Hacker News new | comments | show | ask | jobs | submit login
Explaining React's license (facebook.com)
978 points by y4m4b4 9 months ago | hide | past | web | favorite | 595 comments



I love love love love love react as a technology, but this is just awful. I believe any developer not on Facebook's payroll still contributing to React or React native at this point has a moral obligation to stop. I personally feel like such a fool for not taking all this seriously before the ASF gave me a wakeup call. React is a trojan horse into the open source community that Facebook purposely and maliciously steered over time to deepen their war chest. Maybe that's an overblown take, but they had a perfect opportunity here to prove me wrong and they didn't. The defensive cover they present here feels so paper thin.

Even if we paint all of their actions in the most favorable possible light, and even if the clause is a paper tiger as some have claimed, it doesn't matter. This is not how open source should work. We should not have to debate for years if a project's license is radioactive. Especially individual devs like myself who just want to use a great tool. We should be able to just use it, because it's open and that's what open means. This is so much worse than closed. It's closed masquerading as open.


Well, I planned to learn more about React, but reading now this convinced me to learn Vue.js instead.

It's under MIT license developed by a single person in addition to community's contribution.

This link is rather interesting https://vuejs.org/v2/guide/comparison.html#React


Alternatively there's this: https://github.com/developit/preact

Preact is a fast 3kB alternative to React, with the same ES2015 API as that of React.

Preact is MIT licensed and does not have any additional conditions beyond that.


Yes, preact looks like a good drop-in replacement. The good thing about the MIT license is you know what you are getting.

I also agree with the OP, even viewing FB in the best light possible, about the best case you can make is that they want to hedge any risks to themselves while profiting from OSS contributions and the OSS marketing. As it stands, there is virtually no case to be made for them wanting to contribute to the OSS community. IMHO if you're a dev and contributing to the facebook oss ecosystem, I would actively encourage you to stop.


As I said in my article [1]:

Patents protect ideas and inventions. In most cases, patent assertion cases are not black or white — win or loose. Infringement evaluation is complex and costly. A lawsuit can cost hundreds of thousands or millions to file and pursue. You might have a 85% confidence that FB violated a patent of yours, but to even pursue it it’s going to cost you a lot of money.

If on top of that, you will need to invest to migrate away onto a different frontend framework first, and make sure that all your customers are using your new product version (what if you’re using React Native? your users may not upgrade the apps at once!), before you can even file the lawsuit, do you think that’s an honest, ethical usage of open source philosophy?

Bottom line: Open Source is not a “quid pro quo” trade. Open Source is about creating communities to build better software together. It should never be used as a marketplace to exchange people's rights.

[1] https://medium.com/consensusx/if-youre-a-startup-you-should-...


Thank you. You pretty eloquently summed up my thoughts about this entire situation. I'm sad, because Facebook runs some pretty cool open source projects. But I will no longer contribute to them if this is their attitude. It's about as far from community-oriented as I can imagine.


FB would be happy to replace the internet with Facebook. I think we've all known this for some time now. It's not their attitude, it's their entire reason for being. It's a form of totalitarianism that we don't have a word for; that's beyond most people's imagination.

It would be fitting for FB to change their motto (?) to "We're not evil either." Lol


Good joke there :)

Do you believe Google also has shown intents to be totalitarian or "be evil" ?

IMHO Google has handled their enormous power and popularity very well.

Fair Disclaimer: I must confess I'm a google user, not affiliated to them in any other way (that I know of) though :D


It's not what I believe. It's what the "data" shows. Sure you can believe the words. But it's actions that matter. And in that context "don't be evil" is comical at best.


So ultimately patents boil down to the deepest pockets. Not that I'm naive, but that's a pretty shitty way to do such things.


Sorry I've forgotten what the status was on the "are APIs copyrightable" question, i.e. the Oracle v Google fight. I'm kind of confused about what wikipedia says happened - there seem to be two final rulings one in favor of Oracle and one in favor of Google with Oracle appealing the second. Is it that APIs are copyrightable but duplicating them is (sometimes?) covered under fair use? Either way, I'd be a little hesitant to use this.


APIs are copyrightable. You can see here: http://www.zerobugsandprogramfaster.net/essays/x-1.html

There is still a question on fair use. Google won the jury trial, but the appellate court is ruling in a few months, and that could change everything.


The link that you provided is from May of 2016. AFAIK, Google won that case and the appeals and there are no ongoing appeals: https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google....

Oracle really has a way of being a big swinging legal turd, I do believe they would try anything they could. It just seems like they wouldn't wait a year to get it going.


You are correct. (For the unfamiliar, there are separate rulings because in this case, the Court of Appeals for the Federal Circuit ruled that APIs are copyrightable, then remanded back to the district court to re-try the case in light of the new decision about copyrightability, which then found that reimplementation of the API was covered under fair use.)


Only in the US. In the EU, in particular, APIs cannot be copyrighted[0].

Namely: "For the avoidance of doubt, it has to be made clear that only the expression of a computer program is protected and that ideas and principles which underlie any element of a program, including those which underlie its interfaces, are not protected by copyright under this Directive."

[0] http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:320...


Whoops - sorry, yes, this is a very good point. I'm usually good at checking my own US-centric POV but I totally forgot here.


IANAL, but the problem with MIT is that it doesn't give you anything in relation to patents. I.e. it doesn't even mention them. In this respect, it's no better than React's BSD without patents. I.e. MIT and BSD are quite similar.


The MIT license doesn't mention copyright either, except to state who holds the copyright and forbid you from changing that statement.

The actual permission notice says you have the right to use the software without restriction. To me, a layman, it would seem contradictory and unfair if they later claimed that they held previously unmentioned patents that restricted your use of the software.


It might imply a patent license, it might not. I don't think it's ever been tested in court. But at best you're getting a license to the Preact author's patents, if there are any, which there probably aren't. You're definitely not getting a license to Facebook's patents - but because Preact is a clone of React (in outward design, at least), any Facebook patent that applies to React has a decent chance of also applying to Preact. So I'm not sure it helps that much...


Apologies. I didn't notice this was about preact specifically. I agree that switching to preact is unlikely to help with any patent issues. I don't think any free licenses indemnify you from third-party patent claims.


It's debatable how far that provides indemnity from Facebook. It's explicitly derived from their API, so whereas you can conceivably write a project to make use of React and then seamlessly switch to Preact if Facebook become threatening, surely Preact itself is liable — and your software by extension — for using the API?


It does appear that in the US, APIs are considered subject to copyright, thanks to Oracle:

https://www.techdirt.com/articles/20160511/17515734410/stake...


Check out Preact. It's an API compatible, lightweight React alternative that is actual free software.

As a bonus, it's a lot smaller, just 3kb minified

https://preactjs.com/


you've made a great choice. forget about patents: vue is a joy to use. can't say the same about react, personally.

also check out nuxt.js, a small abstraction layer on top of vue that has some opinions about file structure and also makes SSR a breeze https://nuxtjs.org/


Finishing up a project at work with Vue right now, and I gotta say it's really excellent to work with. Way more intuitive than some other frameworks out there.


To me it has the advantage that jQuery had, the product if a single developer with a huge community behind him but no large company imposing their agenda on the framework.


React isn't even a framework.


When most people talk about React, they aren't talking the single library, but rather, the ecosystem of libraries that enable you to build applications. Most "frameworks" are just a collection of libraries too - the difference is in branding, and most frameworks are really just a pre-built package.json/Gemfile/etc.

I'd venture to say that very few if any of the sites Facebook lists at https://github.com/facebook/react/wiki/sites-using-react are using "React the view library" by itself.


But does it also provide an alternative to React Native?


You can use Vue with Nativescript but at this point it's still early days

https://www.nativescript.org/blog/a-new-vue-for-nativescript

https://github.com/rigor789/nativescript-vue


yes, weex[1], which is becoming some sort of apache project. it was formerly (?) an alibaba project, not actually sure on the specifics RE: changing of hands.

1. https://weex.apache.org/


I hope they are very good, but it is not a good first impression if your UX framework web page looks like this on mobile:

https://kek.gg/i/C92Fk.png

https://kek.gg/i/89GHzx.png


I looked into this because I remembered weex having a different alibaba site[1]. it looks like weex became an ASF incubator project ~6 mos ago. around the same time, evan you (vue creator) mentioned on twitter (or maybe a github comment, I don't remember) that there is massive development going into weex right now. I would guess it'll be a few more months before we see a solid website with solid docs from ASF.

1. https://web.archive.org/web/20161224161323/http://alibaba.gi...


And also says "Get Invovled"


looks like weex uses `flow-bin` which is a BSD+PATENTS repo:

https://github.com/apache/incubator-weex/blob/master/package...

not sure, but I think that means users of weex are subject to BSD+PATENTS also


nativescript-vue


Try out weex


Or there is Google's Polymer framework. In my opinion, Polymer is better than React and Vue. I could never bring myself to use React because of its liense terms.


Using polymer as a JS frontend framework wasted about a year of work at my friend's company. They eventually switched to react for one project and an in-house react replacement for the other.


I've used Polymer in three production applications and they were successes.


google is pretty bad at frontend frameworks from my experience :D Polymer is an experiment that should have stayed in that state.


I'd argue that google is pretty strong when it comes to frameworks, and that most of their criticism comes from people who aren't looking for a framework, but rather a library (like React).

And Polymer isn't even really either of those things, it's a polyfill for a native browser feature.


Polymer is not a polyfill for web components - it is higher level library - something like "jquery for web components" - WC polyfill is separate project, in separate repo - you will need it with X-Tags, Svelte, SkateJS too.


No, a polyfill has to closely mirror an API. Polymer is inspired by web components but went its own way for several features.


I'm guessing you're hating on Angular? Why? I'm a huge fan of 1.x & polymer, but I'm curious to know why you think it is not worth using.


True, what I really love about polymer is https://webcomponents.org, basically a collection of webcomponents that can be used either individually or in combination without much setup.

This creates great looking results pretty fast and also enables you to easily give back to the community by open-sourcing your own components. Last time I checked already 1100 components were listed, of which the vast majority seemed really well build.


That's not correct, the Web Component catalog is completely separate from Polymer. Polymer is a library to make it easier to implement web components. You can use Polymer without using any of the community's components.


What did he say that wasn't correct? He said he loves polymer because it gets him access to community made web components.. Made in Polymer...


He implied that https://webcomponents.org/ is part of Polymer, but it is not.


The downside of polymer is that it doesn't really play nicely with modern toolchains.


Yeah because with Polymer you don't even need a toolchain.

I hate toolchains and their clunky 10+ seconds compile step.


Expect good news on this front at the Polymer Summit on Tuesday.


Why not Angular?

It's conspicuously missing from these discussions


From someone who works with Angular everyday, on a multitude of projects... Angular feels far too heavy in comparison to React. While Angular can do the job, there's just too much bloat.


Super powerful but it's no longer the shinny new penny of front end frameworks. Devs like shinny stuff.


Yeah my current gig is steering clear of react because of the patent issue but we are embracing Vue and vuex.


why is angular not even being considered? Has it suddenly become radio active that no one wants to touch it even?


Angular 2+ missed the mark on a few things. Most critically, they missed the mark on Components. Compared to Vue, React, Preact, Marko, etc...Angular 2 components are extremely verbose. And this a big problem, because Components are the building blocks for any UI.

Angular has other issues like the AOT compilation file sizes and the fact that certain standard language features are not supported with it. But even having to know the ins and odds of AOT vs JIT...these aren't even things you have to worry about in any of the ones I mentioned above.

I really wish the Angular team had learned the best lessons from React...but they didn't. It's definitely better than Angular 1...but it's not as good as these other alternatives.


FWIW, I've been using Vue for the last couple of projects and have been extremely satisfied.


I made the same decision about 1-2 months ago for the same reason, and after scaffolding my project from the CLI, creating some components, and adding additional pieces I needed (vue-router, vuex, dev server proxying to my backend, etc.), Vue has been an absolute pleasure to work with.


I haven't had to change to really play around with it, but cycle.js (https://cycle.js.org/) is another option alongside Vue and Preact


I remember sitting in the front row at ngEurope (Angular conf) back in 2014, when Misko announced that Angular 2 would be a (breaking) API rewrite vs Angular 1. At that time, Angular was perhaps at its global maximum of community mind share—bigger than React!—and its popularity began to sink afterwards in large part due to that PR snafu.

I wonder if this is React's "Angular 2." What's worse, the misstep this time is due to ham-fisted corporate mal- stewardship, not just miscommunicated technical good intentions. Vue is similarly positioned to be the "next thing" in the way React was three years ago. My how this space churns.


I'm still working heavily with AngularJS (1) and in combination with components (1.5+), TypeScript and a MVVM approach it is very clean and productive. Even for all its flaws, it still very easy to start with in 10mins, include 1 lib in 1 line and "Hello World" is up and running.

Compare that to the space ship Angular 2. They really made an outstanding effort to create a huge barrier of entry for anyone not having a degree in DevOps. I'm an old fart, I don't need your stinking CLI, Grunt, Gulp, NPM etc stuff.

Compare that to Vue.js really shines in this regard with the same level of entry as AngularJS. For me that is part of what I thinks makes it a succes.

When choosing a new framework I tend to not look for the future, but look in the past. I chose what was mainstream 2-3 years ago, which means right now still AngularJS for me. This means I'm a leecher on StackOverflow, but so be it. I have my own company and clients pay me for working applications, which means I have to choose my tools as efficient and effective as possible. By choosing last years model, it is less sexy but will get me from A to B with the same speed plus added reliability. At the same time I'm keeping a close look to Vue.js and if still going in the same direction next year as it is now, I will definitely switch to it.


Coming from the Angular community & still connected quite a bit to it despite currently working primarily with React, I don’t think having an incremental change would have helped Angular compared to React due to the complexity of Angular.js’s API & its flaws. I actually stand by quite strongly behind the decision to rewrite in Angular 2, but Angular 2 took a long time to come into being - it was rewritten 3+ times in getting to its current state & 3-4 years in the making. I think Google devoted the proper resources too late into it in its quest to make the most performant & flexible framework. I believe this gap is what largely hurt Angular, and while the PR snafu was visible, I think the current situation would have been arrived at regardless.


I agree with you and I think Google is still underestimating the amount of required resources because the framework is still not really "done", a couple examples: universal (SSR) just hit a stable release on angular-cli so it needs time to be widespread and supported in the ecosystem. The are core components like the i18n waiting for a major refactor because they lack basic features: https://github.com/angular/angular/issues/11405


> if a project's license is radioactive

It's not a copyright license. It's a patent grant/license which is completely independent. This matters for several reasons, including when just saying "license", this usually means a copyright license.

If this patent grant get's revoked, you are back to simply using the BSD license with no patent grant. I've read so many people say "you'd have to stop using react if you sued facebook", uh, no, you'd have a bsd license with no patent grant like you probably do with tons of other free software your company uses. Clearly, people should be complaining about that if they are complaining about this, but the misunderstanding and misinformation is really strong. If you believe software patents are universally bad, like many people including me, then it is clearly better using the MIT/BSD license alone, which gives you zero patent rights, you are simply infringing and waiting to be sued. I have no problem with it. https://www.gnu.org/philosophy/software-patents.en.html.


I think you're missing the plot. Currently, there is a big philosophical debate on whether OSS licenses like the BSD include an implicit patent grant. When Facebook explicitly includes a revocable patent grant, your argument of the BSD license "with no patent grant" is self-fulfilling. But if the PATENTS file had never existed, then what you have is "a BSD license with a potentially implicit patent grant", which has never been tried in court so could set a precedence, but is waaaay better for the consumer than a "BSD license with no patent grant because that patent grant has been explicitly granted and now revoked".


To me it's sort of a toss up between these two scenarios. Implicit grant that has never been tried in court vs explicit grant that only gets revoked if I initiate a patent war?


In both scenarios you have a patent grant before going to court over Patents. The difference is that, in one scenario, you no longer have a patent grant once you go to court. In the other scenario (where PATENTS file never exists), you may still have the patent grant after court.


I see. Thanks for the information.


I've seen it pointed out before though that it would fall back to just the BSD license and others countered saying that was definitely not the case. It seems to be yet another fundamental thing about this that isn't clear or agreed upon at all. Still, your point is important and I hope people read it and consider it.

Also by "license" I meant the "BSD + Patents license" as the Facebook writeup put it.


"...definitely not the case." Citation needed, reasons required, etc. The patent license says nothing about terminating the BSD license. Neither refers to nor affects the other. Without a good legal argument, one must assume that the BSD license applies whether Facebook is being sued over a patent or not.


> I've seen it pointed out before though that it would fall back to just the BSD license and others countered saying that was definitely not the case

Those others were wrong. Facebook have made this very clear in their FAQ [1]:

> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

> No.

[1] https://code.facebook.com/pages/850928938376556


That answer only addresses the "copyright license", others argue that plain BSD is a "license to use".

If BSD is a "license to use", then it is implicitly a copyright license _and_ a patent licence.

Assuming the above, the argument goes that the implicit patent license in plain BSD is overridden by the explicit patent license in BSD+Patents, and that the explicit one is much more restrictive than the (unwritten) implicit one.

The FAQ doesn't address that.


From what I understand, React isn't under patent, so what patents would be 'implicitly licensed'?


> better using

I meant to write "better than using." Also, I was not aware of the implied patent license argument.


I'm also going to hop on this train and move away from react. Personally and professionally, I don't like the direction the big players are taking the internet. (The closed, proprietary model.)

I suppose there's not much I can do about it except to move my efforts elsewhere, even if it affects my earnings.


> I don't like the direction the big players are taking the internet

It's more like developers in large parts stopped caring for standards and looked after products and "big players" and "the next big thing" instead aka the consumerization of IT. Happened to SQL, browsers, middleware, network protocols, app servers, containers, programming and markup languages, and more.

Nowadays, big things come onto the scene and into developer's minds via obscene venture capital budgets.


In the case of SQL, I'd say the fragmentation happened because the standards weren't keeping pace with the types of improvements developers were looking for. Even the different RDBMS couldn't keep pace with all the trends, they've each focused on building up different strengths. We'll probably see a return to standards once the rate of innovation slows down.


> It's more like developers in large parts stopped caring for standards and looked after products and "big players"

This is not a recent phenomenon. For example, developers using (mostly) Microsoft tools on Windows have been doing it for decades already.


An even better point than mine! Yes, developers (us) have enabled this situation, as well.

Drives home the point of why I need to move on and be careful where I put effort.


Agreed and there is no reason to still stick with react when alternatives like vuejs and angular are available.

Its not that great anyways when compared to angular 2/4. There are too many concepts to be mastered and it soon become overwhelming. I tried learning react but dropped it after spending a week when I still could not understand routing. Sense of cohesiveness between different concepts is missing. I believe some learning junkies may get the kick out of it but that's not me. My time is better spent elsewhere.

Angular on the other hand introduces everything one single tutorials[1] to make one productive. Deep dive later can be done later on when required.

[1] https://angular.io/tutorial

Edit: minor typo


React Router v4 is dead simple: https://medium.com/@pshrmn/a-simple-react-router-v4-tutorial...

It's just React components up and down.

