trying to think of the ramifications of using this library. I've been doing some research on the effects of the GPL with code, and I've been having one hell of a time with reading past examples. At this point, I might even right a case study about this. The problem essentially boils down to the question "Can this library be used by a project licensed under a less-restrictive license if the project does not directly depend on the library?"

It seems like an easy question: yes, because the final output code does not contain any of the code in this library. It's merely types. However, some rather vague wording (and lack of actual legal counsel) has prevented me from properly finding out if that answer is valid. I took to the Open Source StackExchange for a second opinion, and one of the comments stood out to me:

"if you're distributing the source files then you're required to license your under with GPL."
— Ar Rakin, 10 March 2022, CC BY-SA 4.0

The GPL famously considers any dynamic or static linking of a GPL work (in this case, this library) in any other work as a "covered work", which essentially means that the latter project must be released under the GPL as well. Whether inclusion in a package.json is considered a dependency is up for debate, but is generally not considered to be linking. In essence, having it as a dev dependency is also not considered linking, and is allowed since the GPL-licensed work (this library) only exists in "mere aggregation" with the project (especially since node_modules isn't bundled with the project and is downloaded separately).

Using the library as part of the build or testing process (which is the case when including it in tsconfig.json) of a permissively-licensed project, however, has not been clearly explained. In fact, in my attempt to find an answer to this, I was led back to my original question on StackExchange. Even if the final output of the project contained none of the typings, this GPL-licensed library still would have been needed to build the compiled (or in this case, transpiled) work, and therefore we technically rely on the GPL-licensed library, possibly invoking the GPL's viral terms.

If the problem seems to have originally stemmed from the API documentation (per #1), then technically replacing the documentation with our own documentation (or using @see to link to the MediaWiki documentation website) avoids this problem entirely. Although the library still technically includes parts of GPL-licensed code (MediaWiki core JS function signatures), the Google v. Oracle case has decided (as a matter of law) that such a use case would be fair use. This does, however, seem like a rather drastic solution that would have been brought upon by my own adventures as a nerd sniping victim.

I considered emailing the WMF Legal Team as they may have some constructive input on this, but perhaps some discussion here first would be better. Again, this could just be some rather strong paranoia (or perhaps some rather strong curiosity), but it's better to be safe and care now that have to deal with an eventual pain in the rear regarding licensing.