Most of the concepts that you must learn with React have to do with understanding JavaScript. If you know JS, you know 80% of what you need to know.


It's also less capable and completely incompatible with router 3.


I hadn't heard that it was less capable. But you can always keep using v3 if that's what you know. He seemed to indicate that it took him a week to figure out routing in React. I have never had that much trouble.


> He seemed to indicate that it took him a week to figure out routing in React. I have never had that much trouble.

When you haven't had "that much trouble", it sounds like you're calling them stupid or a liar, and it sounds like you didn't consider the possibility that you're working on a very different problem or have a different definition of "figure out routing".

I store all of my user state in the URL. This way users can copy URLs to each other containing their state, I can press reload to debug things, Other people can embed portions of my application into iframes, and other good benefits.

However I don't want to sprinkle url changes and parsers all over my code, so I'd like to hook into the router system and glue it into the property system. I've probably been through a few versions of this idea with react and certainly spent at least a week in total trying to get it working well with all the different browsers and widgets, only to have react-router 4 come out and break it.

I then probably spent at least a day or two looking for similar-shaped hooks and couldn't find them. Maybe I should have spent more, maybe I should've been smarter.

However I note that the author of React-router took four very different approaches towards figuring out routing and produced incompatible APIs, which is a strong sign that they weren't able to figure out how routing should work either.


No, it's simply that OP did not clarify with any specific problem he had with React Router.

If React Router is not suiting your needs, there are many other options out there. That's the beauty of the ecosystem:

https://github.com/FormidableLabs/redux-little-router https://github.com/react-community/react-navigation

I'm glad that even React Router was willing to iterate on its implementation.

It takes a couple of hours to do a bit of research and searching to find the solution that fits your needs best.


Is there are reason you're not considering angular?

I feel like I'm missing something big with everyone not even talking about angular. Maybe I feel this because Angular was big and then soon it wasn't. Probably that's the disconnect


Same here, This all seems like a "My JS Lib is better than your JS Lib" fight. So let me say this, React is by far and away the best JS view library out there. I don't need MVC in my fucking view(Hey Ember), and I don't need a entire framework for my view(Hey Angular)..

ReactJS 4tw.


React Native is what I believe to be the big thing in the React community. I haven't hear of anything similar in the Angular or Vue ecosystems.


https://weex.apache.org/ is the closest thing for the Vue ecosystem


As an alternative, albeit in a different language, is Google's Flutter[1]. If Google can correctly capitalise on this moment in the React.js ecosystem, they could really come to dominate in cross platform mobile app development.

[1] https://flutter.io/


NativeScript is really good


I've been using NativeScript with Angular and I like it


React doesn't do routing. It's a view library.

And for me, the opposite was true vis-a-vis Angular and React, though got as far as making contributions to the Angular 2 tools before I decided to jumping ship.


> React doesn't do routing. It's a view library.

and that's the problem. React itself solves a tiny subset and delegates the other responsibilities to different tools which may not align with each other. Most of the is spent is wiring making different choices and wiring them together.

On a side note what made you move away from Angular 2 to React?


> and that's the problem. React itself solves a tiny subset and delegates the other responsibilities to different tools which may not align with each other. Most of the is spent is wiring making different choices and wiring them together.

So modularity is a problem now?


well there is modularity and then there's keeping frequently used things together. I think react push modularity at the cost of productivity (opinion).

It's like breaking a kitchen knife into two: the blade and the handle, in the name of modularity.

Concretely, this is what I mean: Routing, and a bunch of other things are used together, it would've been better if react had kept the view library separate but also maintained an official router among other things


Routing isn't always necessary, if you're building server rendered pages and a non-SPA web app. Facebook isn't a SPA, so that's why they never built and subsequently released a router. They generally only open source and release things they use in production.


What's the problem with solving exactly one problem (and doing it fairly well). I'd rather have the possibility of choosing which routing library or state management and swap things as I see fit, than being locked in with whatever the framework chooses.


That's the problem, it isn't intuitive at first as to how one should add routing when using React. I learned React-Router, but the API has changed a lot between versions in the past.


You can't blame a tool for the shortcomings of another tool, though :)

Fwiw, I concur that React Router is/was a bitch (it's been a while) - I suffered through it too. A client-side hash-based router is ~10 lines of javascript, and is what I'll write unless there's an actual need for anything more.


Angular is nothing like React. It's garbage in comparison.


In what sense?


I'm not getting the angular hate. Would you want to explain why?


Just my opinion from working with them everyday. Angular is more of a monolithic beast attempting do everything, and mostly it can. React is more of a microorganism with one goal, which it excels at. For me, Angular feels heavy, especially since the introduction of NgModules. I guess the million breaking changes that occurred from AngularJs to Angular2 might have left a bit of a sour taste in mouth, regarding the framework. How can they introduce NgModules in like beta 10? Angular isn't a bad framework, but the question goes down to would you rather have one framework that try to do everything, or many frameworks that each try do their one thing. There are pros and cons to both. On an even more opinionated note, I really enjoy the syntax, and feel of React(jsx)... which something I don't get with Angular components. I'm not even gonna start on redux, but it's pretty fun when you get the hang of it. As with a lot of things in programming but each to their own.


Angular does not come with a patent grant at all. Vue most likely is infringing on FB patents anyway. So what is the win exactly?


> Vue most likely is infringing on FB patents anyway

There are zero known patents related to react.


So what patents FB grant is related to?


In that case, the patent clause in the React license has zero effect.


Mmm, well it widens the range of people using software declaring their patent grant, which applies to all their other patents as well.


Angular 2 is MIT licensed. Why you need a patent grant anyways?


because copyright and patents are orthogonal concepts. FB gives you patent grant with restrictions Google does not give you a patent grant at all.


The patent grant is (presumably) implied by the act of licensing under MIT in the absence of other specific restrictions (such as Facebook's PATENTS file as an explicit patent grant with one-sided limitations).

See for example: http://oss-watch.ac.uk/resources/fossandpatents "Some free and open source software licences also explicitly grant the patent rights necessary for the purposes of using, adapting and distributing the code, for example the Apache License v2, the GNU General Public License v3 and the Eclipse Public License. In some jurisdictions, including the UK, it is highly probable that even those free and open source software licences that do not explicitly grant patent rights do in fact provide them implicitly. After all, giving permission to perform a specific act strongly implies permission to perform the steps needed to do so. Thus the permission to redistribute the software granted by all free and open source licences - it can be argued - implies the granting of the right to make use of any of the licensor’s patents which would be infringed by the distribution of the code."


The big question about an implied patent license would be whether or not it is revocable.

In the specific cases of the BSD and MIT copyright licenses note that the licenses do not say that they are irrevocable. A license granted for no consideration is generally revocable unless it specifically says that it is not.

There are substitutes for consideration. It is an open question as far as I know whether or not those apply in the case of free software and make licenses like MIT and BSD irrevocable.

If you use BSD or MIT licensed patented software that does not come with an explicit patent grant, you'll have to deal with these arguments if the patent owner decides to go to court:

1. There is no implied patent license,

2. If there is an implied patent license it is revocable and they revoked yours,

3. The copyright license is revocable, they revoked yours, and that implicitly revokes the implied patent license (even if it is irrevocable normally).

It's so much safer to try to stick to licenses that say they are irrevocable and include an explicit patent grant.


"It's so much safer to try to stick to licenses that say they are irrevocable and include an explicit patent grant."

Sadly, although Facebook includes an explicit patent grant, it does not claim to be irrevocable. They even list one specific case where it can be revoked.


Nice if you are in UK, but a very small % of tech companies is in UK.


vue and angular don't offer the same typing guarantees as React.

Though I use Angular in my day-to-day, I would really love to be in React land for that reason alone. I've had too many interface bugs due to simple template typos


How come? Angular is Typescipt first so typing guarantees are builin.


Not in templates.


You need to use the Angular Language Service extension for vs code, it works perfectly giving you full type completion and error checking in templates https://github.com/angular/vscode-ng-language-service


Thanks for sharing this.


> I believe any developer not on Facebook's payroll still contributing to React or React native at this point has a moral obligation to stop.

I've contributed to React before and will continue to do so. I haven't seen a single reason why not to. Just because React doesn't use your favorite license? Well this may shock you but I also use and help develop closed source software. In my view there is nothing morally wrong here. What's more, it's not even clear which morals you think I would be failing by continuing to contribute to React.


> closed source

That's not really the problem here. The problem is that by using React, even in a closed source context, you are potentially setting yourself up to not successfully make an IP claim against facebook, even for unrelated technologies.


Not being able to sue with patents is not something I give much value to. Software patents aren't even valid where I live and operate. They concern me only as far as USA has the will to have a global jurisdiction. However if Facebook wants to sue me for something ridiculous and has the USA government's global help, then Apache 2.0 license isn't going to save me, they will find something else.


Yeah and that is exactly the problem with the license.

You give up your right to sue facebook with ALL your patents while facebook only gives up the right to sue you with their REACT patent. We don't even know if there is such a thing as a "react patent".


You absolutely do not "give up your right to sue facebook with ALL your patents". People keep saying this, but it isn't there.

If you live in a jurisdiction where the concept of software patents are void, as the GP indicates, the patent clause in the license is meaningless because there cannot be any patents on React in that jurisdiction.


Is it limited to software patents? e.g. if BMW uses React in a project, and FB has a patent which covers React, then I think FB can use all of BMW's patents without paying, and BMW either has a choice of changing away from React, or not suing FB. Could be helpful if FB wants to do something with cars.


IANAL wait is this true?

The way I understood this conversation was that BMW (continuing your example) cannot sue facebook if facebook infringes them on an of their car patents but it's not a right or a grant or even a license of any sort.


I don't understand that last sentence, could you rephrase please?


Then again, Facebook isn't making IP claims against you for using React either.


> Just because React doesn't use your favorite license?

No, that's not the problem for many(most?) of us. The problem is that Facebook has decided to throw out innovative extra conditions to an old and established license. Innovation is typically not a good thing with open source licenses. It just throws a lot of uncertainty and confusion onto the situation, and for what gain? In fact, no one has any clue how this patent grant will work in practice.

If we believe the minimalist interpretation that some people are proposing here, Facebook has gained virtually nothing here. And that fact in itself makes people suspicious, because why would they dig in for almost no gain?


Because Facebook has been sued, even by big players like Yahoo. If Yahoo sues them for patent infringement, they want to be able to say, yo...what about all that free code we gave you?


Completely agree. Everyone here is acting as suing Facebook (and suing successfully) is something that will happen to all of them with great probability.

Why do you even care? It's a great framework and if you don't want to use it under the license then don't. But why ranting about they should change the license?

I can understand why FB is licensing the way they do. I also would be pissed off if I would get sued for some nonsense all the time and would take an opportunity to potentially reduce that.


+1 on this.

I'm going for Preact (https://github.com/developit/preact) for React alternative.


If React really is covered by patents Facebook has then Preact is likely infringing on them since it does the same things in similar ways. And Preact doesn't come with a patent grant from Facebook at all.


We learned from Java and Google that you can't patent and API. It's not forked from React it's an alternative.


The risk behind Preact isn't the API. Remember, this is a discussion about patents, so what matters is fundamental concepts and algorithms.

The most likely thing for Facebook to patent is the concept of a virtual DOM that's diffed to apply updates to the real DOM. IF they have such a patent (and apparently they don't), then any library that has a vdom implementation infringes, including Preact.

Of course, if they DON'T have such a patent (which seems to be the case), then Preact is safe, but so is React. :)


They would have to sue on the basis that Preact and by extension all React-compatible APIs are in violation of their patent.

This would cause mass alienation in the community for little gain, and force many previously neutral parties to align against them for attacking a completely separate project.

And for little damage as well....

If we rewrote our sites to use React coming from Backbone, JQuery and Angular... it won't be too much of a hardship to rewrite our sites to no longer use React in the future. Heck considering the 5-year churn of JS frameworks, I'm already penciling in the rise of a new framework in 2022.


They would simply sue a particular company for employing infringing technology. They wouldn't have to nor want to make any broader claim than necessary to achieve their goals in the case at hand.

It would likely be a company suing FB for infringing a patent who happens to also use Preact in a site. FB presumably wouldn't have access to the site source code (pre-suit), but would be looking at the compiled, minified public site. I don't know how Preact and React look when compiled compared to each other, but given their similar structures it might be hard to tell them apart. FB would identify the offending bits of code or code structure. They wouldn't need to even use the word "Preact" (or "React") in the suit.

If the underlying suit was a patent troll suing FB, FB's use of React patent clause might actually be celebrated in a enemy-of-my-enemy kind of way by the broader developer community.

It would require FB to finally disclose the patent numbers applicable to React. I've spent a few hours attempted to review FB's patents to find anything related to React technology, but it's a needle in a haystack challenge and I failed. There are tens of thousands of patents and impossible to know what keywords to search for. (If someone else has done this work, would be great!)


> They would have to sue on the basis that Preact and by extension all React-compatible APIs are in violation of their patent.

Why? Why is the API relevant at all?


I believe you are mistaken, the problem with the license, if I recall the discussion correctly was that if your company used React then they can't go on a patent lawsuit with Facebook even if the patents have zilch to do with React.


Great explanation of implications of React patent clause: https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revok...


No.

The implication is if you use react now you give away rights.

The same is not true for angular, vue or mithril. Some argue if you use vdom there might be issue. But at least with those you/your dev is not giving away rights willingly...

But come to think of it; That is the way fb started :/


No, what rights are you giving away? You always have the right to sue anyone for any reason. There have always been consequences for doing so. If you want to sue Facebook for patent infringement...they own thousands of patents, mind you...they are going to comb through their portfolio and find which ones you're infringing on in your product. That's what any company would do. Google. Apple. Microsoft. Samsung. Yahoo. Any of them.


That may be what was said in a discussion, but it is incorrect. If your company sues Facebook for a patent, then you lose the extra patent grant, which means you would have only the original BSD license. Which is what ASF seems to want the software license under anyway.

The patent grant from FB grants you strictly more rights than BSD alone (though admittedly, you could lose those extra rights).


> if I recall the discussion correctly was that if your company used React then they can't go on a patent lawsuit with Facebook even if the patents have zilch to do with React.

Not at all.


React is still unsafe because facebook can infringe on your patents and if you sue you will lose your rights to use react.


That's simply false. It cannot happen. How many times does this need to be explained?

It's been discussed a ton, the plain language of the license makes that clear, Facebook even covered this in their official React license FAQ (https://code.facebook.com/pages/850928938376556).

Please stop spreading FUD.


From the linked FAQ:

>> Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?

> No.

>> Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?

> No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.

My interpretation of that is if I use React I can't sue Facebook for any patent violations lest they pull their React patent licenses and immediately sue me for infringement.


> immediately sue me for infringement.

Of what? Patents are public; link me the patent you think they'd sue you for infringing. :)


> Of what? Patents are public; link me the patent you think they'd sue you for infringing. :)

If they really want to crush little ol' me, I'm sure their legal team can find something in their existing patent warchest that would apply to React.

Plus we don't know if they have applied for patents that would apply to React that are still under review.


> If they really want to crush little ol' me, I'm sure their legal team can find something in their existing patent warchest that would apply to React.

Yes, but also to your non-React code, right?

Like...seriously, what patent do you think they might have that somehow only applies to React and not all the other modern frameworks that have been busily copying React?


That would require discovery. React being front end is immediately apparent if in use. You can't hide or deny it.


I think we read a different FAQ, or I'm misreading your link. The FAQ says that if Facebook sues _you_ for patent infringement and you counter sue for patent infringement that they won't revoke your license, but I don't see anything that answers the parent comment's concern.


> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

> No.

In short, if you get into a patent dispute with them, your license to use React does not terminate.

So when someone says "if you sue you will lose your rights to use react" this is wrong. My rights to use React come from the BSD license, not from the patent grant.


It's not entirely wrong. If you get into a patent dispute with them, you lose the patent grant to React, which means if they have any (none have been seen yet) patents related to React, they can very quickly countersue you, making the patent suit from your end, while still valid, a guaranteed financial ruin for any business not on their scale. We're not saying the license + patents combination explicitly grants Facebook the right to infringe on your patents, but rather it's a trap clause that makes it impossible to survive a patent lawsuit against them by virtue of using React, which in _effect_ is like a patent grant back to them.


Exactly. You'll be using the React code under the BSD license but without any patent grants.


Is this is true, then why the hell is Facebook digging in like this? They're going to ruin their hard-earned open source creds for very little gain.


Probably because they don't care. They created React to solve a problem they had, they open sourced it 'cause why not, some people adopted it, some people didn't...Facebook doesn't care either way. They're not an open source company, and they don't really care how many startups use React, or how many Github stars they+ have. They don't rely on external users for testing, or external devs for contributions.

It's not so much they're "digging in" in the face of criticism, as they simply haven't noticed the criticism, because it has no relevance to Facebook at the level where corporate policy is set. Or so I believe. :)


> ...Facebook doesn't care either way

I disagree. There are clearly a lot of people who evangelize React and other open source projects. It helps a lot with recruitment and Facebook's public relations among devs. I just don't think the attorneys grasp how much this is affecting other parts of the company.


Even if you reject the notion of software patents..

I don't want a non-standard license... It's just more complexity we don't need.

Make it LGPLv3 or something if you want a patent clause, don't invent your own.


I'm pretty sure that the concept (or implementation) of virtual dom wasn't invented as a part of React. IANAL but I don't think they could patent it. Ignoring specific optimizations, a virtual dom algorithm is fairly simple.


Correct, there is known prior art relating to vdoms, so any such patent would be fairly easy to defeat, IF it exists...and patents are public, and people have looked, and no such patent seems to exist.

The patent issue is really not a big deal with React; the real concern is philosophical.


Patents are public, and Facebook does not have a vdom patent. It's puzzling that this is even a question.


The Google/Java case was about copyrights, not patents, and Google actually lost on that issue.

They won on a fair use claim. And that win is still subject to an ongoing appeal.


> We learned from Java and Google that you can't patent and API

did we? I think the jury is still out on this, i.e. we had one verdict for google, one for oracle, one for google again, and now there's another appeal.


API is a matter of copyright, patents can cover the methods and techniques underneath the API, and so in a way is more general, and it's possible that Facebook patents concern Vue as well.


The case was about whether or not you can copyright an API.


Could anyone with experience porting from one to the other let us know how it went?


For many codebases, Preact can be use simple as:

    npm i -S preact preact-compat
then add this to webpack config:

    {
      "resolve": {
        "alias": {
          "react": "preact-compat",
          "react-dom": "preact-compat"
        }
      }
    }
https://preactjs.com/guide/switching-to-preact


The tricky part is probably testing. I don't think e.g. jest (or maybe it was enzyme?) supports alternative implementations quite yet, though they were working on it...that was true months ago though.

If you're starting from scratch pretty easy though, sure. But that assumption is all too widespread in the JS ecosystem these days : (


We saw no problems with Mocha & Enzyme, can't comment on Jest.


woot.

brb :)


Here's a list of companies using React:

- Microsoft - Uber - Yahoo Mail - Dropbox - Airbnb - Netflix - NY Times

If they're ok with the license, you probably shouldn't worry too much. Basically, if you don't own any patents or if your company is smaller than any of the above, you should be ok.


You don't know that they weren't granted separate licensing deals.

I assume they were.

This license is likely to protect facebook against patent litigation that a startup might claim facebook is in violation of.

It's not too hard to imagine a scenario where the next snapchat-like-startup is using react native. Facebook is then in a super leveraged position against them legally.

Snap stories are now facebook stories, instagram stories, and whatsapp stories. It's not such a big leap that it'll happen again.


A more likely explanation is that these large orgs employ real lawyers who looked at the licence and grant and who then approved the use of react because they are professional lawyers who actually understand the legalities involved, unlike 99% of the commenters in this thread.


I suspect the real reason is that these large companies already have large patent war chests, so any suit from FB could incite countersuits from them. They have a measure of impunity and thus their exposure to risk is much less than that of smaller companies and startups.


What's not to understand? If Facebook infringes on one of your software patents your choices are to rewrite your existing React code and sue them for damages or ignore it.

Once your 'professional lawyer' agrees that the license is enforceable it's up to you to decide whether giving Facebook an effective grant of all your patents it worth it.


> rewrite your existing React code

my understanding is that this isn't the case - react isn't itself covered by patent, and the bsd license remains in effect.


No, if such a startup sued FB, then would end up being a legal user of React under the BSD license, which does not terminate.


This is a very dangerous follower mentality. You and I are not in the league of these big companies. If FB sues them they have deep enough pockets to fight back. But we, we would just vanish into thin air.


If you develop a patent worth a billion dollar that Facebook wants to steal, you will probably be ok too.


"worth billion dollars" is not the same as "have billion dollars". FB is both worth and have multiple billion dollars. Does this make sense to you?


All these companies are big enough to potentially have a separate patent agreement with Facebook. I don't have any insider knowledge about them (or anyone else, for that matter) to say whether they do, but you should entertain the possibility rather than assuming their risks are greater than yours.


The person in question was talking out of school, and so I have to be very vague (and you can take this for what it's worth because of it, you don't have to believe me), but at least one of those companies listed in the prior post has no such agreement with Facebook.


Source for Microsoft? I once read an article saying that Google, Apple & Microsoft forbade all their developers from even using React due to its licence and this was years ago.


Come on, everybody's doing it...

Anyway, it's not up to me, it's up to the legal team and they are saying "No".


https://github.com/facebook/react/blob/0.11-stable/LICENSE

Turns out that forking a somewhat recent version of React that uses Apache is possible while still retaining any relevant patents (esp pending vdom patents) and API compatibility.


0.11 is three years old, though. Not really recent.


Most of the APIs are the same which is what really counts. Other frameworks like Inferno already have way better performance using methods not tied to Facebook. But adding those to an actual React fork keeps the patent grant in a way that switching to a greenfield codebase might not.


https://github.com/kevinflo/react-open at least to play around with for my own purposes. I forget what the state of things even was back in .11


You should probably steer clear of trademark infringement too. I was thinking something like free-dom myself.


That's probably the most American-sounding package name I've ever heard


Wow! that's an amazing library name? Would you mind if I ..er.. borrow it? (JK) :D


Good point. Just switched it to rdom-open (first thing that popped in my head lol)


How about eact?


I agree. I also wonder, does the Patents section apply in New Zealand? They banned software patents at a central government level.

Maybe we need groups who can push to lobby for legislation to remove software patents in more countries?


I think a good principle is to never assume malicious intent, but never tolerate an abusive position either.

So, Facebook, lets assume, isn't being malicious and genuinely feels this is the right approach to deal with what they consider to be "meritless" lawsuits... but at the same time, if this response-- genuine as it may be-- gives them abusive power, don't abide it.

Similar principle for politicians-- never support Obama/Trump having a power you wouldn't want Trump/Obama wielding.

For any aspect of power, assume the most abusive historical figure has it-- should they have it? IF not then don't grant it to even people you like.


That would just lead to under-utilization (if that's the right phrase for it) of power.

At most situations you might be assigning improbable risks to things. If you have a reason to believe someone is not going to abuse power, then giving them said power should be okay in real life

Edit: May I add that you're swinging from one extreme to the other. Things need not be black/white. It's a fallacy all on its own


>but this is just awful.

Everyone in this whole thread is saying the same thing. For anyone not up to speed, I found the following explanation of the issue (analysis of the license) very good and short:

https://www.elcaminolegal.com/single-post/2016/10/04/Faceboo...

This lets you know why we have 300+ comments saying the same thing.


> any developer contributing ... has a moral obligation to stop

Oh, come off it!

If you went to some company and got a patent license, and then proceeded to sue that company for patent infringement on an unrelated patent, they would terminate your license. (That's what cross licensing prevents.) So FB is granting React users a patent license free. Why wouldn't they revoke the license if you were suing them? There's no difference from the normal state of affairs except the patent license is free. Now, if you are worried about FB infringing on your patents, it's wisest not to use React, but that's no different than licensing a patent from someone else.


I'm with you. Check out Aurelia which is under the MIT license:

http://aurelia.io/

I'm surprised at how many companies are willing to embrace frameworks that they believe come from Facebook and Google but are not truly backed by those companies. Aurelia has commercial backing and community contributors and a decent license.


Any suggestion on an open source & high quality alternatives for a large existing code base depending on React?


Preact with preact-compat is (almost) a drop-in replacement for existing React code: https://preactjs.com/guide/switching-to-preact


> We should be able to just use it, because it's open and that's what open means.

You can. What's stopping you?


We need to start promoting a single great alternative. My vote is Preact.


So, i feel for them, having watched Google's open source projects be targeted by patent trolls in the past. But i really don't think this is the way forward.

A few things:

1. If you want to suggest you are doing this as part of an attempt to avoid meritless litigation, you really should give concrete examples of that happening. Otherwise, it comes off as a smoke screen.

2. The assertion is that if widely adopted, it would avoid lots of meritless litigation. This is a theoretically possible outcome. Here's another theoretically possible outcome of wide adoption of this kind of very broad termination language: Facebook is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more facebook/react/etc for you" could realistically launch an effective lawsuit before they died. Assume for a second you think Facebook is not likely to do this. If widely adopted, someone will do it. Nobody should have to worry about this possibility when considering whether to adopt particular open source software.

(there are other theoretical outcomes, good and bad).

It's also worth pointing out: None of this is a new discussion or argument. All of the current revisions of the major licenses (Apache v2, GPLv3) went through arguments about whether to use these kinds of broader termination clauses (though not quite as one sided and company focused), and ultimately decided not to, for (IMHO good) reasons. I'm a bit surprised this isn't mentioned or discussed anywhere.

These kinds of clauses are not a uniform net positive, they are fairly bimodal.


That's a good point, especially since the concrete examples won't possibly be about patent trolls. Why would patent trolls (aka Non practicing entities) care about loosing rights "to make, have made, use, sell, offer to sell, import, and otherwise transfer the [React] Software". (as defined in https://github.com/facebook/react/blob/b8ba8c83f318b84e42933...)?


Look at Oracle v. Google...that was a mess. Samsung v. Apple...also a mess. Not all patent litigation is from trolls alone.


Oracle v. Google was not patent litigation (unless you are referring to something other than the oft-cited but not applicable to this situation Java API suits).


Excellent point about NPEs (patent trolls). I think this comment gets to the absolute heart of the matter more than any other that I've seen.


> no startup that they decide to take technology from, and say "no more react (or whatever) for you" could realistically launch an effective lawsuit before they died

If it's the case that these startups wouldn't have the resources to mount an effective lawsuit, then that's true regardless, no? Whatever the React terms say are moot. (I might be misunderstanding; the sentence is one that's hard to parse.)

> All of the current revisions of the major licenses (Apachev2, GPLv3) went through arguments about whether to use these kinds of clauses (though not quite as one sided and company focused), and ultimately decided not to.

When MPL2 was being drafted, I pointed out that a strong, React-like approach to patents would be better, because the protection that Apache 2.0 offers against patents is very narrow. My takeaway was that the reason not to do so was because it wouldn't have been politically expedient at the time—it would just result in people rejecting the MPL. If Facebook is now taking that approach, then run with it now; it suggests the idea should be opened back up for reconsideration in future revisions of these licenses because they can capitalize on the momentum.


To your second point, wouldn't there be a tremendous amount of startups who aren't interested in being in the patents business, or that would otherwise not own the patents over which to sue Facebook, that would thus not be able to get into this position, or did I just completely misunderstand the issue?


Investors seem to be really fond of patentable or protectable technology. Lets say a start up comes up with a really clever and novel way to accurately predict what kind of a cake a person likes best. If they built a platform in React and then Facebook stole the idea - they couldn't sue Facebook (or any Facebook subsidiaries) without immediately revoking the ability to use React.

This isn't only covering Facebook - this covers subsidiaries or subsidiaries etc..


> If they built a platform in React and then Facebook stole the idea - they couldn't sue Facebook (or any Facebook subsidiaries) without immediately revoking the ability to use React.

Untrue. They couldn't sue Facebook (or subsidiary) without immediately losing their right to use any patents Facebook may-or-may-not have on React. Their right to use React would be untouched.

So, are there any patents? People have looked; so far none have been found. More to the point, what JS lib do you think our hypothetical firm should have used instead? Preact? Vue? Angular? Backbone? Why do you think Facebook doesn't have any patents on those?


Here's another theoretically possible outcome of wide adoption of something without any patent licence:

Google is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more Google/Angular/Closure Library/etc for you" could realistically launch an effective lawsuit before they died.


I wonder how Facebook would feel if all the open source software they currently use incorporated the same license. I bet it would deter them from enjoying much of the code they built their business on. This stance seems pretty antithetical to the goal and spirit of open source software and I really hope it's not the beginning of other companies following suit and 'poisoning' the well.


> how Facebook would feel if all the open source software they currently use incorporated the same license

That would work incredibly well to neutralize patents, actually, and would be a huge win for free/open source software.

It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents: it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using. (I'm relying on the assumption that there's no entity that could perform an audit right now and conclude that there's not a single piece of FOSS underpinning their products/services/infrastructure.)

Licenses like Apache 2.0, MPL2, etc all have a "MAD" policy wrt patents, but they all have a gaping hole in their strategy. The React license patches this hole in a really clever way--probably the cleverest thing since the GPL's invention of copyleft to hack copyright law by using it against itself. It's really disappointing to see people's sense of disdain for Facebook overpower their ability to appreciate how clever the React license is.

Addendum from the last time [1] I commented: "FWIW, I don't use React, I don't want to, I'm not a Facebook employee, and in fact I think the world would be a lot better off with Facebook having less influence than they do today. But that doesn't change how weird it is to keep seeing comments like [those that frame the React terms in a negative light]".

1. https://news.ycombinator.com/item?id=14780358


So this opinion almost swayed me, but the problem is that companies aren't scared of open source writers suing them.

If you use project A that was written by one or two developers in their spare time (and they included a BSD+patents) clause, would Facebook fear being sued by them? Probably not -- but new companies that get anywhere close to what Facebook does (increasingly, that's everything these days) definitely live with the real possibility of facebook suing them.

In theory the "no one is able to bring patent suits against anyone because they're violating licenses" is a good outcome (mostly the no patent suits part), but it doesn't quite stand up in practice because patent suits cost money, and bigger companies can sue you longer than you can sue them. I don't want a world where MAD is the default, because the large companies carry nukes, and I carry a peashooter.

I will no longer use react on any new projects.


The clause states you only lose the patent rights if YOU sue Facebook for patent infringement (and only for patent infringement, not other reasons).

As pointed out by Dennis Walsh in (https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revok...), it would take millions to bring a patent suit against Facebook.


Yeah, and if Facebook DOES infringe on a patent you own, and it's a valid case? You then have to rewrite your frontend code base as fast as you can?

At it's best this is like some sort of warped "you infringe on my patents and I'll infringe on yours" kind of thing, assuming MAD means it doesn't become a very-uneven suing war. This case is also bad news, because larger companies are much more capable of infringing on your patents and competing with smaller companies in a conglomerate style.

Amazon is a conglomerate. Alphabet/Google is a conglomerate. Somehow, everyone in the government who manages anti-trust (whether that should be a thing is another debate), seems to be asleep at the wheel, literally everyday.

Also, guess who has lots of resources to rebuild a shitty copy of ingenuous software they found online? Big corporations do. All the starry eyed CS grads who want to go work for Big Conglomerate Co. are going to be rearing to re-implement Redis in 50K LOC, but it's harder for some small company (or just random open source project) to re-build the parts of their app that used react in some other framework.


If you are a small shop, you just don't have the money to file a patent claim against Facebook. That's exactly what the parent post told you: patent litigation is expensive.

The PATENTS file is red herring. If you're a small player and you launch a patent lawsuit against Facebook you stand no chance of winning. Facebook has thousands of patents in its portfolio, and software patents being broad as they are, you're invariably infringing one of them.

You know what, scrap that. Even if you were a somewhat large player with your own respectable patent portfolio, and Facebook had almost no patents you could never win. Why? Because this already happened, dear internet:

https://techcrunch.com/2012/04/23/facebook-patent-fortress/ https://www.washingtonpost.com/business/technology/facebook-...

TLDR: Yahoo sued Facebook before their IPO with 10 infringed patents (not just 1), trying to scare Facebook into giving them money. Facebook only had 56 patents, but they had money, so they bought up 1400 more patents, and countersued with just 10 of them. Yahoo realized they don't have the money to win a lawsuit against Facebook, and meekly submitted and cross-licensed the patents to Facebook.

Now imagine trying to copy cat the Yahoo move with two guys in a garage who own just a single patent against a stronger and more prepared Facebook that has thousands.


You might have responded to the wrong post -- I completely agree (I think I'm the parent poster you're referring to) :)

To give this comment meaningful content:

https://mithril.js.org/

https://vuejs.org/

https://www.nativescript.org/


> Yeah, and if Facebook DOES infringe on a patent you own, and it's a valid case? You then have to rewrite your frontend code base as fast as you can?

In that case, you have two other options:

* Quietly swap out your frontend before you file

* Continue using React and dare Facebook to produce a patent they can actually claim

This, of course, is based on the assumption that your frontend is a significant portion of your product. If your frontend is a trivial portion, then "rewrite your frontend code base as fast as you can" is also trivial.

Edit: fixed formatting


This is something I have yet to understand. From all I read about the patent situation in America it looks like they are totally worthless unless you are a multi million company. Is there actually no way of pursuing a giant if they infringe on your IP?


For the most part, yes, unless you're a non-practicing entity (patent troll).

Large companies carry massive war chests of patents, such that anyone who makes software is most likely violating several of them without knowing it. They defend themselves from patent lawsuits with countersuits from their war chests. (Trolls are immune, though, because they don't make software and therefore aren't infringing in the first place.)


The patent situation is broken in a ton of ways. Just think about the concept for a few minutes and you'll imagine many of the points.

As for the problem you're focusing on, the particular problem is that to actually your patent defensively (the original purpose), you must litigate. To litigate, you must have lawyers, and quite a bit of money. If the other side is capable of buying better lawyers, or lawyers for a longer time, you lose.


I think most in the software community abhor patents for software, so it's probably a good thing that this "mutually assured destruction" environment exists.


> the problem is that companies aren't scared of open source writers suing them.

They should be. Many popular open source projects are supported by a 'community' of large companies, or are invested into a widely respected foundation like Apache.

Additionally, many projects that started off as simply a few developers, grow to the point that a company is founded to handle support and customization. An example of this would be Redis Labs---started by the originator of Redis.

If even tiny patent trolls can be 'dangerous' to multinationals, I expect most would steer clear of declaring a patent war on the community at large.

What if Postgres had a retaliatory patent clause?

What if Linux did?


I think copy-left is good enough.

Also, you're right except for the fact that lots of very very useful projects are not backed by large companies or foundations like apache. What you describe a solution is precisely the world I don't want to live in. I don't want the MAD state of things to be held in check by large organizations -- humans kind of forget themselves in large organizations, far too easily.

Redis is a great success story, but again, that organization is way way weaker than facebook. They just have more money in the bank, and MAD only works if EVERYONE has nukes. It doesn't work if one side is carrying rifles and only one side has nukes.

Maybe we should fix the patent system instead -- I'm aware it's hugely nuanced, but for all the griping that tech does, surprisingly nothing has changed -- the tech companies that make it just don't seem to be trying to change the system once they're established (someone please correct me if I'm wrong).


I agree this is hypothetical, but an organization could form for enforcing the license.


This is exactly what I don't want it to come to. That's just a corporate arms race, and I can promise you open source is not going to win.

Instead of forming organizations to fight patent wars, just put effort towards fixing the patent problems.


"it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using."

It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves :)

I'd put a lot more money on that happening than "happy fun kumbaya singing".

This is among the many reasons that apache, et al chose not to use them when revving their licenses. It's totally worth reading the discussions that happened around these issues back then.

As a friend said WRT to this issue: "Everything old is new again"


>It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves

I agree, but software patents are arguably bad enough that doing away with them entirely is worth the collateral.

A legislative solution might exist to have the best of both worlds, but, in the absence of that, suppose there's a copyleft-analogue hacky way to undermine software patents indiscriminately without requiring an Act of Congress. (and that's not a sure thing at all, but suppose.) Wouldn't you press the button?


See my response to your top-level comment above.

https://news.ycombinator.com/item?id=15051709


> and would be a huge win for free/open source software

It would be a huge win for companies with large software patent portfolios, which is the opposite of what the free software movement is about.


> It would be a huge win for companies with large software patent portfolios

This is backwards. Those are exactly the companies that would be harmed, because their hopes to be able to wield those patents offensively have been nixed.


Companies like FB/AMZN/GOOG/MSFT have, effectively, unlimited engineering resources. And money. They simply smash any incoming problems into dust with brute force. Startups do not matter. Hell, few companies other than huge ones matter. "We might have to replace a 10,000 line piece of free software" is nothing to them. If they wage war against another MegaCo, nothing really changes with this license. That legal battle could be fought (and do damage) regardless, they can meaningfully litigate against each other. But the idea this changes anything when going against, say, smaller players? Because it "weakens" their ability to use their (massive) portfolio? Because Facebook might be "afraid" of losing some software if they file suit? Not really.

So, here's how the real conversation will happen at MegaCo of your choice, should this play out:

---

Alice: We want to sue for patent violation against XYZ Co. But we use XYZ Co's software. If we file suit, we'll have to stop using it due to the license.

Some top-level guy with a three-letter title named "Joe": Okay. How big is their company and what software do we use?

Alice: <MegaCo has more money than God so the only meaningful comparison is "cockroach" at best, and the software is in no way something they cannot acquire elsewhere>

Joe: Okay. Assign 50 engineers to just recreate whatever stupid software of theirs we use, in-house. Or buy another version from someone more reliable. Then assign a billion dollars to legal to destroy them.

Alice: Okay.

---

And that's it. They're done. That strategy was all cleared up before lunch. Keep in mind of course Facebook will probably have enough money to litigate you into the ground so long that probably won't even be able to actually tell them to stop using your software, until they've already replaced it completely and also ruined you at the same time.

It turns out when you have effectively unlimited engineering resources and money (to wage legal battles), things like "Use a new virtual DOM library" or "Replace RocksDB" don't matter at all. They can just do it and crush you anyway.


So how the situation is better if both MegaCorp and small startup are using each other opensource code with just the BSD license (with no patent grants)? megacorp can still sue the startup for patent infringment and destroy it.

If you assume that MegaCorp is evil, the startup has no life whatsoever, whatever open source license is picked. If instead assume that MegaCorp is good, the patent grant has a positive effect on the ecosystem.


If the goal were to get rid of software patents, why don't all the large tech companies just band together and lobby against allowing patents for software? (more like Europe) This looks more like a sneaky trick by Facebook.


In fact, this is explicitly part of their reasoning, from the blog post linked to in the GitHub comment here:

> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.


And in the case of Facebook, reduce meritable litigation against them.


This is sadly false.

This would only neutralize patents of actual companies that have something to create.

The only ones left to hold patents would be patent trolls. This would just massively empower patent trolls, and harm everyone. Because patent trolls don’t have to license patents there’s no risk for them.


Patent trolls never had any risk to themselves in the first place. I don't see how this empowers them.

It just leaves them as clearly the only enemy left, with massive corporate lobbies against them, and widespread public distaste weighing them down.

The current situation is mixed---companies aren't fully in favour of patents, but support the status quo.


> This would only neutralize patents of actual companies that have something to create.

Against each other only, right? They could still use their patents against patent trolls.


Yes, but which patent troll actually uses anything that you can prove violates their patents? They’re basically immune.


I mean, look at Samsung v Apple and Oracle v Google...it's not all trolls in the litigation game.


See my remark about impossible audits. Patent trolls are almost definitely relying on FOSS whether they're in the business of creating software or not.


If I were a patent troll, I would get a Windows computer with a slightly old version of Microsoft Office and nothing else on it.

Even if the entire FOSS community decided to adopt a patent termination clause right now, it cannot retroactively apply to whatever fragments of FOSS code that has found its way into proprietary products so far. So I'm safe as long I don't install any new software until I'm done trollin'.

Your idea would make sense If all the FOSS that was ever written came with a patent termination clause. But that's not the world we live in.


If mutually assured destruction is your definition of peace...

But what prevents everyone from becoming patent infringers in this scenario?


I guess the point is in this hypothetical world patents are useless because suing would trigger the destruction and this is good because the community can freely share and use the best designs.

However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.


> However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.

I believe that contracts that terminate if you sue the other party are fairly standard, and in court these licenses would be considered fairly similar to those contracts.

I don't really know what a court would say, but if I sign a contract that says "I will not sue X for any patent infringement under the condition they don't sue me for patent infringement" I would be surprised if a court found that contract unenforceable. The right to file a patent suit is not a fundamental human right after all, why would signing it away not be possible?

[IANAL]


> be a win for free/open source software

Any project with such a license would be non-free, so I'm not sure how that would be a win for free software.


> such a license would be non-free

I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".

Recall that Apache 2.0, MPL2, and GPLv3—all free software licenses—have patent termination clauses as well, but they're comparatively weak. In fact, GPLv2 didn't have one, and this was the reason why Apache 2.0 is labeled as free but incompatible with GPLv2. The FSF's solution to this was to include it's own patent termination in the next update to the GPL, which is why Apache 2.0 and GPLv3 are compatible today.

See https://www.gnu.org/licenses/license-list.html#apache2


>> such a license would be non-free

> I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".

Richard Stallman said it is non-free [1]:

> React.js is nonfree because of its patent license restriction.

[1] https://lists.gnu.org/archive/html/directory-discuss/2017-01...


> Richard Stallman said it is non-free

And after actually reading it he said it's okay to use for GNU projects: https://lists.gnu.org/archive/html/directory-discuss/2017-01...


Thanks! I also found the following one which gives a rationale [1]. The fine distinction is that the patent grant is completely separate from the copyright license and the termination of patent grant has no influence on the copyright license whatsoever. Unfortunately these messages are not in a single thread, so it is a bit hard to find them.

[1] https://lists.gnu.org/archive/html/directory-discuss/2017-01...


>Richard Stallman said it is non-free

Not the most impartial person to define "free" and "non-free".


Richard Stallman and the FSF are literally the Inês behind the original de definition of "free software". What are you trying to say there?

Anyway, even if you dont line Mr. Stallman, the set of licenses he deems as free software is pretty much 99.9% compatible with the set of licenses deemed "open source" by the OSI or licenses acceptable by Debian (the other authorities you might Sant to look to when it comes to this)


Shortly after posting this, I came across IanKelling's link [1] to the GNU post on Software Patents. I've definitely been conflating copyright and patents in my mind. Thanks for the clarification.

[1] https://www.gnu.org/philosophy/software-patents.en.html


For context in this discussion, the patent text in GPLv3 was original a copy of the Apache 2.0 patent text. This is why Apache 2.0 and GPLv3 are compatible, since the Apache 2.0 patent text is simply a subset of the GPLv3 patent text.


> It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents

The thing is, I agree with your premise that we should always push for licenses that (in the long term) will result in a better free software world where threats such as software patents and draconian copyright are effectively neutralised. All three GPLs did this to copyright (as you noted), and Apache helped step forward on the patent front. I would love to say that the React license helped further this cause. Unfortunately I don't agree, and it's for several reasons.

* This may sound like a minor point, but the React patent license only applies to Facebook's patents, and relies on Facebook retaliating. Code contributed by anyone else may not be giving you the same protection, which means that if they sue someone other than Facebook the target has no real protection. Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft). By only terminating the patent license, you're relying on Facebook suing the offensive party.

* As with almost all patents, Facebook makes it exceptionally explicit that independent discoveries will not be protected. While this is to be expected because it's the default patent law position, it's not exactly what you want if you're going to try to sell me on this being "an ingenious, anti-patent license".

* The patent license clearly favours protecting Facebook over the wider software community. The fact that suits "(i) against Facebook or any of its subsidiaries or corporate affiliates," will result in termination means that the license is incredibly asymmetric in it's protection. The problem is that the "more free" stance of extending this protection to every user of the software would be too strong of a stance for companies to take (it would mean that no company could sue any other over patents in fear of being vulnerable to Facebook's patent portfolio). Not to mention that it still wouldn't solve the patent problem, you'd need to fix my first point and make it apply to all patents by all users. And then it would be seen as an incredibly risky business decision.

* By definition the patent grant cannot be used against Facebook, because of the above protections are not provided. If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing because then you'd be giving them more ammunition. This is where your comparison to the GPL falls flat for me. The GPL does protect users in this situation.

I understand that these might seem like "perfect being the enemy of good", but you have to consider that Facebook's dominant position is what makes these sorts of discussions critical. Sun made some mistakes in the CDDL, and we're still living with those mistakes to this day thanks to the whole Oracle OpenSolaris fiasco (though it went better than we could've hoped). We need to be far more careful in how we evaluate software licenses, and thinking about doomsday scenarios is crucial. If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3?


Please re-review the licenses.

> Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft).

This is not true of Apache 2.0. Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software, but that's the extent of it.

> If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing

This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant. This has been the case ever since version 2 was published.

See https://github.com/facebook/react/commit/b8ba8c83f318b84e429...

> If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3

Either better or the same, depending on your values, but definitely not worse. The license termination clauses in Apache 2.0 and GPLv3 are so narrow they don't offer any greater protection against bad actors.


> Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software

Right, but the "right to use" permission is granted as part of the patent license not the copyright license. You're right that I misspoke and the copyright license is not touched, but the effect is similar AFAICS.

> This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant.

Ah, you're right. I did read the latest version of the document, I guess that sentence must've just slipped by me. My point about asymmetry still stands though.

> Either better or the same, depending on your values, but definitely not worse.

I believe that the asymmetry does not make it better. You could argue it's the same, but I still am not sure I agree.


> I wonder how Facebook would feel if all the open source software they currently use incorporated the same license.

I'm pretty sure they'd be thrilled. That seems to be their aim.

> I bet it would deter them from enjoying much of the code they built their business on.

Why? Serious question; I just don't see why Facebook would care.


> We've been looking for ways around this and have reached out to ASF to see if we could try to work with them, but have come up empty.

There's a pretty obvious solution to this: relicense React. The fact that Facebook isn't even considering that is a pretty strong indication that they "weaponized" their license on purpose.

> To this point, though, we haven't done a good job of explaining the reasons behind our BSD + Patents license.

I think we already understand the reasoning behind it.

> As our business has become successful, we've become a larger target for meritless patent litigation.

And the solution you chose stops merit-ful litigation as well.

> We respect third party IP, including patents, and expect others to respect our IP too.

Clearly you don't, because you've intentionally designed a license to allow you carte blanche to violate other companies' patents if they're dependent enough upon React to not be able to easily stop using it.


> Clearly you don't, because you've intentionally designed a license to allow you carte blanche to violate other companies' patents if they're dependent enough upon React to not be able to easily stop using it.

I think it's pretty clear how disingenuous this is since they don't even constrain the patent revocation to IP lawsuits.

If they were doing this in good faith they would want to scope this as tightly as they could, but this is clearly Facebook just trying to extract additional benefit from their OSS contributions.


Nice username ;)


They need to stop referring to React as open source software. This is proprietary source code.

> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.

They do not give a pathway for litigation with merit. This is a patent weapon.


> They need to stop referring to React as open source software. This is proprietary source code.

Somewhere along the line we lost the distinction between "Open Source" and "Source Opened".


No company assumes a meritorious lawsuit against them exists. Planning for it is ridiculous. Don't take that as a defense of this type of license though.


I agree, in a perfect word, I could take Facebook's word that "We respect third party IP, including patents, and expect others to respect our IP too."

I just can't unsee the way this theoretically could allow Facebook to partake in patent infringement without fear of retribution.


Yeah, pointing out how they would never plan for a meritorious lawsuit isn't really defending them, it's pointing out that the argument that they even might requires a lot of assumptions of good faith on Facebook's part that make no sense.

It's possible that there were two groups in FB that were for this, some that were naive enough to just not understand it, and some that totally understood it and let the others continue with their misconceptions. I don't believe there existed a group that actually understood it and it's ramifications and thought it was benign.


I don’t get the obsession with React. It’s a great concept but vdom isn’t hard. Many great alternatives preact, inferno. Slightly different ones like snabdom. We use virtual-jade which allows us to build templates in jade as clean functions.

Facebook has gone too far with React and its Trojan patent clause. So easy to get away from it though with smaller, faster and more focused libraries.


No company hopes or expects a meritorious lawsuit against them to exist.

But, and especially concerning patents, assuming one can't exist is pure folly. And designing your own licenses in a way that prevents someone else from initiating a meritorious lawsuit against you seems quite intentional, especially since they refused to back down once it was pointed out (and especially because there was already precedent in open source licenses for doing this in a sane way, e.g. the Apache License, Version 2.0, and presumably others too).


Is Angular proprietary too?


I would patiently beg everyone to employ some basic reasoning.

Situation A: React is licensed under BSD + PATENTS. You sue Facebook for infringing your widget patent. Turns out Facebook has a patent for something in react. They revoke your grant and counter sue you for infringing that patent. Long legal battle ensues.

Situation A: React is licensed under just BSD. You sue Facebook for infringing your widget patent. Turns out Facebook has a patent for something in react. You never had a grant so Facebook counter sues you for infringing that patent. Long legal battle ensues.

Can someone coldly explain how anyone anywhere would be helped in any way by removing the patents file? Or is the BSD license the problem?


People are worried about Situation C: React is licensed under BSD + PATENTS. You sue Facebook (or any corporate affiliate of theirs) for infringing on your widget patent. Facebook revokes your react license and counter sues you for copyright infringement.

The patents clause doesn't have anything to do with any patents on parts of React. It's a way for Facebook to make it so that anyone who wants to sue them for patent infringement can't use React.


> People are worried about Situation C: React is licensed under BSD + PATENTS. You sue Facebook (or any corporate affiliate of theirs) for infringing on your widget patent. Facebook revokes your react license and counter sues you for copyright infringement.

This cannot happen. This is not a thing. Nobody is legitimately worried about this; anyone who is needs to take a deep breath and stop being ridiculous. This has been clarified many times.

(Source: The plain language of the license, multiple independent lawyers who have commented on this, Facebook's official license FAQ, etc. The BSD license does not terminate when the patent grant does.)


The lawyer who wrote this piece [1], AND automattic's general counsel agree on this.

> Automaticc’s general counsel also agrees with my analysis of contractual and copyright liability in that the patent clause does not revoke the underlying license.

[1] https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revok...


> The license granted hereunder will terminate, automatically and without notice, if you blah blah blah

"The license granted hereunder" refers to the patent license, not the copyright license.


Situation C is identical to situation A and B. You sue Facebook (or any affiliate) and Facebook counter sues you.

You get counter sued whether or not there is a PATENTS file.


No it is NOT identical. In situation A/C (React is licensed under BSD + PATENTS), you have explicitly agreed to have what is essentially your lawful use of React immediately revoked if you sue Facebook for patent infringement. So you sue Facebook, and whether or not your suit is of merit: You have to immediately stop using React. This actually prevents people who are dependent on React from suing Facebook for patent infringement, since they'd basically have to remove any dependency on React before suing. And this emboldens Facebook to infringe on the patents of entities who have a dependency on React, where it would be a major undertaking for the React-dependent organization to cease the use of react. Remember, Facebook is saying they have this in place to prevent merit-less legal battles. But the way they've set it up, it's not a question of whether your suit has merit or not. Facebook is saying "Sue us for patent infringement, and you immediately give up your use of React. Period." So the court rules in your favor over an unrelated patent infringement case? Congrats you won that case, but you've still given up your use of React, because you sued Facebook.

In situation B (React is licensed under just BSD), the patent rights necessary to use React are not written in explicit terms. You have made no explicit agreement to have your patent grant to use React revoked when you sue Facebook for patent infringement. In addition, without an explicit patent grant, a patent grant is implied with the license. You can at least continue to use React until the results of the court case.


> In situation A/C (React is licensed under BSD + PATENTS), you have explicitly agreed to have what is essentially your lawful use of React immediately revoked if you sue Facebook for patent infringement.

No you haven't. That is not what is written in the PATENTS file. The PATENTS gives you a patent grant to any react patent facebook may or may not have, that you can only lose if you sue facebook for patent infringement. Without the patents file, you don't have any grant to those patents.

> You have to immediately stop using React.

No you don't. Why do you think this is the case? There is nothing in the PATENTS file about this at all. All it says is that you lose the grant. If a court grants a preliminary injunction, then yes, you have to stop using it immediately, but guess what: assuming Facebook has some react patents, they can apply for a preliminary injunction against you whether or not the PATENTS file is in there. With just plain jane BSD they can also get a preliminary injunction.

> In addition, without an explicit patent grant, a patent grant is implied with the license.

It's totally misleading to state unsettled law as fact like this. It's wishful thinking. Not being a patent holder myself, I would like it to be true as much as anyone, but the fact is that until this stuff ends up in court, just assuming that a license to redistribute also implies a license to any patents is just a theory.


It's totally misleading for you to state unsettled law as fact like this. None of this has been tried in court so even what you have written carries a degree of speculation.

When Facebook explicitly includes a revocable patent grant (aka the PATENTS file), the argument of it being a "BSD license with no patent grant" when the patent grant is revoked is self-fulfilling. But if the PATENTS file had never existed, then what you have is a "BSD license with a debateably implicit patent grant", which has been the topic of debate long before React even existed, and has yet to be tried in court so could set a precedent, and is a way better bet for the consumer than a "BSD license with no patent grant because that patent grant has been explicitly granted and now revoked, no debate, period".


I read the possible revocation as applying to only the patent license, not to the BSD license which is in a separate file.


I personally am most worried about Facebook's attitude toward dissent on this issue. There's clearly an overwhelming number of developers who want Facebook to simply adopt an established open source license, preferably just BSD, with no extra conditions.

The fact that Facebook has continued to ignore this sentiment tells me that it's no longer a place where developers have much influence. I personally don't want to contribute to or use open source software from such an entity.

But that's just my personal opinion. It's a shame, because I've been really impressed and happy with the work Facebook has done in the area of programming languages (Flow, Hack, HHVM, etc.).


There's a school of thought that the BSD permission to "use" the software implies a patent grant. As an extension of this school of thought, React's PATENTS file could be seen at modifying that grant.


Right. This is the notion that BSD provides an "implicit" patent grant. Legal scholars are debating it, and there is no court precedent. ... but it is likely a more permissive grant than the explicit grant provided by BSD+PATENTS.


Has this never been tested in court in all the years the BSD license has been around (since 1988)?


Not sure why you think that Facebook can claim patents on BSD licensed software without specific identification. Your second situation can't occur.

The problem is that in the case you have a legitimate claim against Facebook they always have an 'out' if you have significant React use in your org.


Even if you have an illegitimate claim they have an out if you are dependent on React. Sue Facebook over patents, lose React. Period.


Not sure what you mean by this. This discussion is about the Apache license not the BSD license. So situation 2 does not exist.

Apache license includes an irrevocable patent grant.


If all situations are equal, why do they need the protection anyways? This is out of step with every other comparable library / framework / whatever.


What protection? The PATENTS takes rights away from Facebook, and gives rights to grantees. Facebook is in a stronger position without it. They added it to be nice.

Without patents file:

- Facebook can sue you for any reason, including react related patent infringement

- You have no patent grant for anything in react

- You can sue Facebook for anything, including patent infringement.

With patents file:

- Facebook can sue you for any reason, except for react related patent infringement

- you have a grant for any Facebook patents related to react

- You can sue Facebook for anything, including patent infringement of any kind. If you do sue them for patent related infringement, you lose the grant above (i.e. You are in same position as if there was no PATENTS file)


Wrong. Without patents file there is an implicit patent grant.


I was wondering about this as I hadn't heard of it before. Found this http://en.swpat.org/wiki/Implicit_patent_licence .

It seems like yes it's true that there is an implicit grant, but it's not well established in case law.


exactly what patents are covered by this 'implicit grant'?


If the community is actively asking them to change it, then how is it being nice? At least offer a dual licensing scheme.


This is pathetic and breaks my heart. Expecting something good from thieves is not very practical, Facebook the company started by stealing others dream. This days if you take a look at them, they won't let grow any other app for any cost. They bought instagram, whatsapp where they already was providing such feature but due to their earlybird list.

Also instead of contributing few tweaks into NPM they made a clone of NPM called Yarn, so funny.

Instead of contributing changes to PHP they made a clone of PHP called HackLang, i am laughing laughter :D

Facebook is a proven bad actor for all open source projects, and its time to be aware. One possible solution is to ban facebook from using any open source projects with a new license.

One day we will going to have F-Git (a copied version of git with some tweaks by facebook)

Snapchat denied to become a part of their monopoly cycle, they made a 100% clone of the product in facebooks every fucking platform. As a software engineer i found it very illegal and unethical, every maker should have good ethics, thats why facebook was unable to invent anything other than Poke feature on facebook itself.

Shame

If i were working at facebook i would definitely switch the company to better one, who won't force me to copy others.

However, i am upset, because the technology that i loved most was just a typical facebook product comes with hidden payloads. I would definitely stay 100% away from all facebook products. It also gives us a free lesson how a evil a tech company could be.

Alternatives: My personal list of alternatives are,

React = Vue JS

React Native = Native Script

All i can do is this: https://twitter.com/rakibtg/status/892784442476904449


> One day we are going to have F-git

Funnily enough, their source control is actually a counter example to your assertions here.

Facebook reportedly don't use git but rather mercurial, and seemingly have contributed significantly to that project. See this for example https://code.facebook.com/posts/218678814984400/scaling-merc...

Note, I don't work at Facebook or have any affiliation or knowledge of how they operate, I'm just taking the contents of this blog post at face value.


I'm really thankful for Yarn.

npm is the buggies software I had to deal with! Also God forbids if you want to fix a bug! First the code is absolute piece of poop and when you figure all this "smart" hacks they wrote and fix it you will have a hard time getting it merged. They close prs and force their way of doing things without caring about community feedback. Take for example that stupid error output or randomly running prepublish script for example

There are so many bad architectural decisions in npm that there is no way you can fix it by a few changes.


>Also instead of contributing few tweaks into NPM they made a clone of NPM called Yarn, so funny.

npm is buggy and seems to need a lot more than a few tweaks. Some time before Yarn came out I was wondering why no one had yet decided to make a direct competitor / rewrite npm from scratch.


Caffe and Caffe2 is also a good example!


What - Caffe2 is a Facebook project?

I used the original Caffe and thought it was built by Berkely University - Caffe2 only shared the name I guess?


Yes, just like he mentioned for the other projects. It even has the PATENTS file added to it: https://github.com/caffe2/caffe2/blob/master/PATENTS


They hired the author.


Almost all of Facebook's "open source" code has the same PATENTS file, which makes them toxic if you can imagine a future where Facebook infringes one of your patents: https://github.com/search?p=5&q=org%3Afacebook+filename%3APA...

This includes things far outside the React ecosystem:

    - Flow (JS type checker, like TypeScript)
    - prepack (JS optimizing transpiler)
    - a bunch of Android/iOS UI/debugging frameworks,
    - all their GraphQL libraries (server/client)
    - their machine learning work (mostly targeting Torch)
    - Reason (statically typed programming language that transpiles to JS/OCaml)
    - ZSTD, a highly competitive compression algorithm.
Disclaimer: I work at Google on Kubernetes (which is Apache licensed). This is my personal opinion. I am frustrated with software with trivially incompatible licenses.


> I am frustrated with software with trivially incompatible licenses.

It's not a copyright license, and it's not incompatible with any other free software license. I'm frustrated with the misinformation spread about it.

If this patent license/grant get's revoked, you are back to simply using the BSD license with no patent grant. I've read so many people say "you'd have to stop using react if you sued facebook", uh, no, you'd have a bsd license with no patent grant like you probably do with tons of other free software your company uses. Clearly, people should be complaining about that if they are complaining about this, but the misunderstanding and misinformation is really strong. If you believe software patents are universally bad, like many people including me, then it is clearly better using the MIT/BSD license alone, which gives you zero patent rights, you are simply infringing and waiting to be sued. I have no problem with it. https://www.gnu.org/philosophy/software-patents.en.html.


Your explanation really doesn't jibe with the explanation given in Facebook's post. If what you say is true, why do they make a point about this patent grant protecting them against patent trolls? There's something tricky about this that I can't figure out, but I really have a hard-time believing they're acting in good faith here.


As cited at multiple other places in this thread, Facebook's own FAQ on the licensing explicitly states what GP just did.


If we use the "minimalist" interpretation like you and others propose here, then I'm stumped by Facebook would bother. It's such a tiny, ultra-specific advantage for Facebook. Why throw this gas on the fire for such a minimal advantage? Just leave it alone.

I suspect this must be coming from Zuckerberg. He's pissed off that some patent troll, somewhere, was using Facebook open source, and he issued an edict. That's the only way this makes any sense at all.


A patent grant is a license.

The patent license is indeed independent of the copyright license, but it's troubling enough that multiple legal teams (Apache and Google, at least) don't want to entangle themselves with it.

I'm doubtful that any licensing scheme can significantly drive patent reform. Lobbying and legal precedents hold that capability.


> multiple legal teams (Apache and Google, at least) don't want to entangle themselves with it.

Citation needed on Google. Apache isn't "not wanting to be entangled", they reject EVERY license which gives stronger protections for user freedoms than apache license alone, like the gpl, lgpl, cddl, mpl, etc, etc, etc. Google has no problem using the gpl for linux and lots of licenses and projects that apache would reject, so you can't just lump them together like it's the same thing.


DannyBee is on this thread. That is good enough citation for me.


Fair enough. And my point about why Apache avoids stronger licenses actually applies to google too, but they are just more flexible about it on a case by case basis.


Just so I understand, as I've never really mulled on how software patents mix with open source licenses, when you say "you'd have a bsd license with no patent grant", who are you waiting to be sued by? Facebook and/or others? Could you theoretically release an open source project under something like BSD that infringes on a patent you hold and then sue someone for patent infringement that uses your project?

I suppose mainly what I'm asking is that by having this patents clause, is Facebook asserting that some or all contents of react are patented by Facebook? Would they be able to sue you for using react if you did something to get your patent grant revoked?


I am very happy to report that ZSTD removed PATENTS clause: https://github.com/facebook/zstd/pull/801


RocksDB too.

That really makes it seem like Facebooks stance is: "As long as we have a few really huge projects that infiltrate most companies' codebases, our 'smaller' projects can drop the patent clause".


What the hell? None of this makes any sense. What is Facebook up too?


This is huge.


Welcome to the "folks who miss the forest for the trees" club.


Welcome to the over-reaction party.

3 years from now, most startups and companies will still be using React as they did for the last 5 years that the same terms held.


>> Welcome to the over-reaction party

Hmmm.. in that case the people who actually need this advice even more would be the maintainers of ZSTD who seem to have hastily changed the license after seeing the backlash from the Apache policy change. Care to stand by this opinion and leave your comment on the thread which discusses the license change over on GitHub?

https://github.com/facebook/zstd/issues/775


What's the difference between say the PATENTS file/grant in these Facebook projects and the PATENTS file/grant in Go which Kubernetes is written in?

Not being inflammatory, genuinely interested as a user of both Go and React...


Not a lawyer, but as I understand it:

The Go and Kubernetes patent licenses terminate if you file litigation specifically regarding those projects-- if you sue anyone for violating some garbage collector patent in Go, you lose the patent licenses Go granted.

Facebook's patent license terminates if you sue Facebook, subsidiaries, or "any party relating to the Software" for any patent infringement. It doesn't have to be related to React.


Thanks, very interesting difference.

Google's grant protects (or tries to protect) specific tech, Facebook's grant protects (or tries to protect) as an umbrella, the organisation.

Well - can't comment on how effective it will be as a disincentive to sue, but I do feel at the same time if it does succeed in that goal it will almost certainly act equally as a negative factor in adoption; because it's my opinion that this is creating a soft-walled garden around Facebook open source tech.


> We've been looking for ways around this and have reached out to ASF to see if we could try to work with them, but have come up empty.

This, to me, is a significant warning sign.

I was leery of the React license to begin with. But the community at large had _almost_ convinced me that it was nothing to worry about.

Unfortunately, Facebook's position as stated here is clearly that the license is weaponized for a reason. I think it's irresponsible to leverage software with this license without clear guidance from legal and corporate overlords stating that it's OK.


Yeah, I got tons of pushback when I tried to steer Automattic and the WordPress community away from React in 2015 with people saying not to worry:

"Replace React with Mithril for licensing reasons" https://github.com/Automattic/wp-calypso/issues/650

Personally, I increasingly doubt that BSD+PATENTS is even GPL-compatible -- and so potentially Automattic may be violating the GPL by using React integrated with WordPress.

What's especially sad about this is that React isn't even that good compared to other vdoms like Mithril and Inferno and others. React just has a lot of name recognition and mindshare from the Facebook association (which then translates into a rich-get-richer effect with more tutorials and components).

Here is a list of more than twenty alternative vdoms I put together in January 2016 (although Mithril remains my favorite): https://github.com/dojo/meta/issues/11#issuecomment-17679024...


If Facebook has a patent on React, it's almost certainly going to be on the vdom concept.

If Facebook has a patent on the vdom, then all the projects in your list violate the patent, and none of them come with even a conditional patent grant from Facebook.

If Facebook does not have a patent on the vdom or other React technology, then those other projects are safe, but so is React, since termination of the patent grant has zero cost to you.

My personal belief is that Facebook has no patents on React, so I feel safe to use React, Mithril, or any other vdom based library. But I can certainly understand people who feel like they need to play it safe, assume Facebook does have a vdom patent, and avoid all such libraries.

But I'm not really following your logic at all. It's like you think Facebook has a patent, but then you only want to use the libraries that maximise your ability to get sued over it? What am I missing?


You're missing the fact that if you sue Facebook for any patent infringement, even a legitimate one (say, you're the creator of some new hardware), Facebook will revoke your React license.

Also, Facebook has no vdom patent. It's not like you can be granted a secret, hidden patent (even the word "patent" itself means "open").


> You're missing the fact that if you sue Facebook for any patent infringement, even a legitimate one (say, you're the creator of some new hardware), Facebook will revoke your React license.

Incorrect. (This has been clarified many times, including in Facebook's official FAQ about React licensing.)

> Also, Facebook has no vdom patent. It's not like you can be granted a secret, hidden patent (even the word "patent" itself means "open").

I agree. Many people have looked; no one has found one. Hence why I believe there's no risk to using React.


Do you mean this one? https://code.facebook.com/pages/850928938376556

It doesn't address the scenario of Facebook's violating your patents first.


The key phrase I was replying to was "Facebook will revoke your React license."

Facebook cannot revoke your React license in any circumstances, as that link makes clear.


They revoke the React patent grant, which effectively downgrades "the React license" to just a stock BSD 3-clause license. At that point they will likely counter-sue you for patent infringement.

In my mind that situation is effectively identical to losing "the right to use" license on grounds of patent suit (like Apache). Interestingly, in Apache you'd still be sued for patent infringement (not copyright infringement) because "right to use" is provided as a patent license.


> They revoke the React patent grant, which effectively downgrades "the React license" to just a stock BSD 3-clause license. At that point they will likely counter-sue you for patent infringement.

Yes, but for what patent? People have looked; none have been found. :)


Patent applications are secret, not to mention that software patents can be very difficult to interpret and search for. RMS gave a fairly long talk about the various problems with software patents[1], and the difficulty in being able to find all software patents that may be related to a project is one of them.

[1]: https://www.youtube.com/watch?v=aiKRt3-FbM0


Patent applications are public for a minimal time period, 18 months at the very most. But obviously patents are public. React has been open source for over 2 years now. It's highly-likely, almost certain, that any React-related Facebook patent would now be public.


The second part of my comment is probably more applicable (maybe I should've just excluded the point about private patent applications). Even if a React-related patent was public, it wouldn't be called "Patent on React Framework". It probably wouldn't even use the words JavaScript, HTML, or DOM. You would need to hire a patent lawyer for an extended period of time to have a reasonable amount of certainty that no such patent exists (and even then, it's just an educated guess).


"Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (subject to the termination provision below) license under any Necessary Claims, to make, have made, use, sell, offer to sell, import, and otherwise transfer the Software...The license granted hereunder will terminate, automatically and without notice..."

The PATENTS file affects more than just React. It's found in their other projects too.


> Facebook will revoke your React license.

you mean their patent grant? How can an open source license like apache, MIT or bsd be "revoked"? Do facebook have a public blacklist of people who aren't allowed to use react?


Apache revokes your rights under the patent section of the license if you sue anyone for patents granted under said license:

> If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

Note that the "Grant of Copyright License" of Apache doesn't grant you the right to use the work, so revoking the patent license is effectively revoking the whole license (though you can still redistribute the work).


Correct. Once released under an OSS license, that cannot be revoked. They can change/restrict the license on future releases, but you can also choose an older release, which uses the more favorable OSS license.


um... because it's they can? I can make a library with MIT license to everyone else but you.

MIT and BSD licenses merely provide short-cuts to understanding a project's licensing


Not practically, because once you make a library with an mit license available to anyone, they can give to anyone you didn't "want" to give it to, per the mit license.


"everyone else but you" would no longer be an OSS license.


The BSD license doesn't allow future revocation in itself. They can make a new version with a different license but not for old versions.


Being sued, whether the patent is valid or not, is really expensive. Unless you're Google, or of similar size, you're going to lose just due to the costs.

Using React just opens you up to liability, with no real benefit (other than using React). Why would you use it?


> Using React just opens you up to liability, with no real benefit (other than using React).

How?

Again, if they have a patent, they can sue you if you use one of the alternatives mentioned. If they don't have a patent, they can't sue you if you use React.

What's your thinking behind saying using React adds liability? Because to me, it looks like either it does nothing or it reduces liability.


The fact that we even have to have this discussion is a reason not to use it. I'd have to a hire a lawyer and disclose it to my investors to be cleared up. It would cost us money to validate because it does something different compared to any other similar project. My investors were very specific about software licenses - we aren't allowed to use GPLv4 or AGPL at all.


> I'd have to a hire a lawyer and disclose it to my investors to be cleared up

That seems extremely weird. Normal startups do nothing of the kind; do you have extremely weird investors?

> My investors were very specific about software licenses - we aren't allowed to use GPLv4 or AGPL at all.

Ah, there we go. First off, there's no such thing as GPLv4. Second of all, you do realise that avoiding even the AGPL puts you in a vanishingly rare crowd in these parts, right? Eg, MongoDB is AGPL; of all the reasons I've seen given for avoiding Mongo, the license is a new one on me.

If you've decided to only use GPLv2 or vanilla MIT licenses software that's totally fine, but it is unusual.


Sorry - meant GPLv3. All of the software we use is GPLv1/2, BSD, MIT, Apache etc..


If that's your concern, then you should comb through the source code of all your open source libraries and be certain that none of it violates any of Facebook's patents, including the MIT licensed stuff, which may very well.


You have it backwards.

If you have a patent, and use React, you can't sue Facebook if they use your patent.


> If you have a patent, and use React, you can't sue Facebook if they use your patent.

Citation needed. Let's say I have an awesome VR patent, and a React based website. I find out the Oculus violated my patent, what happens next?

Answer: I sue them. :) Nothing about the React license stops this; I will even still have a right to use React. What I won't have is a right to use any patents that Facebook might have on React. But Facebook, as far as is known, has no such patents.


From reacts/PATENTS

> The license granted hereunder will terminate, automatically and without notice, if you [...] initiate [...] any Patent Assertion

The key part is that if you don't have a license to use the patented technology (or more pertinently - that license is explicitly revoked), you can't legally use that technology, no matter what the BSD license might say: the patent grants supersedes the BSD license.

So, to respond directly to your answer - you lose the right to use React; Facebook can sue you for your use of React, since they own the patents to that technology.

So if you want to operate under the belief that Facebook has no patents to assert, then yes, you will consider yourself to be safe. The fact is that many lawyers, including the Apache Foundations lawyers, disagree with this assertion.


> The fact is that many lawyers, including the Apache Foundations lawyers, disagree with this assertion.

Incorrect. The ASF's objections had nothing to do with believing Facebook had any patents, and many ASF projects are looking to move to Preact, which is presumtively covered by the same patents React would be (if any).


But you can still sue Facebook. Nowhere does the PATENTS file require grantees to waive their right to sue. But if you do sue, Facebook gains the right to counter-sue you with any react related patents.

I.e. the exact situation you would be in if you sued Facebook and there was no PATENTS file.


Not quite - if there was no patents file, the BSD license would have a implied grant associated with it which would not be revoked by the lawsuit.

The "implied" license doesn't have a strong legal finding backing it up yet. Even so, most lawyers are comfortable with the idea that if a company tells other people to freely use their software, they can't then come back around and sue those same people.


Presumably anybody in this situation will be able to cope with the expense, since they'd already be suing Facebook.


just because you may have enough resources to sue facebook for patent infringement doesn't mean you can afford to halt all new development and rewrite/rebuild what has become the reason that you have enough resources to sue facebook


It's speculation what patents Facebook has for React or what they cover. I've heard of claims of prior art for vdom-like concepts, so it is possible even if Facebook has React-related patents, only narrower interpretations of any claims might hold up (if that). React has a specific way of updating state which, for example, Mithril does not use. So, it is possible other vdoms may be far enough away from React to not be covered by any patents claims Facebook might try to make. Granted, that is no 100% guarantee of anything.

To me, the most important part of a vdom library like Mithril is using the HyperScript API with it, a library which predates React: Aug 20, 2012: https://github.com/hyperhype/hyperscript/tree/9237f590f3bc82... May 2013: https://github.com/facebook/react/blob/75897c2dcd1dd3a6ca462...

Personally, I feel templating approaches to making JavaScript-powered UIs like React's JSX or Angular's own templating approach or the templating systems in many other UI systems are obsolete. Modern webapps can use Mithril+Tachyons+JavaScript/TypeScript to write components in single files where all the code is just JavaScript/TypeScript. Such apps don't need to be partially written in either CSS and some non-standard variant of HTML that reimplements part of a programming language (badly). (Well, there may be a tiny bit of custom CSS needed on top of Tachyons, but very little.)

Here is an example of a coding playground I wrote that way with several examples in it which use that approach: http://rawgit.com/pdfernhout/Twirlip7/master/src/ui/twirlip7...

So, by writing UIs using HyperScript (plus a vdom library), you can potentially (with some work) replace a backend like Mithril with almost any other vdom or even a non-vdom solution. So, that is another way I mitigate this risk when I have a choice.

Granted, I know many web developers grew up on tweaking HTML and love HTML-looking templates and so they love JSX or whatever and are happy to ignore how hard it is to refactor such non-code stuff in the middle of their applikcations or validate it (granted, some IDEs are getting better at that). But I came to web development from desktop and embedded development working with systems where you (usually) generated UIs directly from code (e.g. using Swing, Tk, wxWidgets, and so on). I like the idea that standard tools can help me refactor all the code I work on and detect many inconsistencies.

Maybe a deeper issue for me is that with BSD+PATENTS Facebook is redefining what "open source" means in a way that is harmful to the open source community -- and also free software community as well like with Automattic using React on top of a GPLd WordPress. Which is why the Apache Foundation rejected the React license.


Here is a prior art reference by erichocean: https://news.ycombinator.com/item?id=14784983 "To anyone concerned about React's virtual DOM and diff'ing stuff, and a potential Facebook patent thereof, in early 2012 I wrote and published (under a GLPv3 license) a virtual DOM implementation with efficient diff'ing when I forked SproutCore[0] to become Blossom.[1]"


Most of those twenty probably infringe on Facebook patents. You can choose to use a library with an explicit grant, or a library with unclear patent status.


We don't know for sure what React-related patents Facebook really has or if they would claim any other libraries infringe them -- or whether those patents would stand up in court given prior art. There are vdom-like approaches that predate React.

That said, I would expect that vdom libraries like Mithril that work in a very different way than React would be less likely to be claimed by Facebook to infringe a React-related patent than, say, Preact which tries to duplicate the React API.

Of course, this is all speculation with a lot of unknowns. It all is another example of why software patents are very problematical ways to "promote the Progress of Science and useful Arts".


React also has react-native. There is no comparable alternative for that.


You're right overall (at least for developers who prefer React). React Native is a compelling technology. That said, I can hope that over time, lightweight JavaScript libraries like Mithril along with better mobile browsers with better support for occasionally-connected web applications will continue to reduce the relative benefits of a native approach. Apache Cordova and NativeScript are other options as well.


Pretty sure VueJS has Weex (https://weex.incubator.apache.org)


That’s an impressive conclusion you’ve jumped to there, but there’s no evidence of it in the linked post or your comment.

That, to me, is also a significant warning sign.


I agree. Even if they're not necessarily up to something nefarious, this all seems quite odd.


The fallback to BSD+Patents is simply BSD and should be evaluated by legal and corporate likewise.


No it is not, and that is what so many people misunderstand about this. Plain BSD has an implicit patent grant to the extent needed to run the software. An explicit patent license overrides that implicit grant. Of course, that interpretation is still subject to what the courts say in a lawsuit.

Of course, you are right that legal and corporate should review such a license. And for any company that deals in patents (or has customers who deal in patents), the likely answer is "no way".


That assumption of an 'implicit' grant is quite tenuous. You have taken it as invalidated by a PATENTS file, what if instead of a PATENTS file Facebook legal had blogged that they don't believe in an implicit grant? Does that nullify the grant of patents? What if stated by a project contributor?

That's the conundrum for any open source project and the exposed danger of the BSD license.


See my other comment here on implicit patent grants: https://news.ycombinator.com/item?id=15051166

I doubt some statement of opinion in some out-of-the-way place that did not accompany the software directly would hold up in court.

That said, your point on uncertainty is why many people prefer the Apache2 License or the GPL3 which have an explicit patent grant (but not a one-sided grant like in Facebook's PATENTS file).


"Fallback"? Are you referring to Preact?


No. The PATENTS portion of BSD+Patents does not nullify the BSD License. So you are no worse off than had Facebook simply licensed the code under the BSD License.


This suggests an implicit grant is better than an explicit more limited grant: http://en.swpat.org/wiki/Implicit_patent_licence

From there:

In 2005, Dan Ravicher explained[2] that, in the USA, recipients of software under the GNU GPL version 2 receive an implicied patent grant, based on the following US case law.

* De Forest Radio, 273 U.S. 236 (1927) "No formal granting of a license is necessary in order to give it effect. Any language used by the owner of the patent, or any conduct on his part exhibited to another from which that other may properly infer that the owner consents to his use of the patent in making or using it, or selling it, upon which the other acts, constitutes a license."

* Hewlett - Packard Co. v . Repeat - O-Type Stencil Mfg. Corp. , Inc., 123 F. 3d 1445 (Fed. Cir. 1997). "Generally, when a seller sells a product without restriction, it in effect promises the purchaser that in exchange for the price paid, it will not interfere wit h the purchaser's full enjoyment of the product purchased. The buyer has an implied license under any patents of the seller that dominate the product or any uses of the product to which the parties might reasonably contemplate the product will be put."

* Bottom Line Mgmt., Inc. v. Pan Man, Inc., 228 F. 3d 1352 (Fed. Cir. 2000) "Unless the parties provide otherwise, the purchaser of a patented article has an implied license not only to use and sell it, but also to repair it to enable it to function properly. This implied license covers both the original purchaser of the article and all subsequent purchasers"


That is not entirely true. As stated elsewhere, there is likely an implicit patent license provided by the BSD. The reasoning is basically, "we are [copyright] licensing this cod e to you to use, so [therefore] we must also be providing a corresponding patent license to use the code."

Legal scholars are mixed on that, and it hasn't been tested in court.

But that implicit license is certainly better than the explicit license in FB's code.

To sum up: you may be worse off with BSD+Patents.


How is a theoretical (i.e. unproven in court), implicit license better than an explicit license you only lose in the event of patent litigation that you initiate?


There is a serious problem with the Facebook license. I've heard this and many other "it'll be ok because..." kind of statements in discussions about Facebook licensing. The problem is that there is no clear agreement as to what the ramifications are, and no real clarity offered by facebook after repeated efforts by the community to obtain it.

The only clarity they offer is that they have their license in place for litigation purposes.

For a personal project, everybody can make their own decisions. For a project involving a corporate entity or an institution, it is irresponsible to leverage any facebook licensed software without a legal review of the license. I'm not saying that it's bad. I'm not saying that it's good. I'm saying that however a laymen may interpret the license, there is a high chance of being wrong. Better to have the professionals review it and make a judgement call. I have seen many people state that their legal departments reviewed the license and have come back in some cases supporting the use of facebook software, in other cases denying the ability to use it. Even among professionals there seems to be disagreement.

There is a common understanding of many open source licenses. There is none surrounding facebook's.

I have asked ASF to have their lawyers make a public interpretation of the facebook BSD+Patents license for the betterment of the community, but the response was along the lines of "no lawyer would do that." Someone else might have better luck with the FSF. The FSF does support the idea of patent clauses, or at least at one point they did. I have seen nothing from them regarding the facebook license specifically though.


> For a project involving a corporate entity or an institution, it is irresponsible to leverage any facebook licensed software without a legal review of the license.

And this is a problem, because we all know how much of a huge pain in the ass it is to get any new license or legal issue relating to open source cleared with a big corporation's legal dept.

I think this is a pretty clear signal from Facebook that at least part of the company really doesn't care if people use Facebook open source or not. After all the work some in the company have done to promote Facebook open source, to great benefit to the company for recruiting and for synergy with other large company open source, that is a big surprise to me.

This kind of tone-deaf response from part of the company with the other half frustrated that it's causing so many problems reminds me more of how large old, moribund companies like IBM operate. It's a surprise that Facebook's already there, or at least starting to be.


Wow, that is pretty disingenuous. Clearly, BSD+Patents places some extra conditions on the BSD license, you don't have to be a lawyer to understand that. I mean, several people have provided the legal reasons elsewhere on this thread, but even the name "BSD PLUS Patents" should be a tip-off.


No, its not at all disingenuous. Facebook could have written the "Additional Grant of Patent Rights" (note: additional) to also terminate the copyright grant under the BSD license. But they did not: https://github.com/facebook/react/blob/master/PATENTS


Then it wouldn't be, by definition, a normal bsd license.


Facebook's license is no more dangerous than regular MIT or BSD-style licenses. If you are OK with using MIT or BSD licensed software you should be OK with using Facebook's BSD + Patents software.

Here is why:

MIT and BSD licenses don't have any patent grants, unlike the Apache 2.0 license. If you use MIT/BSD open source software, and some functionality of that software is patented by the author, you could be sued for patent infringement.

If you use software licensed under Facebook's BSD + Patents license, and the author of the software (Facebook) has patented technology in the software (which AFAIK they don't), the author CANNOT sue you.

Now if you turn around and use the author for patent infringement for something else, you lose the patent grant that came with the software, and you are back to a normal plain old BSD license.

The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection.

Major software like Ruby (BSD), Rails (MIT), and FreeBSD (BSD) use licenses without patent grants. Entire businesses are built on top of these pieces of software, e.g., GitHub (Ruby and Rails) and a lot of commercial hardware built on FreeBSD (https://en.wikipedia.org/wiki/List_of_products_based_on_Free...).

Read the patent grant for yourself:

https://github.com/facebook/react/blob/master/PATENTS


"MIT and BSD licenses don't have any patent grants, unlike the Apache 2.0 license. If you use MIT/BSD open source software, and some functionality of that software is patented by the author, you could be sued for patent infringement. " Every single lawyer i've ever spoken to strongly believes implied licenses will protect you very well here. Like, among us open source lawyers, it's pretty much the one thing people agree on.

"If you use software licensed under Facebook's BSD + Patents license, and the author of the software (Facebook) has patented technology in the software (which AFAIK they don't), the author CANNOT sue you."

This is just flat out false, and i'm not sure why you believe this. The termination is broader than the grant. The grant is for patents in a given piece of software, the termination crosses all software.

Concretely: if you use react, and they sue you over patents in notreact, and you countersue, you do not lose your react patent license. They are still welcome to sue you over notreact, there is nothing in this license that will prevent that from happening. It only gave you patent rights to react.

(It also says that if you sue them over notreact, you will lose all patent licenses in all software that use this license, which is why the termination is broader than the grant).

"The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection."

This is also an incorrect legal statement.

Once their is an explicit grant, any implicit grant you would have gotten is extinguished. In this case, the terms of the implied grant were much better for people than the terms of the explicit one. So you are, in fact, losing something


The problem is that your MIT licensed open source library is not guaranteed to not be in violation of any software patents that may exist in the wild. If Company A publishes an open source library that happens to violate Company B's patents...then Company A's MIT license is not going to protect you against Company B's patent.


Nor would Facebook's patent grant protect you if React were found to violate someone else's patents. That sort of scenario is no different for either licence.


> Once their is an explicit grant, any implicit grant you would have gotten is extinguished.

Citation needed. And if you aren't planning to sue over software patents, then the author is clearly correct that this is strictly better than BSD/MIT alone.


"Citation needed."

Seriously? This is basic IP law 101. No license can be implied if there is an explicit license.

I actually started gathering cite lists for you like I normally do, but instead, i'm not going to in this case. If you really want to argue this point, please go to google scholar and spend the 2 minutes it will take to pull up 100 cases on this.

I don't feel it's fair to argue about a thing without taking the very small amount of time to familiarize yourself with it.

If you find cases that say otherwise, awesome, let's talk about it!

Otherwise, this is like arguing about baseball and asking someone to cite rules because you want to argue that swinging at the ball and missing isn't a strike.

"then the author is clearly correct that this is strictly better than BSD/MIT alone."

They actually are not, as the scope of the implied license is much broader than the scope of the explicit grant here.


Edit: afaik, implicit patent license for free software licenses are unproven in court. It's an interesting idea, and I actually hope it's the case that everyone is getting an implied patent license that will hold up in court. Thanks for the information, I wish I had incorporated it in my original comment.


> sue over software patents

The grant isn't specifically about software patents, it's about all patents.


Fair enough.


> Once their is an explicit grant, any implicit grant you would have gotten is extinguished.

The BSD license grants explicit rights to use the software, thereby granting implicit rights to use the patents in the software while using the software as it is intended to be used.

The sentence "redistribution and use in source and binary forms, with or without modification, are permitted" doesn't go away because there is an "additional grant of patent rights".


Actually, it does! Courts will not find implied licenses when there is an explicit one. That's the whole definition of implied vs explicit!


I've read it, and I'm pretty sure it says that if you initiate a patent lawsuit against Facebook, you lose the license to use React at all. It doesn't revert to BSD. (EDIT: Apparently that's wrong although the license could certainly be more clear about it.)

If React doesn't implement any of their patents, the patent clause offers nothing extra. If it does, it would be damned nice to know which one(s). Do other libraries (other virtual DOMs, perhaps) infringe?


No, you lose the patent license, not the copyright license.

From Facebook's blog post:

> The patent grant says that if you're going to use the software we've released under it, you lose the patent license from us if you sue us for patent infringement.

https://code.facebook.com/posts/112130496157735/explaining-r...


Which one has more value? A file included in the repo, written in legalese, on which Every single source code file's copyright headers point to (and the README file as well), or an ambigous blog post?

Reading the file in its current form (https://github.com/facebook/react/blob/b8ba8c83f318b84e42933...), You lose the license to make, have made, use, sell, offer to sell, import, and otherwise transfer the [React] Software.


You lose the license granted in the PATENTS file, but you might not lose the license granted in the LICENSE file. (IANAL, so no idea whether that's true.)


Does the additional patent grant in the Facebook BSD+Patents license terminate if I create a competing product?

No.

Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?

No.

Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?

No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.

Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

No.

From: https://code.facebook.com/pages/850928938376556


My reading must be off, then. Is "under any Necessary Claims" the magic phrase?


Yeah, it is defined at the bottom of the file:

> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.

So when they say "license under any Necessary Claims" they are granting a patent license, the copyright license in the LICENSE file is separate.

The FAQ link provided by silentstreet makes it very clear:

> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate? > > No.

https://code.facebook.com/pages/850928938376556


https://code.facebook.com/license-faq which they published a year or so ago explicitly says you keep the BSD license.


"Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?"

"No."

Above from bottom of page to be clear to agree!


It's deeper than that.

Say you are a company A, and have product P that uses react.

You find out that company B infringed on a patent in your other product Q.

You sue B.

It turns out B is owned by FB.

Your product P is in trouble.


"If you are OK with using MIT or BSD licensed software you should be OK with using Facebook's BSD + Patents software." (From GP)

I.e. patent grant nullifies, and you are left with a BSD only license.


The main BSD license file says plainly that Facebook grants you the right to use the software. Nowhere does it say that it is merely a grant of copyrights. While the Facebook Additional Grant of Patent Rights purports to be purely additive, its mere existence changes how I would interpret the scope of that main license file. As such, I find the meaning and implications of Facebook's contract to be unclear. I would not want to depend on it, personally.

The feeling is a bit like stepping into a restaurant that offers lead-free burgers for only $0.99 extra. Theoretically, declining the upcharge is no different than eating anywhere else. Yet...

I am not a lawyer. This is not legal advice.


Because you can't just rewrite it in another framework if such a totally contrived case arrive?


The way I'm reading some related discussions, it seems their main problem is being suddenly open to patent lawsuit.


> Now if you turn around and use the author for patent infringement for something else, you lose the patent grant that came with the software, and you are back to a normal plain old BSD license.

> The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection.

Could you provide a citation backing up your claims?

if you read the patent grant for yourself:

https://github.com/facebook/react/blob/master/PATENTS

There's no mention of any patent grant coming with the software

>> "The license granted hereunder will terminate"

"The license" here is the one defined as:

>> Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (subject to the termination provision below) license under any Necessary Claims, to make, have made, use, sell, offer to sell, import, and otherwise transfer the Software

and the "Sofware" here is the one defined as :

>> "Software" means the React software distributed by Facebook, Inc.


You left out the definition of "Necessary Claims":

> > A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.


Ok I see. But if you loose the license to any of those patents, you are infringing those patents by merely using React, aren't you?

I understand the followup question other people have now: What are those patents?


They have implicit patent grants while Facebook's does not.

http://en.swpat.org/wiki/Implicit_patent_licence


I don't see how that changes anything. If you sue Facebook you lose the explicit patent grant, but you are still left with a BSD license that allows "redistribution and use in source and binary forms", so you still have the implicit patent grant.


This doesn't work if there's an explicit grant. You can't pretend the PATENTS file isn't there.


I don't do any webdev, so I have no horse in this race, but I find it plausible that some developers would be more worried about Facebook infringing their patents than the respective organizations that develop Ruby, Rails, and FreeBSD.


> Now if you turn around and use the author for patent infringement for something else, you lose the patent grant that came with the software, and you are back to a normal plain old BSD license.

I see no reason to assume that it reverts "back to a normal plain old BSD license" in such a case.

The article linked by Stallman's response that this is a nonfree license doesn't make that assumption, either:

https://lists.gnu.org/archive/html/directory-discuss/2017-01...


> Now if you turn around and use the author for patent infringement for something else, you lose the patent grant that came with the software, and you are back to a normal plain old BSD license.

Um, no. Let's say you own patent A and Facebook has granted you rights to patents B and C. Then let's say Facebook infringes your patent A and you sue them. You lose the license to use patents B and C. That's what the PATENTS file says. Read it. What it doesn't say is because Facebook is publicly traded, it has a fiduciary duty to shareholders to defend all of its intellectual property so if you continue using anything covered by a Facebook PATENTS grant, you better be prepared to be sued for patent infringement. There is no implicit patent grant in the BSD license. Nothing in the BSD license shields the user of BSD-licensed software from patent litigation brought by any party.


From a lawyer: https://www.elcaminolegal.com/single-post/2016/10/04/Faceboo... "True, the BSD License does not explicitly state that the licensee receives the right to use the licensed software under the licensor’s patents.* But I’ve never heard any lawyer postulate that that document does not grant a license to fully exploit the licensed software under all of the licensor’s intellectual property. Anyone who pushes that view is thinking too hard."


The PATENTS file doesn't explicitly state "litigants may continue to use the IP under the BSD license". What it does explicitly say is "litigants lose the patent rights", which in essence serves to revoke the BSD license. Can't have it both ways.


The problem is that the descision to use react is not longer a descision for the developers in an organisation. It's now a descision for the legal team. And thats not good.

This is the situation I now find myself in. The next few months will be spent removing react and immutable from the project I'm working on because th legal department say so.

This is quite frankly, bullshit.


Have you looked into preact? For most projects, it's just a few lines in webpack. Immutable js is different, but shouldn't be that much work.


Yeah. And found it difficult to work with. The DOM seems to disconnect from the VDOM leading to oprhaned elements hanging around and no way to rectify it. Inferno is probably what we'll go with. But either way, it's a massive and undersireable compromise.


That's how far the framework war has come. FUD about licensing when they can't win with technical finesse anymore.


That is my sense as well.


This is in reply to the Apache Software Foundation decision to list the BSD + Patents license as a Category-X license.

- Facebook gets attacked by meritless patent litigation

- Facebook creates the BSD + Patents license, which has the following effect :

> The patent grant says that if you're going to use the software we've released under it, you lose the patent license from us if you sue us for patent infringement.

- Facebook believe that 'if this license were widely adopted, it could actually reduce meritless litigation for all adopters'

I understand Facebook's position here, surely this will decrease meritless litigation, but what about meritful litigation?

Let's take an example, a small startup has a cool technology but also all their front-end is using React. That cool technology is patented.

Now if 'Facebook or any of its subsidiaries or corporate affiliates' infringe on that patent, that startup won't be able to sue them without first re-writing the entire front-end to not use React.

I don't think software should be patent-able in the first place anyways but it seems the situation above would still be true if that startup sues them for what they believe is a completely legitimate hardware patent.

Also, IANAL, I'm wondering what even is the definition of a 'corporate affiliate' here? Who is a 'corporate affiliate' of FB?

Finally, what 'patent license' are they referring to in this post anyways ? The react's PATENT clause (https://github.com/facebook/react/blob/b8ba8c83f318b84e42933...) says they're providing the React software License, and they revoke this software license if you sue them.


Facebook and other large software firms have a large arsenal of patents that's sufficient to defend themselves from a patent lawsuit from a large competitor. These patents are broad. So if you're writing web software with any amount of compexity, you probably infringe on Facebook's patents. If you are a small firm that owns a patent Facebook is infringing on and you wish to litigate it, you have basically two options:

1: give up your main business so you no longer infringe on the Facebook patents. IOW, become a troll.

2: get demolished by the Facebook counter suit.

The React license doesn't change those two options one bit, it just makes it much more obvious. Facebook's intent is likely just to prevent the suits from even being considered in the first place.


> without first re-writing the entire front-end to not use React

Do note this isn't necessarily the case, because nobody has yet found a patent that covers React.


This is what I find confusing, the blog post mentions a patent license that you are granted, but as you say, nobody is aware of any patent covering React. React's doesn't seem to use any novel technique in the field of CS.

But https://github.com/facebook/react/blob/b8ba8c83f318b84e42933... , the way I read it says they grant you a license to to "make, have made, use, sell, offer to sell, import, and otherwise transfer" the React Software. They don't seem to give you a license to any patent.


EDIT: "license under any Necessary Claims" seems to mean a license to the patents necessary for React as pointed out by https://news.ycombinator.com/item?id=15052962

>> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.


Facebook's license means you lose the license to React if you sue Facebook for any patents, not just for patents that are related to React. That's the core problem here.


Exactly. The "BSD + patents" license applies to _all_ of React, not just the parts of React that use Facebook proprietary technology/patents (and they haven't even identified those parts).

I'm never going to use React under this license, but this is still worrying to me because more companies could follow Facebook's lead and start using open-source as a nuclear deterrent against patent legislation.


Does the additional patent grant in the Facebook BSD+Patents license terminate if I create a competing product?

No.

Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?

No.

Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?

No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.

Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

No.

From: https://code.facebook.com/pages/850928938376556


Does the additional patent grant in Facebook BSD+Patents license terminate if Facebook infringes upon your legitimate patents and you sue them as is right and proper?

Yes.

Does the additional patent grant in Facebook BSD+Patents license terminate if React infringes upon your legitimate patents and you sue another company using React over this?

Yes.

> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

If Facebook has any patents that are related to React, and you lose the grant for those patents, then Facebook can sue you over them if you use React.

If Facebook doesn't have any patents that are related to React, then why do they have a patent grant?


No, they can't sue you for using React any more than, say a maker of a coffee machine can sue you for using it to serve coffee in your restaurant. You still retain the BSD license, which is an irrevocable, worldwide right to redistribute React.

Facebook has thousands of patents. If you sue Facebook for patent infringement, their lawyers are going to comb through their patent portfolio and look for things that you might be infringing on. That's standard, and to be expected, with or without the React patents clause.


They can sue you for using React if they have patents that it infringes. That's kind of the whole point of the patent grant, to allow you license to those patents to cover your usage of React.

A common understanding of the BSD license is that it has an implicit patent grant, but the existence of the explicit patent grant presumably negates the implicit one, meaning if you lose your explicit patent grant (e.g. by suing Facebook when they infringe one of your patents), then you have no protection from Facebook suing you over your usage of React.


Doesn't that only help if we have a react clone to drop in place? That's not necessarily hard to do without patents, but does it exist?

Edit: I think I see what you are saying. It says you lose the patent license, not necessarily the license for the software that doesn't have a patent, so doesn't do anything. Not sure how a judge would decide to interpret it though.


There are a whole bunch of react API alternatives out there. (Preact, inferno, etcetc)


Since patents are evil, I have no problem with some small startup losing the ability to be a patent troll.


I think the reasoning that this will protect them against frivolous lawsuits is pretty poor; you only need a patent grant if you're actually building software. Patent trolls don't build anything so they have no need for patent grants.


Facebook most likely is guarding it for strategic reason. My guess is it will built something like Expo into its Facebook/Messenger app, then it can have its own native app, games store without going through Apple. This is something WeChat already is running called mini-apps.


>Patent trolls don't build anything so they have no need for patent grants.

You'd be surprised. Patent trolls can have all forms, not just a only-suing company. Some company that has failed as a startup, but which holds 1-2 patents might decide to turn into patent-trolling to make a quick back while it dies.

Think also of companies like SCO.


> Some company that has failed as a startup, but which holds 1-2 patents might decide to turn into patent-trolling to make a quick back while it dies.

If the startup is dead it should be trivial to transfer the patents to a separate entity and then sue from that entity, making counter-suits irrelevant.

This only has an affect on companies which are a going concern.

Companies who plan to make litigation part of their strategy can pretty easily just not use React.

This does the most harm to companies who were not planning to come into conflict with Facebook, and then do.


For someone like me, (Free Software advocate, Ember user looking for a breath of fresh air--and better job prospects--with React), it all boils down to doing a cost-benefit analysis.

Sweeping conclusions like "you have nothing to worry about" or "you should never use software with such a license" do not apply to everyone.

As a Free Software advocate, I abhor troll-like behavior, regardless of whether the vehicle is patents, copyrights, or anything else.

I am also more likely to benefit from potential patents contained in a project like React than I am to ever 1) Own a patent. 2) Have a company use that patent in a way I find harmful and offensive. 3) Have the resources to sue an internet giant.

So for me, it's probably worth it to use React, although I can understand why others insist on a more cautious approach.

One thing Facebook could do that would inspire confidence (not to mention make the company a champion of free innovation) is to enumerate which patents the company owns and release all of them under the Defensive Patent License [0].

Such a move would require a lot of courage, but Facebook is large enough and entrenched enough that they would probably gain much more than they could potentially lose.

[0] https://defensivepatentlicense.org


Is React really free software? It's free as in beer, but you have to give up a lot of rights completely unrelated to React in order to use it.

Sure, it may never be a problem (it probably won't be a problem for 99.9% or more of those who use it), but who is willing to take that chance with the future of their company?


Facebook doesn't deny you the freedoms of using the software without restriction, studying it, modifying it, and distributing it (with or without your modifications).

I personally wish FB would release even more of their platforms as free software, preferably under (A/L)GPL3 or MPL 2 or Apache 2. But we do not live in a perfect world. Even the folks at FSF made some compromises regarding the wording of the patent provisions in the GPL3 family, in order to get more companies to adopt the licenses [0].

I am sure the folks at FB know the first time they abuse the patent stipulations, a lot of people using React will jump ship.

[0] https://www.gnu.org/philosophy/compromise.html


Of course they release this late on a Friday so it is does not get much reach. Facebook is very very evil - in every part of the company. Copying other's ideas (Snapchat) yet trying to stop other companies from copying them (this licensing).


I don't see it as "released". It's just the closing of a Github issue, not a press release.

Do you feel that if a company is "evil", do you feel there's a moral imperative to not use their products? It seems to me there's a lot of "But React!" going on.


The post linked is from 4 hours ago. So yes it's a late Friday statement.

https://code.facebook.com/posts/112130496157735/explaining-r...


I think the linked URL has changed - before I thought it was to the Github issue.


It's an interesting question. I actually do feel that way, and this was a significant factor in choosing to use Vue.js for my next project over both React & Angular.


I'm on the fence about the license, but I totally believe your technology choices should reflect your convictions. Obviously there's a lot of attitudes of entitlement in our industry where it's easier to make a Github comment or a tweet than to take a stand.


They put out a facebook post at about the same time that is something like a press release though.


They're not stopping anyone from copying them. In fact, they're saying please, use our code and use our patents...just don't sue us! How hard is that to understand?


It seems to me the core of the disagreement revolves around whether you believe there is an implicit grant of patent or not.

If you believe the BSD has an implicit grant, then the facebook license is a more limited license. If you don't believe it, then the facebook license is better for the user.

As far as I know there is no president to solve this neither in the U.S. or europe, so both views are valid.

One thing is weird in facebook's behaviour though - they imply that the BSD doesn't have an implicit grant, and so they are benevolently giving away a better license, but if so, then the public outcry should be enough to take it back, if it's just a gesture of good will, and it isn't received as such, what's the point in continuing in this course?

The only explanation they give is that they are more or less on a crusade for people to adapt this license because they believe it will reduce patent lawsuits


The Facebook patents license, https://github.com/facebook/react/blob/master/PATENTS , says:

> The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: ... (ii) against any party if such Patent Assertion arises in whole or in part from any software, technology, product or service of Facebook or any of its subsidiaries or corporate affiliates,

I always thought the main problem was this part, where you basically lose the license or your IP if Facebook ever decides to become your competitor, e.g. you start a company with a react front-end that does X, and then Facebook decides to directly copy your business. You have no recourse against Facebook, because if you sue them for infringing your IP, you lose the ability to use the React license.


If Snapchat used React, Facebook would kill them to death because Snapchat couldn’t do much. They already mass copied snapchat’s Features.

Any sane aspiring developer would know not to give Facebook that much power.


Is SNAP pursuing litigation in retaliation to this?

If not, then would it have mattered if they used React?


I would appreciate if Facebook would actually explain their license.

Especially: Is BSD+Patent strictly more permissive than BSD or not? There are two major camps as far as I can see:

Camp 1: BSD license does not give you a patent grant. You can always be sued by Facebook if you infringe (potential) React patents. On top of this, Facebook grants you use of (potential) React patents - but only as long as you don't enforce patents against them. If you do, you are back to the BSD license alone.

Camp 2: This camp believes a) that the BSD license implies an unconditional patent grant (for React) and b) that the conditional patent grant ('PATENTS') is not optional, but inseparable from 'LICENSE'. If this is true, BSD+Patent grant is strictly less permissive than BSD alone. If you enforce patents against Facebook, you stand worse than with BSD alone.

The only way this could be cleared up (beyond doubt) is by a court, or very easily with a few lines from Facebook.


As I understand the asymmetry in the BSD+patents license, the real issue here is that usage of React significantly weakens you with respect to mounting a defense against Facebook for infringing upon your own patents or IP, a possibility which, given the stark example of Instagram Stories, is plainly plausible. (This is not to say that Instagram Stories is patent theft, but rather a propensity to copy ideas wholesale).

Were Facebook to amend that license to soften the criteria for revocation of the license grant in cases of suits against Facebook for infringement, this outrage might just go away. But as it stands now, Facebook stands to exercise an ability to infringe on others' patents for monetary gain so long as the patent holder uses React in deployment. It would be easy to weaponize this arrangement, and you have to assume that any fiduciary would consider it.

More broadly, this is a good case to be made against software patents in general.


Not really. Not necessarily. Patents aren't all created equal. The economic value you derive from using Facebook's open-source patent grants is probably not going to be higher than whatever patent suit you're bringing against Facebook (if you deem it necessary and have the millions to wage such a war).



> Their decision was not a legal decision about the compatibility of projects with this license. As has always been the case, source code licensed under the Facebook BSD + Patents license can be combined with source code licensed under other open source licenses like BSD, MIT, Apache 2.0, and GPL.

What complete, tone deaf newspeak. If a BSD-licensed project uses code with a Facebook BSD license, the project is now Facebook BSD licensed. That means it's incompatible with the BSD license.


Not tone deaf at all. The BSD license explicitly permits reuse in differently licensed software.

This is the ultimate disagreement of what software freedom means. GPL people think derivatives of their software should remain free. (the viral nature of GPL) Strong BSD proponents believe the freedom to incorporate the software into non-BSD projects (including closed software) is the ultimate freedom.

It sounds like you are more in the copyleft/GPL camp if you are concerned with derivative works remaining compatible with the original license.


The way I read it, ASF denied FB's BSD+Patents license in a mysterious bureaucratic decision that will cause a lot of pain for companies that use React, while FB's decision to create the BSD+Patents license was an altruistic move designed to benefit the software ecosystem and reduce their patent litigation overhead.

I believe FB is at the "pounding on the table" stage.


The ASF does not want downstream users to be caught by more restrictions than those of the ALv2. The BSD+Patents licensing imposes more restrictions; thus, Apache projects cannot depend upon software under that license.

This is pretty clear, and the ASF has been operating under this "no more restrictive than the Apache license" since its origin.


I know, I was satirizing the tone of FB's post, where ASF are weird meanies and FB is just trying to give everybody sunshine and lollipops.


The additional Patents clause can simply be disregarded or, if not, then just file a patent lawsuit against Facebook. The plain BSD license does not offer a patent grant so there is no incompatibility.

The Apache Software License does grant a patent license [0] (as does GPLv3) so is incompatible with either of these BSD licenses (unless an 'implied' grant is assumed).

[0] http://www.apache.org/licenses/LICENSE-2.0#patent


I wonder how Facebook would feel if all the open source software they currently use incorporated the same license. I bet it would deter them from enjoying much of the code they built their business on. This stance seems pretty antithetical to the goal and spirit of open source software and I really hope it's not the beginning of other companies following suit and 'poisoning' the well of other open source projects.


I completely agree that the Facebook BSD+PATENTS license is antithetical to the goal and spirit of open source software. And that is why the Apache Foundation rejected it it. I'd like to see more statements by more groups like the FSF and OSI on that.


Isn't the style of programming react imposes (unidirectional data flow and component composition) the real innovation for front end applications here?

Sure the dom diffing technology was hot at the time it came out but it's basically is a commodity item at this point.

In that sense, the open source community can (and should) build multiple react clones that are licensed more liberally.

Sure, I'm annoyed by the licensing of React too, I think abou it a lot. But does it really matter that Facebook won't budge on this? The technology is out there whether it's React or not.



React is not concerned at all with state management (other than local state), and there are decades of prior art for component systems.


I'd agree with you, but... React Native. :(


I agree, and I for one will start using Preact and/or Inferno henceforth.


Damn glad I left web dev 3 years or so ago.

It was ember vs angular. I was like I'm out, going for data science.

While on the side line I've witness:

Angular was winning until Google made a new framework and named it Angular 2.

React took over until people find out their license is a trojan horse.

Now what? emberjs? Angular 3 (oh wait wtf it's 4)?

Jeez, front end is a mess of wild west. Yes, I understand the value in keeping up to date and continuously studying but the rate that frontend is going it is stupid.


ELI5 anyone? My basic understanding is if you use React and decide to sue FB for patent infringement down the line, FB can countersue(?) bc they revoke your grant to use the patent upon you suing them. But what _exactly_ constitutes using React? Of course using the library is one thing, but what about using some other library that installs React as some dependency? Does using JSX also count as using "React"? I just feel that what exactly constitutes using React is very vague esp considering there are many non-FB tools that use "React" (and associated technologies, eg the idea of Virtual DOM) in some form or another.


IANAL but...

> but what about using some other library that installs React as some dependency?

I think that still counts as "using react".

> Does using JSX also count as using "React"?

I think that if you use a custom JSX compiler instead of the one that comes with React then you could be clean. JSX itself is just a programming language and cannot be copyrighted.

> I just feel that what exactly constitutes using React is very vague esp

I don't think that is vague, actually. In the end, what matters is if the whole system includes React source code in some way or another.

> and associated technologies, eg the idea of Virtual DOM

Associated technologies are not covered by copyright. They could possibly be covered by patents but that would be a whole different can of worms.


jsx is defininity not owned by react


Okay, I need some clarifications now regarding the whole issue. I am building my web app using React and will be extending to mobile platforms using React-Native. The product is kind of paradigm change in the way we deal with education, so I will at some point consider getting a patent protecting my own interests.

My questions are as follows: 1. If fb copies the entire thing, repackages it as something different and tries to make it free and open source. I wouldn't be able to sue them just because I used React and React-Native?

Is that all what the patent license means or I am missing something here?


You would be able to sue them, but you'd lose the grant to use any patents that cover React.


I'm not sure if React (and the other projects that contain the PATENTS file) will survive the backlash to this in the long run. Vue.js is rapidly climbing in popularity, and Elm is probably going to go mainstream in 2018. There are alternatives like Mithril and Ember too.


The stats don't really suggest that vue is rapidly climbing in popularity:

https://npm-stat.com/charts.html?package=react&package=vue&p...

While popularity might not have anything to do with your use case, it still means a lot in terms of ecosystem, tooling, training, support and documentation.


See: https://github.com/showcases/front-end-javascript-frameworks

These things usually don't happen overnight. It will be interesting to take another look about a year from now.


The only way I see people stop using React is if there's an example of a company being counter-sued by Facebook as a result of the license or something like that.


Many companies already can't use React. The numbers will increase.


This such a non-issue and affects very small part of those that use React it won't affect the popularity at all.


This is true if only because sane people aren't using React exactly because of this issue.


I don't understand ASF's position on this. How is FB-BSD+P different from CDDL 1.1, which includes section 6.2 regarding termination of patent rights in the event of a suit?


ASF's license limits it's scope. ASF software cannot carry dependencies on licenses that have wider scope than their license. In addition to the scope, the FB license is very one-sided.

As such, ASF decided to disallow FB licensed dependencies. One particular ASF project did not have an alternative, so they asked FB to re-license. FB agreed to do so.

Because it was easy, and because the positive talk surrounding FB's license seemed to intimate that FB's intention was the same as ASF's license intention, they requested FB to relicense react so that it too could be included as a dependency on ASF projects.

Faced with making a decision, FB determined that their licensing strategy associated with litigation was more important than their ability to be included in ASF projects.

A lot of eyes were watching the request, many hopeful that the FB decision would justify and clarify their interpretation of the FB license and it's intentions. FB disappointed them though, and basically said "bugger off if you don't like it. We'll lose people, but we don't think it will be that many."

Judging from this discussion - and the fact that HN is one of the most pro-react communities around - this decision will not play out kindly and could be the death-knell of react's position as a major force in UI development.


This is a defensive answer. Facebook doesn't even enumerate the React related patents, so you're left guessing about that. At the very least, they should maintain and up to date list of patents granted. What do they have to hide?


With patents, it is usually best to not show your hand. Patent holders never publish the list of patents that read on their software.


Probably the fact that they have no patents with regards to React...


TLDR:

- They confirm Apache's legal reading of the BSD + Patents.

- They deny the part about Facebook being able to steal your IP because Facebook isn't like that.

- They refuse to codify changes to enforce Facebook isn't like that

- We therefore must assume Facebook is like that.


> I like that we clearly include a patent license in our repo. IMO it would be nice if more companies would choose this route too.

I don't get this. The Apache2 license also has a section on patents ...


Yes. And it says you lose the rights Apache granted you if you litigate any of the patents granted by Apache. Facebook's says you lose license to their patents if you litigate or even have shares in a company that litigates against Facebook for ANY patent. It's completely different. And toxic.


Hmm... "You don't like it? Go jump in a lake." Is that really an explanation?


Well generally React users seem to not care. So I don't blame FB. I guess the clause could be rewritten to be more like what Google/Apache 2.0 does - then everyone would be happy.


React was originally under the Apache2 license. So is this a bit of a bait-and-switch? https://github.com/facebook/react/blob/75897c2dcd1dd3a6ca462...

Also, could that original patent grant in the original license apply to later versions of React?


I don't think so, but you could fork from v11 (0.11 in old naming) as it was the last full release to use Apache.


No that is a gpl concept.


Does anyone have experience with https://preactjs.com/? Is it really the same (component wise)?


Yeah, I recently replaced React with Preact in compat mode, without problems.


I'm not sure if React (and the other projects that contain the PATENTS file) will survive the backlash to this in the long run. Vue.js is rapidly climbing in popularity, and Elm is probably going to go mainstream in 2018. There are alternatives like Mithril and Ember too.


Elm going mainstream?! What a prediction!


yeah I doubt about elm, but vue is definitely catching up.


Why do you doubt it? I'm pretty sure that Elm will do it. :)


Are there any big projects currently written in Elm?


What do you consider big? Elm is still in the early stages.

https://www.pivotaltracker.com/blog/Elm-pivotal-tracker/


I'm curious to look at any big and open Elm app, to look at how a big project feels like, especially one that probably has to interact with other JS. I ask only because a precursory search on GitHub revealed little.


That's a shame. I really like the React interface, but would never build a company with it at the core just on the principle. Revoking on first strike is super defensive and just plain slimy.

If there were something like create-preact-app (not forked from create-react-app) I'd be all about it. With special decorators, dogmatic separation of templates, styles and logic, and mutability I don't think I can get aboard the Vue.js train though I'll admit I haven't dove deep yet.

The worst part is how Facebook seems to be asking other big players to follow their lead in adding kill switches to FOSS. It'd be one thing if it were just React. Devs shouldn't let this become common practice.


There is a lot of confusion with regards to one point: the Apache Software Foundation did not make a request for a license change.

The Foundation does not presuppose to know how others should license their products. That is those others' choice. The Foundation does have policies on what licenses can be used, within the Foundation's projects. But that is for our projects, and not the same as pushing back against license holders.

So please. Stop with the meme of "Facebook rejected the Foundation's request". Not true. Facebook made a business choice, and the Apache Software Foundation will make its own choices.

The request came from one our projects' committers. Please do not confuse who speaks for whom.


it's not 'rejection' that's bothering ppl... most ppl don't care about 'rejection' whether it happened or not.


Someone please help me understand the problems here. The repository includes two documents: 1) a proper BSD license, and 2) a patent license. While reading the latter, I see no mention of it affecting the former.

So my take on this is that it's BSD-licensed code. Period. The patent license is a "bonus" and not at all required by the BSD license, and doesn't affect the BSD license. Any other company offering BSD licensed code is free to withhold licensing their patents at all. So are we suggesting that the patent license is a bad idea? That it's revocability is a bad idea? Why does this matter when the software is licensed under a BSD license?



This reads to me like it boils down to "oh, geez, stop making people read your additional licenses and just use ours." And that's fine. But the HN comments all make it sound like the situation with a custom patent license is an offensive affront to their existence as software engineers. And I personally disagree with that strong stance. Especially from a group that also seems to agree that patents in the software world are obnoxious and would presumably not ever sue over such a patent...


Seamlessly switched from react to infernojs[0] a year ago. The only difference is that the apps are way faster now in infernojs while providing me with more optimization options as jsx properties[1]. Also their support channel in slack is great[2].

[0] https://github.com/infernojs/inferno

[1] https://infernojs.org/docs/guides/optimisations

[2] http://infernojs.slack.com


Just as a thought experiment if every piece of software had a similar clause in their license it would mark the end of software patents. Isn't this what we actually want more of? Isn't _that_ actually the moral high ground?


If that were Facebook's goal, why wouldn't they just team up with a few other large companies and lobby for abolishing software patents in the US?


I actually think this is Facebook's goal. As for your question, I think they aren't trying to abolish software patents in the US because they judge (IMO correctly) that it is unlikely to succeed.


That seems highly unlikely, considering the way Facebook operates.


I'm trying to understand what the real world implications of this notorious clause could be - obviously a lot of it comes down to legal interpretation but would be interesting to know people's thoughts.

Say my company patent some key part of a product, and Facebook then release a product which infringes on this patent.

If my company were to sue Facebook for this (unrelated to React) patent infringement, then as I understand it, this patent clause would cease to apply to my company.

Does that then mean that Facebook could countersue my company for using React, saying that some part of React is patented and my use of it is therefore infringing that patent? This seems kind of weird to me, as React is a product that they put out there for people to use - it's like Microsoft suing me because I use Office and they have a patent on the ribbon UI or something.

Or does it just mean that some third party could claim that React infringes on some patent of theirs, and they can then sue my company saying my use of React infringes on their patent? (Whereas previously Facebook would protect my company against this)

Or does it mean something else entirely?!


This is the kind of thing that makes devs start new projects that look really close to projects that run this course. You know, just to spite this act.


Anyone knows what are consequences of ban from Apache Software Foundation? Okay, it has X-Cat exclusion by August, 31 (https://react-etc.net/entry/apache-foundation-bans-use-of-fa...) and what will happen after that?


https://www.apache.org/legal/resolved.html

"Can Apache projects distribute components under prohibited licenses?

Apache projects cannot distribute any such components. This means that no source code can be from Category X and that any convenience binaries produced may not include such contents. As with the previous question on platforms, the component can be relied on if the component's license terms do not affect the Apache product's licensing. For example, using a GPL'ed tool during the build is OK, however including GPL'ed source code is not"


Note that this only applies to projects from the Apache Software Foundation. Its policies do not affect outside projects, including those using the ALv2.

After August 31, no Apache projects can make a release that has a hard dependency/requirement on the FB/BSD+Patents license (same as for all other licenses described as Cat-X). Older releases will remain in the archives, but no new releases with such dependencies.


What advice would you say to someone who just who's only about 6 months in ( learning React ) ? A. Its not been that long.. walk away and learn something else. B. If you've put in the time try to get something out of it. C. I don't know what the whole fuss is about your not going to be building anything worth facebook's time anyway.


If this is for your own personal projects or your startup...you should just keep using React. Seriously, unless you've got millions of dollars to bring a patent suit against Facebook (do you even have any patents to defend?), this should not even be on your radar. You should be focused on building great product and execution: not patent litigation.


Don't ever hope of selling your business if it takes off though. The above may not apply to your potential buyers.


I really fail to see that. With Microsoft, Apple, Salesforce, Yahoo, Amazon, and many other big names using React in production...Chances are the acquiring company is already using React in some form. Furthermore, the value of your company is not in which front end framework you choose, it's in your distribution and product value to end users. If you really needed to rewrite your front-end in Preact (a drop-in replacement for React) or Vue, in order to satisfy a buyer, you could easily do so.


Thanks for clearing that up.


Even worrying - Caffe2 is licensed under the same terms. https://github.com/caffe2/caffe2/blob/master/PATENTS . This really makes Tensorflow the only real alternative for true, viable deep learning.


Disappointed to see no forward upfront stance on what Facebook will do if someone sues them for a patent infringement unrelated to React in any way.

Will note though that if Facebook does choose to revoke a license on the basis of getting sued for something unrelated it will definitely reflect poorly on FB in the developer community and reduce React's adoption.


> Disappointed to see no forward upfront stance on what Facebook will do if someone sues them for a patent infringement unrelated to React in any way.

Well, they've specifically related React if it's in use, so the only case where it's not related is if isn't being used by the plaintiff.

In a similar vein, people are wondering what Facebook will do with patent infringement suits that do have merit, to which I ask, when's the last time a company defending a patent suit stated the plaintiff's case had merit.


The whole ecosystem of amazing people and companies that helped build React is jeopardized, which is such a sad waste of code, development time, late nights, and humanity! Please think of long term gains and not exploding software licenses. There's already enough pain going round in the world.


> Do unto others as you would have them do unto you.

Imagine a small company releasing a new js framework with BSD+Patents license. Will FB use ever this framework? No. Because merely using this framework gives this small company the effective freedom to infringe Facebook's patents. Why? Because the cost for FB to shift frameworks will be huge, thus prohibiting FB to sue this small company for patent infringement.

Using a software with BSD+Patents license is almost giving up the right to sue this company. This is dangerously radioactive.


What I don't really understand is if they're worried about patent trolls, how would this have any effect at all?

Patent trolls are companies that don't create anything, and just sue with their patent portfolio instead, so why would they care that they can't use react patents anymore?


> like some other large companies do and only release software that isn't used in our most successful products

Closure Compiler [1], GWT [2], and protobufs [3] would like to have a word...

I realize they said "some" large companies, but it seems like there's plenty of precedent for successful tech companies to release core infrastructure as open source.

[1] https://developers.google.com/closure/compiler/

[2] http://www.gwtproject.org/

[3] https://developers.google.com/protocol-buffers/


My opinion on why this could now become a practical problem for people who still want to continue with React:

1) This will deter people and organizations from using such libraries. For example :- WordPress.com and many other companies have said that they will no longer use React.

2) Lower usage and application of such libraries means that lesser people will find bugs in them, lesser people will fork these libraries, lesser people will contribute to these libraries.

3) Facebook may itself lose interest in continuing to open source the library. Or add any new features to the open source version.

4) People may get stuck with bugs in such libraries and with no functionality being added to such libraries for years.


Let me make sure I understand this: The license means that Facebook grants you the right to use the patents on React, but if you sue Facebook for patent infringement, you lose the right to use React?


Wrt. the idea that without the grant, Facebook can sue you. A) There's this thing with "implicit grant" since they've open sourced it and grant you a license. But even without this, and more interestingly, B) If they sue anybody for anything regarding React, wouldn't they immediately loose the entire community around React? "Damn, they really sued Widgets Inc. over some bs. patent in React, better stop using this minefield right away"..


Facebook's position on this is weird. Any company that wants to use react and avoid liability arising from Facebook's terms can do so easily by incorporating a subsidiary or wholly separate company and paying that company $1 to license the UI built on react. Maybe this is about fencing off Google/Amazon/Alibaba/etc who might be reluctant to do something that would be technically legal but something that a jury might take a dim view of. That seems to been the thesis behind Oracle v Google.


Unfortunately the wording covers a subsidiary, agents act on behalf and any interest including financial even in an indirect way.


Since Facebook grants a license, the worst case scenario is you sue Facebook for infringing your "X" patent, and then they search your website and find a react ui, and then you say oh we bought that off WebKidCo. IANAL but it seems farfetched that a court could/would hold a company bound to such a broad clause for what it's supplier(s) did. Or you could just sue Facebook for using your patent "X" after having first moved the patent into a non practicing entity.


This theoretical litigation process with claims & counter-claims against Facebook would cost you millions. Patents are by themselves incredibly expensive to defend. Your "X" patent better be worth tens of millions and Facebook better be deriving millions in value from it, or this is just an exercise in futility.


Or just use Vue or similar library


I cannot help but look at this along with Facebook's copy to win strategy.

It appears to me that FB might be using their open source contributions as a Trojan horse to make sure others can't compete with them. If a startup happens to use FB open source tech for their startup, FB can duplicate everything they do, even legitimately patented stuff, and the startup is unable to fight back because their sign up page happened to be built in React.

This is giving just too much power o one company.


I have my doubts about the enforceability of BSD+Patents in a courtroom setting.

I think it's an intimidation play on the part of Facebook to keep large players from profiting off of their IP.


Onto the next Javascript framework!


I just noticed that software patents and employment anti-discrimination laws have some very similar problems. With the performance of manual labor jobs and physical patents the tests tends to be relatively objective, and that was probably what both laws was designed for. With many other jobs and with software patents this is often not the case, making the laws much easier to abuse for example.


As a side note, this is also why anti-discrimination laws still make sense for things like public places and voting, because the test for whether someone is able to vote for example tends to be objective.


I am no pro in understanding these licensing issue. Can someone help me how this affects if i) ReactJS is used in a company/organisation for their proprietor software? ii) ReactJS is used in a company/organisation for their distributed licensing software? iii) ReactJS is used in a company/organisation for a software which is opensourced?


If you use React you basically can't sue Facebook for infringing your patents, so it is giving them a free pass on your IP.


Of course you can sue them. It just comes with consequences.


> license is radioactive

Same is true for Fuchsia, Google's new os replacement for android / linux. See https://github.com/fuchsia-mirror/calendar/blob/master/PATEN...


In practice, here's who will can be reasonably expect to be affected.

1. large tech cos. they always want to reserve the right to sue each other.

2. large advertisers. they need the ability to sue FB for any beefs they have over the ads they have purchased.

So if you're one of the two, I think your general counsel will say not to use react for any new projects.


I don't think it's bad. "If we give you free stuff and you sue us, you no longer get free stuff"


My worry is that the BSD+patent license puts FB in the position where they are able violate valid patents that another company hold. If that company is using React, they will have a strong incentive not to pursue their claims against FB because it means they would have to rewrite their code. Is this a valid concern?


Facebook claims BSD+PATENTS is GPL compatible. I'd like to hear what the FSF has to say about that.


The two copyright-based licenses are compatible, based on pretty much every legal opinion published.

Facebook is offering a separate patent license, and that is out-of-scope of the GPL.


I agree the plain BSD 2 and GPL licenses are compatible. The issue here is how the PATENTS file from Facebook reduces an implicit patent grant by the BSD license making BSD+PATENTS into essentially a different license with less permissions than plain BSD.

According to the FAQ on the GPLv3: https://www.gnu.org/licenses/quick-guide-gplv3.html "Whenever someone conveys software covered by GPLv3 that they've written or modified, they must provide every recipient with any patent licenses necessary to exercise the rights that the GPL gives them."

So, since GPLv3 talks about patents, and the Facebook PATENTS clause reduces the implicit patent grant of BSD, I feel it is in scope for GPLv3. A plain BSD 2.0 license with an implicit patent grant would presumably provide enough patent rights to be compatible with GPLv3. To my reading of the situation, BSD+PATENTS does not seem to provide enough patent rights to comply with GPLv3 (because of the one-sided retaliation clause of Facebook's PATENTS file).

The GPLv2 is a different story which is less clear to me.

In section 7 GPLv2 says: "If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."

So, because some of your downstream users might not have a valid patent grant from Facebook if they sue Facebook for infringing their patents, does the last sentence imply you can't distribute the combined BSD+PATENTS and GPLv2 code?


Isn't React the slowest and largest React-like implementation anyway? Seems like this will just foster "nicer" implementations, I don't see what the worry is all about. It's not like React is some behemoth that can't be rewritten.


So for example if I create a product using React, something social-ish and it gets really popular. Facebook decides they like it and could easily implement something like that themselves. I find it to be blatant copy of my stuff. Nothing I can do there, right?


It's similar to the line "We can create apps or products that offer features and services similar to your app." that's part of the agreement for using the Facebook SDK. It's mostly a one way street with Facebook.


I wonder how much BSD + patents actually diminishes lawsuits for Facebook. Is React that widespread? What happens if you stop using React, and replace it with a clone like Preact?

I also wonder if this will hold up in court, or is purely a defensive measure.


Just say one, for discussion purposes. One is likely worth the (minimal?) loss of Goodwill/combinatorics/bundling with their licensing choice.


If it succeeds as FUD, they'll never have to defend it.


So, can I use React as my company's front end framework or not?

If I do use React, what is the specific legal risk (if any)?

PLEASE no emotionally charged comments - I just want a clear answer from someone who deeply understands the legal stuff.


You most likely certainly can with nothing to worry about. 99.99% of the world's developers will never need to sue Facebook for patent infringement. That is, unless Facebook begins reverse patent-trolling. But I see it as more of a decision on ethics at this point in time, and don't really see any reason to feel particularly threatened.


Once someone told me a story about two company that were building cars. One was building slick cars the other not so slick cars but with robust tires that could roll on spikes, additionally they were silently buying roads. So, there were quite even on the market, but one day suddenly spikes just popped up from roads. At, the time when I heard this story the "spike" company was referring to Microsoft.

So much about "do not be evil" policy although that is Google slogan one must ask is the Angular or Node.js next?

21st century and still greed for money and monopoly "one to rule them all" screwing open trusting hard working guy ... I know this is side ways but: how should we trust any other thing they release or talk about privacy, sharing, VR, Basic Income ... ?!


I think React is a very nice way to build UIs. I am still very dubious as to how serious this issue actually is. It still feels rather ginned-up to me. I can't understand what the real threat is here.


At this point not using Facebook OSS tools for development is like not using Google for search. There are so many popular FB libraries under the same patent license, React is just the most popular.


Does MIT license work for Apache in this case ? If yes, they can easily switch to Preact; https://preactjs.com/


Yes, it works just fine. Many projects at Apache rely on MIT-licensed code, and I know that several of the Apache projects are looking towards Preact as a replacement for their dependency upon React.


Can this problem easily be solved by avoiding to sue Facebook?

If I understand the issue correctly, there's a clause in their license that says the license is revoked if you sue them.

How risky is this for regular usage?


Can anyone explain if the patents license is anything more than "if you use our patents, we can use yours", or if that in itself is the thing that is offensive (and why)?


> Some even feel like they have to stop using UI frameworks because of it.

No, some feel they have to stop using React, not all UI frameworks, VueJS is pure MIT etc.


As a small startup, I absolutely love this. It gives me the advantage to use React while my bigger VC-funded competitors can't.


What exactly does this mean to users of React? I've seen some dystopian scenarios but they feel really far-fetched.


I have to say, I think Facebook is in the right on this one. I think the ecosystem would benefit greatly if this were adopted massively.

I also think very few companies are going to have a time where they need to sue FB for patent infringement (how many people have patents, how many of those patents should really exist, how likely is facebook to violate that patent)?

This mostly follows if you believe the world is a better place without software patents at all.


Does this mean Facebook can infringe on your patents and you cannot sue?


Well it's a good thing there are plenty of alternatives. React is big but it only does the view well (and half of state management -.-') it's not too hard to replace in a stack.

I salute its main author, Facebook and instagram for inventing the virtual DOM concept; it's fucking genius and helped us make better apps, faster.

but absolutely no need to use react now.


> Facebook has always benefited from open source and has worked to contribute back as much as possible to the open source community.

Yes, they have benefited from open source software under BSD, MIT, Apache licenses and giving back under BSD+Patent grant. What a load of bullshit.


is anyone else is having trouble to share the link on facebook messenger? http://imgur.com/a/TIQoP


Why is this unvoteable for me? :D


Way to close a debate.


Hopefully it'll take all those half assed React Native apps with it.


Same for Yarn...


Move to cycle.js. It's a better framework anyway https://cycle.js.org


People used to say that the GPL was illegal, unacceptable, immoral, and all sorts of other things. Then, gradually, everyone started using it, and copyleft became an acceptable software licensing strategy. I hope that BSD + Patents also achieves gradual acceptability.


People started using the GPL because it works fine for software that isn't distributed to consumers, e.g. on servers. Those uses have subverted the entire intent of he license, however.


> Those uses have subverted the entire intent of the license

You're reading too much into the intent of the license. GPLv2 being used on servers is a valid use case.

Tivoization is indeed subverting the intent of GPLv2, which is one of the reason for GPLv3. But in the case of Tivoization, you _are_ distributing the code to end users, rather than just running it on their behalf, and hence, in my eyes, violates the intent of GPL (that end users you distribute your software to should be allowed to modify the software).

Hosted software isn't like tivoization, in that the host doesn't distribute, and so no GPL issues whatsoever.


The more conditions we apply the less usage it will get. But adding conditions like everyone can share in the changes provides a different value and encourages more changes.

GPL works because it forces the source code to remain open allowing everyone to enjoy all new changes.

BSD works because you are free to repackage and resell with bsd code. This code can be used in an existing product.


/s

Angular is terrible.

React is trojan horse.

Vue is developed by Chinese.

/s

And I honestly just want a decent framework to write JavaScript. Maybe the framework war is just getting started after all.

Edit: I'm just summarizing and projecting the sentiments around the popular frameworks and wondering about the future, not sure why I got so much hate...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: