Hacker News new | past | comments | ask | show | jobs | submit login
Startups should not use React (medium.com)
332 points by nbmh on Aug 20, 2017 | hide | past | web | favorite | 168 comments



It's worth noting this "you can't sue us for violating your patents if you use our non-free open source software" is working as designed.

Facebook claims that if every company adopted a React-like license, that software patents as we know it would basically die. It's worth noting that both Google and Facebook's patent lawyers are generally of the opinion that software patents are net bad, but differ in their opinions of how to express that intent without exposing their companies to additional risk from patent trolls.

If you want to be acquired, then this is the opposite of what you want. You file patents for every part of the product you can; you audit your dependencies to avoid copyleft (AGPL and GPL) and React-like licenses, so your software can be folded into a 100% closed source product or shut down or whatever your acquirer wants.

If you run a start-up, and you're worried about the React license, you should be speaking to your own legal counsel about the best way forward.


This seems to be the case: the wording is pretty obscure and IANAL, but the risk if you use React and sue Facebook for patent infringement should only be that they can counter-sue you for any patents they may hold that apply to React.

And be careful: if Facebook has any patents related to React, they could very well cover also the React alternatives: I seriously doubt that eg the author of Vue.js researched if they were violating and FB React-related patents.

Edit: here the link to the patent grant https://github.com/facebook/react/blob/master/PATENTS

> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.

This should mean that the patent grant only covers you from being sued for any patents covering React technology, and that is the only protection you lose if you sue Facebook.


If Facebook's approach is so great, by introducing a legal provision in the OSS license, how come it has not been adopted by any other company except for Palantir, despite being introduced in 2014?

I analysed 75+ OSS projects from 35 companies, and Facebook is practically alone.

https://medium.com/@raulk/list-of-companies-and-popular-proj...


I commented elsewhere on this, but how about CDDL? IANAL but it seems to do the same thing, patent poison pill in the event of suit.


CDDL includes a "weak patent retaliation" clause [1], meaning you only lose the grant if you initiate a patent infringement claim within the context of the project, i.e. saying that the project you have adopted infringes a patent of yours.

And even if you do, the revocation takes effect in 60 days, which is pretty friendly IMHO.

[1] http://en.swpat.org/wiki/CDDL_and_patents


As a small startup, I absolutely love Facebook's React patent licensing. It gives me the advantage to use React (Native) while my bigger VC-funded competitors can't. It is like the opposite of economy of scale, haha.

(PS: i have no plan to be acquired or raise a VC round or file any patent)


If you read the article again, you will notice the point about how large communities don't form with these licenses.

Open source software shouldn't have any restrictions on who can use them and who can't. While this license don't specifically exclude a class of people explicitly, even you agree that big companies can't use these projects. So these projects effectively exclude hundreds of thousands of software developers (who work in >small orgs) from using this project and therefore contribute to it. This greatly hurts the project itself, while projects no using this kind of license won't have a problem.


Your bigger VC competitors probably used Preact, inferno or other vdom libraries so it's really not a great competitive edge.

Except it says that you're not serious about your startup's long term future.


I'm arguing that there will be no competitive edge. React got where it is today with the help of lots of developers.

If the current license problems came to light before, React would be an inferior project compared to others because the others will have more development. So the ecosystem around other popular project (VueJS?) would be bigger and more robust (because of the number of people providing feedback and filing bugs)


This would have no effect on NPEs, which are the most pernicious types of patent trolls as I see it today.


Right. The way of dealing with NPEs in the short term is to have patents (encourage employees to file for patents, and acquire companies with patents before NPEs do).

My understanding is that Facebook's long term vision is that no productive entity can assert its software patent rights, which should then make it politically viable to lobby for laws to be changed to invalidate all software patents altogether.


The patents clause does not restrict to software pattents, it applies to any patent. If I had any "normal" patents, I would stay far away from any open source project with this patent license (also I'm not a lawyer, this is not legal advice). I would never allow Facebook (or any company for that matter) to limit my legal rights. I understand that they need to protect themselves, but not at the cost of the damage that they are doing to the open source community.


Nerds shouldn't write opinion pieces about subject domains they don't understand.

Seriously, stop this. Sometimes you just need to admit you have no idea what you're talking about and shut up.

The author honestly thinks using Preact or Inferno could protect them from patent lawsuits. Oh, wait, maybe "Facebook holds any software patents on the Virtual DOM or the React APIs" so better use Vue and Cycle.

Unless you actually know

1) which patents Facebook holds and

2) which patents are relevant to each framework/library (i.e. React and various its alternatives)

stop giving people legal advice about which library they should be using.

The cosmic irony would be if Facebook didn't hold any patents covering React to begin with but DID hold patents covering parts of Angular, Ember, Vue and Preact, over which they can sue who they like because Facebook never gave them a patent grant for those. Sounds far-fetched? It isn't because we don't know which actual patents these could be and who holds them.

Or for all you know Google might sue you. Or Apple.

This isn't a discussion, this is literally just a bunch of nerds ranting on the Internet about problems they don't sufficiently understand, playing Three Blind Men with the elephant that is Software Patents.


> Nerds shouldn't write opinion pieces about subject domains they don't understand.

Following your words, you should not be even allowed to comment: https://en.wikipedia.org/wiki/Argument_from_authority

Seriously, stop this.


Argument "I know X" is different than "I don't know X and neither do you".


Not sure why this is downvoted?


> 1) which patents Facebook holds and

> 2) which patents are relevant to each framework/library (i.e. React and various its alternatives)

Facebook needs to come out and give us these answers. There are two scenarios:

1) They have "secret" patents, and the reason they hoard them is to use them as offense when being sued, forcing the suing party (whether "meritless" or meritful) significant monetary loss to rewrite their software with the goal of killing the suit, or,

2) They do not have any patents pertaining to the technology, and so if this is the case, why is the patents clause even present? Why all this hush-hush and incredible resistance to change?

It's dodgy as heck. From Facebook's POV of 1, it's fantastic, but _only to Facebook_ - that's why it's there, it's great strategy. For everybody else? Not so much. Either way, they are being immoral and unethical, especially towards their foundations (free and open source software) and user community and ultimately leads to fragmentation as people try to escape the clause (see Preact, Inferno, et al).


I disagree with the parent poster, but you're sort of confirming their point. There's no such thing as a "secret" patent. The very definition of a patent is that you publish the details in public, in exchange for a time-limited, exclusive right to it. If you want to try to keep something a trade secret, you don't patent it.


I am aware of that. That's why I put it in quotes. So far, nobody has found one that really pertains to React and co. So if that's the case and none exist, then go to (2), otherwise Facebook have one in their arsenal that nobody else is thinking about, and go to (1).


Everyone should have the right to write opinions about anything, even you. The only situation that I think that you do not have this right is exactly when your opinion is that others shouldn't have this right.

https://en.wikipedia.org/wiki/Paradox_of_tolerance


The BSD + Patents license doesn't imply anything about Facebook's own patents. React may not itself have any patents; that's not the point. The patents involved here are those not owned by Facebook. Facebook doesn't need patents on React to revoke your license to use React if you sue Facebook for patent infringement.

Edit: I see how my reading was wrong. The LICENSE file is still the same old 3-Clause BSD. The PATENTS file is what's new and different.


It is EXACTLY the point, as the only thing that gets revoked is the patent grant - not the software license.


That point is even clarified by the Facebook FAQ on the license, but it still seems to confuse most people.


Most people seem to just read the part in PATENTS where it talks about a "license" being revoked and go "I KNOW THIS" thinking it talks about a copyright license.

It's excusable if English is not your native language, but "license" doesn't have to mean "copyright license".


Nerds will stop talking about things they don't know the day where:

- other people will stop saying bullshits about computing;

- nerds will stop learning new things by trials and error.

None of those will ever happen, so make peace with the fact it will happen more and more.


I would be more charitable if it were clearer the author even read the patent grant to begin with, or understood the basic principles of what software patents even are.

The reason I'm saying "nerd" is that it's clear he has some expert knowledge about some things but apparently no grasp of the fact that this does not mean he has expert knowledge about all things.

Actual lawyers have come out on the patent grant and how it's basically harmless and pointless. It doesn't even require an actual lawyer to understand this. It just requires not being ignorant about intellectual property law.

The only valid argument against React is open source purism, which is why the Apache Software Foundation has banned it. They're not concerned about people suing people, they're concerned that it doesn't mix well with projects released under a pure Apache license. That argument is valid.

Every other argument boils down to "I don't understand the difference between patents and copyright". Even when the author shows a glimpse of self-awareness by saying "maybe Preact isn't safe either" he goes on to recommend other libraries as if they were 100% certified patent free.

Saying "I don't understand this, please explain" is okay. Saying "this is my expert opinion on something I don't understand and you should take this as advice" only spreads FUD.

Want to know whether you are at risk of being sued over software patents? Here's a simple checklist:

1) Are you using or writing source code?

If you answered "yes", congratulations, you're at risk of being sued over software patents.


Are you a patent attorney?


I also think this whole situation is overblown and edge cases are constructed as world-end scenarios.


Your argument is simply supporting my thesis.

1) I am not a lawyer, and my article simply analyses the compromises a company makes when adopting React (and other OSS projects licensed under the same terms), without going into Patent Law.

Some lawyers think that the patent-related legal provisions are not enforceable anyway, but then it begs to ask the question. If they are not enforceable, why is Facebook so adamant about keeping this license model? Surely there's something else behind this, some motivation.

2) Facebook claims their motivation is reducing patent litigation. And they claim that making this model widespread would benefit the entire industry.

Let's put that in context. They adopted this license in 2014 and, in the last 3 years, no other company aside from Palantir has followed suit.

I analysed 75+ projects from 35 companies (link: [1]), and none uses this license model. What's going on?

As I argue in my article, this kind of license may hurt the Open Source industry, more than it will benefit it.

3) No, I do not know (a) what applicable patents FB holds with regards to React, nor (b) those that may be in the works, nor (c) those they intend to apply for. Likely neither do you.

And that's the whole point of the article.

Most people and startups don't have access to an expert patent lawyer. Even if they did, would it be a good use of resources to engage them to evaluate the adoption of a frontend UI layer? No.

So just stay away of problematic stuff.

4) And as a result of the above, my stance is that I prefer to use a stack that grants me any patents unconditionally, or maybe with weak patent retaliation like the ASLv2 license, that's OK, i.e. I sue the holder over patents covering only the work I am using, I lose the patent grant for the work I'm using. Simple and symmetrical

5) Here's some food for thought. Would you rather relinquish your IP assertion rights with this "BSD-3 + strong patent retaliation" model, or would you rather pay $99/dev for a commercial license on React and not give Facebook any control?

6) Facebook exists thanks to Open Source. Zuck implemented it using the LAMP stack back in 2004. Would he have used LAMP if it entailed relinquishing any rights to initiate patent litigation?

---

As I said, I am not giving people legal advise, I'm just voicing out my opinion. But I do see a lot of React fans like you (based on your Github [2]) trying to diminish the arguments appealing to lack of authority and what not, without understanding the logic behind my argument.

Picking an OSS UI view layer should not require involving your legal advisors, don't you think?

[1] https://medium.com/@raulk/list-of-companies-and-popular-proj... [2] https://github.com/pluma

EDIT: added point 6.


> I am not a lawyer, and my article simply analyses the compromises a company makes when adopting React

No, your article is literally FUD. "I don't know what their goals are with this, so let's assume the worst". What could that be? Nobody knows, so let's assume it's really bad and you don't want it. F, U and D.

> I analysed 75+ projects from 35 companies (link: [1]), and none uses this license model. What's going on?

You're feigning surprise that no other company than Facebook provides a Facebook Open Source Patent Grant along with their BSD-licensed projects?

The only major licenses that contain patent grants are Apache 2 and GPL. As I'm not going to touch the GPL debate with a ten foot pole, that only leaves Apache 2 or no patent grant whatsoever. Turns out most projects just don't bother with patent grants.

There are good arguments for Apache 2. BSD+Patents seems to be a good compromise if you want a patent grant, but not one as unconditional as Apache's. This is not nefarious. This is literally more than the nothing 99.999% of non-GPL, non-Apache projects give you.

The only thing the PATENTS file does is remove the Heisenberg-esque "maybe a court finds this license implies some kind of patent grant or not" limbo the BSD would otherwise put the project in and replace it with a fixed set of legal certainties you can give your informed consent to or not.

> As I argue in my article, this kind of license may hurt the Open Source industry, more than it will benefit it.

I thought the point of your article was that startups shouldn't use it if they want to be acquired, oh wait, that's just the clickbait title to sell your opinion on.

Your entire "it's bad for OSS" argument boils down to a slippery slope of chilling effects. This is entirely conjecture. By your logic Microsoft would never have published ReactXP and React Native Windows. Google, Twitter, Amazon are actively using React in their products. Your argument falls flat if you even bother looking at the reality.

You defend your article by saying you don't want to be involved in flamewars because you're not a frontend developer. You're using intentionally provocative language to make a point about something you admittedly have no stake in.

Your article is trying to argue about open source purity but abuses a clickbait premise to garner attention in places like HN.

> So just stay away of problematic stuff.

Again, this shows you don't understand patents. ALL software is "problematic stuff". BSD+Patents, like Apache2 or GPL, provides certainty about a subset of patents. All other licenses provide only a vague sense of "probably the author won't sue me because that kind of fishing seems obviously unethical".

If you want to write an article about why React should be using Apache 2, write that fucking article. Don't try to cover it in startup-relevant buzzwords.

> 4) And as a result of the above, my stance is that I prefer to use a stack that grants me any patents unconditionally, or maybe with weak patent retaliation like the ASLv2 license, that's OK, i.e. I sue the holder over patents covering only the work I am using, I lose the patent grant for the work I'm using. Simple and symmetrical

Yes, you're an ASF contributor. Maybe you should lead with that instead of pretending you're impartial.

The world would be a better place if everyone used Apache 2. But what does that have to do with startup valuation? Stop spreading FUD.

> Would you rather relinquish your IP assertion rights with this "BSD-3 + strong patent retaliation" model, or would you rather pay $99/dev for a commercial license on React and not give Facebook any control?

Let me repeat what I just said: you don't understand patents. React works because it's open source. If React were closed source, it would be about as relevant as Sencha Ext. Not very. Try forking Preact/Inferno with a $99 "I bite any patent lawsuits levelled against you over this" license and see what happens. People don't care about patents.

> Would he have used LAMP if it entailed relinquishing any rights to initiate patent litigation?

Probably yes? He created Facebook as a one-off stupid thing in college. He might have migrated to something else afterwards. He might have open sourced that. Who knows? Who cares?

Again, none of this seems relevant to the headline: React supposedly being bad for startups because it hampers acquisition. You address this in a single section and the entire argument is a single pie-in-the-sky fictional scenario. None of your "empirical" claims back this argument up.

> React fan

Rich, coming from an ASF fan. Based on your logic I should assume you don't like BSD+Patents because it's incompatible with the ASF's purity requirements.

If you spent more time internet stalking me you would have noticed most of my work goes to Apache 2 licensed projects, not React. But that would not make a very good _ad hominem_.

I would love it if React switched to Apache 2. I would also love to see a lot of MIT/BSD projects switch to Apache 2. If it doesn't happen, I'm not losing sleep over it and neither should you.


Quite frankly, given your tone I didn't feel like responding.

I didn't stalk you: you include a link in your HN profile to your Github page, I only clicked on it. Consider removing the link if you don't want people visiting your Github profile, and learning what you engage in.

Many of your statements are imprecise/incorrect.

1. Patent grants are good. Many licenses, including ASLv2, MPL, CDDL, not only include a patent grant, but also a “weak patent retaliation” clause. A minor reprimand if you adopt a project and then decide to sue THAT VERY SAME PROJECT for patent infringement. That’s a pretty fair deal. Some licenses like CDDL are quite relaxed, e.g. they even give you a 60 days grace period after you initiate the litigation to migrate away from the software under dispute. Others like MPL not only remove the patent grant, but also the copyright license as well — which depending on the project could be assumable.

2. Facebook could’ve done the same (simply by adopting ASLv2, like they did with RocksDB when they wanted to allow Apache Cassandra to use it), but they decided to introduce a “strong patent retaliation” clause, where they protect all of their patents by immediately revoking all current (hypothetical) or future patent grants of ALL SOFTWARE with that license (which also includes Jest, immutable.js, draft.js, Flow, Infer, etc.).

3. As I said in my second article, aside from Palantir, no other corporation has adopted Facebook’s “BSD-3 + strong patents retaliation clause” since 2014 (when it was first released) – based on my examination, which I linked to in my previous comment. Meanwhile, FB claims wide adoption of this license would decrease “meritless patent litigation”. If it were true, companies should be running towards this license model. So how do you explain that no one else (aside from Palantir) has adopted it, over the course of 3 years? Something doesn’t add up. I’m sure they will explain at some point.

4. You do seem to complain a lot about my style. But with regards to content, aside from you trying to lecture me in several areas where you make mistakes yourself, your main point seems to be that the scenarios I paint are conjecture. Well, yes. They are conjecture. You see: people need to imagine possible outcomes in order to take decisions and act accordingly. If it had already happened, it wouldn’t be a blog post, it would be news.

5. Yes, I am an ASF contributor. I use GNU, ASLv2, MIT, MPL, CDDL-licensed software, and that also makes me versed (not an expert, of course) in the licensing field. I am impartial to licenses as long as they work for me and the purpose of the software I'm building. Is there anything wrong with that? Please stop making camps in your head. There is no React vs. ASF conspiracy nor battle taking place. Everyone is entitled to have their own opinion, and to study the consequences from their own angles.

6. Large companies who have adopted React, like Amazon, Microsoft, Airbnb, etc. have enough manpower to migrate away if they need to file a patent infringement lawsuit against Facebook. For them, adopting React could be a good deal. Startups don’t tend to enjoy that amount of manpower; I have already answered this several times.

I could be wrong in many of my statements, I acknowledge that. But the truth is that the license creates legal provisions whereby the scenarios I envisioned would be possible, even if several conditions would have to align. Hence, what is left? Trust that FB won’t go after you? Goodwill statements from FB’s team? Sorry, mister, but those are worthless. Especially when there are legal terms mediating.

We could keep going on forever, but my time is finite so I’m going to close this discussion with you here. Good luck!

Edit 1: changed the order of some points for better flow. Edit 2: minor changes in PS.

P.S.: BTW - you will find that OSS developers who are affiliated to some Foundation (Mozilla, Apache, Eclipse, etc.) tend to be versed in licensing, without needing to be lawyers. Everybody can understand the terms. You only have to be a lawyer if you're going to enforce them.


Fine. That you still don't address my main concern (i.e. that the premise of the article is clickbait and your entire argument about open source purity is orthogonal to it) tells me everything I needed to know.

> Patent grants are good.

So you're not upset with Facebook providing a patent grant but with the terms of that patent grant, fair enough.

> Facebook could’ve done the same

The projects using this patent grant are almost 100% sponsored by Facebook. They're not tied to any particular ecosystem or using Facebook services. If Facebook makes the use of the relevant patents contingent on you not suing them, I'm having a hard time feeling upset about it.

Yes, this isn't as permissive as Apache2 but "you get to use all my stuff as long as you don't sue me for stealing your ideas" sounds fairly benign.

> If it were true, companies should be running towards this license model.

This is literally an argument from popularity. Despite all appearances, IT can be mindnumbingly slow to adopt new ideas, especially ones involving politics. Most people don't care about patents -- heck, as can be seen from 90% of the people commenting on React's patent grant, most people don't understand patents.

In the JS ecosystem MIT and BSD are among the most popular licenses. The reason they're popular is that they're short and don't contain much legalese. Does that make them good licenses? Hell no, but it makes them appear easy to understand and simple. Adding a patent grant to that makes it "not simple". It's also something you have to do intentionally.

But that's beside the point. Let's just assume Facebook is wrong and having this be the standard wouldn't bring about world peace and the death of patents or what have you. Let's go with that. How does your assessment that this is evil and bad follow from that?

> Well, yes. They are conjecture.

Thank you. Then stop wrapping them as quality advice to trick people into reading your opinion.

> Please stop making camps in your head. There is no React vs. ASF conspiracy nor battle taking place.

You tried to dismiss my opinion by portraying me as a React fanboy. I pointed out why that is bullshit and you're throwing bricks in a glass house. Now you're accusing me of being the one who tries to make this about camps?

> Startups don’t tend to enjoy that amount of manpower; I have already answered this several times.

Your entire point is that startups shouldn't use React because bigcos might acquire them. Now you're literally arguing that bigcos don't have to worry about migrating away from React. Doesn't that seem entirely contradictory?

Sure, you could argue that bigcos will still factor in this cost into acquisitions but if they already pay that cost for their own projects it can't be so prohibitive to result in bad deals. And how do you rationalise Microsoft actively encouraging outside developers to use React to build on their platform? Surely this would make any resulting acquisition unnecessarily costly.

> Hence, what is left? Trust that FB won’t go after you?

Are you worried Facebook will go after you? Are you worried Google will go after you? Are you worried Apple will go after you? Software patents are already a minefield. You're far more likely to be sued by a non-operating entity.

A patent lawsuit can easily kill almost any startup. You seem to be obsessing over how many nukes you're going to be hit with while operating at a scale where being caught in the blast radius of even a single one would end you.

Oh, wait, this is completely irrelevant. The patent grant does not terminate when you get sued. It doesn't even terminate if you countersue. The patent grant ONLY terminates if you proactively sue Facebook or sue (or countersue) any user of React over React (including Facebook). If Facebook sues you and you countersue Facebook over your smart fridge patent, you still get to use React.

> but my time is finite

So is mine. But protecting people from unsubstantiated FUD is worth it.

> you will find that OSS developers who are affiliated to some Foundation (Mozilla, Apache, Eclipse, etc.) tend to be versed in licensing, without needing to be lawyers

Good, as every developer should be. But if your mischaracterization of how the patent grant can terminate isn't based on a lack of comprehension or absentmindedness, what am I to read into that?

PS: I meant what I said. You should have written an article entirely about the issues you have with the BSD+Patents issue from an aspect of open source purity. Without the conjecture and clickbait angle to it. I would have read that, too. I would probably have disagreed with some of it even if I would have upvoted it. But at least it would have provided the grounds for an honest discussion.

The argument is valid to be had. There's no point to dressing it up as if it were about startups.

You're not an idiot. You know very well that your article won't convince startup developers to drop React, it will only influence non-technical people who are risk-averse and see your headline without understanding any of it.

Instead of playing this game and claiming you "don't want to start a flame war" after writing an obviously inflammatory article, please salvage those ideas you buried in it and write that article properly.


I didn't read the whole article, so my comment is about the PATENTS file and not the article. The situation isn't just about React. The PATENTS file is found in many repos, and it's leaking into the entire open source ecosystem due to dependencies. Those kinds of conditions should not be added to Free software licenses.


React licence introduces unwanted licence complexity. If I make an OS project that uses React what is my licence?


Your license is still whatever your license is.

The PATENTS file is an additional patent grant. The BSD license contains no patent grant, it's just a copyright license.

You can even distribute React as part of an Apache2 project. The Apache2 patent grant explicitly only covers relevant patents the contributors hold.


And possibly also a restriction. It appears to say that if Facebook infringes your patents, you can't defend your patents.


Take your own advice


Totally agree with `Oh, wait, maybe "Facebook holds any software patents on the Virtual DOM or the React APIs" ` Writing articles is a mean to become famous!


_You_ should stop, immediately. Attempting to silence an issue because people are not experts on the issue is beyond immoral.

Please reflect on how you are hurting everyone, not helping.


There isn't an issue. The issue is software patents.

What's hurting people is self-proclaimed experts writing authoritative blog posts about what technologies people should chose and presenting it as if it were legal advice.

This entire drama is a 100% repeat of what pops up on almost a monthly basis because some random developer finds out about Facebook's open source patent grant and decides he has an opinion without even understanding the basic underlying concepts.

There are legitimate issues worth discussing, especially around the notion of open source purism (i.e. whether React should migrate to the Apache license to make it more compatible). But instead of having these discussions we get ridiculous unfounded opinion pieces by yet another "dude with an opinion" who didn't even bother validating his basic premises.


First off, the commenter doesn't have the ability to silence anybody (presumably).

Regardless, spreading misinformation or at least doubtful information is only going to hurt a cause. Blindly lashing out at things you don't truly understand is foolish. Encouraging others to do so is dangerous.

There are several issues with the article itself, but I think one of the most damning actually comes from the updates/notes at the top. Namely, that the author is "neutral and unbiased". Nobody is completely without bias. Especially if you feel so strongly as to write an article.


"Beyond immoral" seems to me somewhere between excessive and totally wrongheaded.

Bad advice has consequences and bad legal advice often doubly so. The law is nuanced, convoluted and often unintuitive. People really are better off going to an expert!


pluma has contributed 2 commits to react: https://github.com/facebook/react/commits?author=pluma

This isn't highly relevant but it can be a probable cause for bias.


I've also visited a number of React conferences.

I've also been writing code since 1995 and participated in web standards discussions during the XForms days landing me in the HTML Acknowledgements: https://html.spec.whatwg.org/multipage/acknowledgements.html

I'm also a contributor to a number of Apache 2 licensed projects.

I don't have financial ties to Facebook. In fact I'm opposed to the idea of working at Facebook.

I'm not sure what conclusions you want to draw from any of this, but feel free to do so.

I'm just annoyed to see this clickbait article on the frontpage of HN after far more knowledgeable people have had far more insightful things to say on the issue.

Yes, I want to see React succeed because I think it's honestly a good tool and the maintainers are doing a great job. But the reason I'm so obviously angry about this particular discussion is that it's spreading Fear, Uncertainty and Doubt over what is a total non-issue for any project that doesn't have to adhere as religiously to a single open source license as the Apache Software Foundation does.

This discussion lends itself to people who don't even grasp the difference between a patent grant and a copyright license patting each other on the back for agreeing on how horrible Facebook is. I don't like Facebook either, but the only people who should tell you whether you should be using Facebook open source software are your legal department or your lawyer.

Deciding against React because you might at some point in the future have a patent you want to use to actively sue Facebook is like deciding against buying a pack of tissues because you might at some point in the future decide to set your house on fire. It's mostly irrelevant and at the point at which it becomes relevant your house is on fire.


The author is making assumptions about what Open Source is and what should or shouldn't be. While many developers would like Open Source to be about "creating communities to build better software together" (myself included), open source just means that everyone can read the code.

Different developers and companies might use Open Source for different reason, included but not limited to: reduce Q&A, brand relevance, increase hiring power, strategic positioning, ideals that code should be _libre_, etc. Some companies and devs might even want several of those!

In this line, Facebook is a private corporation who I think we all agree their main reason for releasing React.js or any code at all doesn't seem to be purely idealistic. I would say strategic position (the best tool in the dev world, notably against Angular) and increasing their hiring power are really high within their reasons to release Open Source.

It is patently absurd to tell companies what to do and patronizing to tell developers what to do. Also, something that I don't see anyone arguing for/against is why so many big companies, even ones competing with Facebook, can use React.js freely and without worries? It's a point that anyone arguing against React is conveniently ignoring but I'd love to hear about.


I don't disagree with your general point, but I don't think we can ascribe a singular objective to Facebook as an entire organisation.

It was quite clear from the discussion around the recent github issue asking them to consider relicensing that there are many parties internal to Facebook with a say in the decision, and it's unlikely they all agree on everything. The React developer's motives for releasing React as open source are probably more along the lines of "creating communities to build better software together", and there are obviously others within Facebook who are motivated by protecting Facebook from lawsuits. What we see on the outside is the resulting compromise. See Dan Abramov's comments in the issue, particularly [1] & [2]

1: https://github.com/facebook/react/issues/10191#issuecomment-... 2: https://github.com/facebook/react/issues/10191#issuecomment-...


Sure, I totally agree. What I tried to express is that there is probably a hiring and brand push as well for keeping React Open Source, not that it is the only one.


Trust. Trust. Trust and Trust again. My brain becomes exhausted within seconds of reading a licence. Not just because I'm lazy, but because I know that however closely I think I'm reading it, I probably won't be reading it closely enough to be 100% sure of my conclusions (viz. the differences of opinion here from people that actually have read this thing).

So what do I do? I trust certain organisations and I don't trust others.

No-one in their right mind can trust Facebook. You might as well trust the Ocean.


Here's an idea: if you intend to lock people into a technology so you can sue them later, would you

a) build a small library that encourages modular code, has tons of escape hatches to use other libraries and has so few concepts it actually encourages learning the language and solving problems outside the library instead? Or

b) build a large monolith that comes with dozens of idiosyncratic concepts and its own way to solve every problem so you build your entire application inside of it?

If I was a patent troll, I would create Angular, not React.

I don't trust Google, I don't trust Facebook, I don't trust Tilde, I don't trust Evan You. But at least with React I'm not deeply invested in non-transferable knowledge and have easy migration paths if I ever need to move away from it.


Probably why I'm still using Backbone - and actively pondering other options!


You think there aren't patents covering Backbone?

Or any other part of your applications?


My concern isn't with Patents per se. It's mainly with the good faith of the originator of a particular piece of code. I mean yes there could be Patents covering everything and anything I ever do, but how would I assess such a thing. I haven't got much control over that side of things.

However, I can exercise judgement on the source. And my judgement on Facebook is that I never saw them do anything I liked.


There was a time when React was Apache v2! https://github.com/facebook/react/blob/3bbed150ab58a07b0c4fa... shows that license.

Has anyone seriously explored forking React from the last Apache v2 version?


If they published React under Apache v2 at one point in time, how can they later re-release under a new license and claim patent rights on it then? Since, assuming whatever patents they own covered this version of React as well...wouldn't that be considered prior art?


From what I understood, It is not a patent on React. As far as I can tell nothing about React is patented... and that is not the discussion over the past few days has been about.

This whole shebang has nothing to do with React itself, or the "technology" that React uses or anything, but more about the way many FB's open source libraries are licensed, one of which is React.

The license specify that you are free to use React as you would use a BSD licensed software, provided that you never sue FB for a patent. That means, if you use React, and you happen to own a patent for something that FB utilises, you can't sue FB without losing your React license. So, your option is either suck it up and let FB use your patented thing for free, or rewrite your software to take React out of it, and then proceed with the lawsuit.


> That means, if you use React, and you happen to own a patent for something that FB utilises, you can't sue FB without losing your React license.

Correction: Without losing your license to use any patents on React. Which...

> As far as I can tell nothing about React is patented...

I agree. Which means the entire issue is a huge paper tiger; you lose your right to use something that doesn't seem to exist.


I wouldn't say it's entirely paper tiger though, given that it also discourage you from exercising any patent you have against Facebook, no matter how legitimate the patent is.

I'm neither a native English speaker nor a lawyer to really understand the wording in the legalese, or if it only cover software patent or patents in general, but I think that clause is pretty broad.


Here's the thing:

If you have a potential patent claim against Facebook (or any other large entity) you know that they will, as a matter of course, dig through their enormous stockpile of patents looking for some counter-claims to make the second you file. Given the size of that stockpile, they're probably going to end up with a sizeable stack, so you need to engage in some serious due diligence before filing to evaluate the strength of your claims and the strength of their likely claims.

All the React patent grant means is that, IF this happens, they can add any React-based patents to the pile, if any exist. I rather suspect that there are no React-based patents, but it doesn't really matter if they are, because statistically speaking, it's not going to materially change the size of the stack. (Not using React entirely also won't materially change the size of the stack; any hypothetical React patents probably apply to whatever hypothetical non-React tech you used instead.)

> it also discourage you from exercising any patent you have against Facebook

No, what discourages you from exercising a patent against Facebook is that they're Facebook, and they have vastly more money, lawyers, and patents than you do. The potential React patents are the least of your worries.


If you have a patent against Facebook, let's face it, that patent claim is going to be bigger than React ever can be. The cost of switching out a JS framework would be well worth the benefits of taking a legitimate patent claim on FB.


> The license specify that you are free to use React as you would use a BSD licensed software, provided that you never sue FB for a patent.

Only if something in React is patented. As I read it, only the patent license is revoked if you sue Facebook, so if nothing in React is patented then the patent license is superfluous anyway and you should have nothing to worry about.

The issue with the Apache license seems to be that the Apache license itself contains a similar patent license with a similar revocation clause (if you sue anyone, but only if you sue them over the Apache licensed software). I presume (not a lawyer) this means the licenses are incompatible, and Facebook's software can't be used in an Apache licensed product.


> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.

This seems to support your point. But it's pretty obscure legalese.


As others have noted, you CAN sue Facebook if they infringe any of your patents, but then they could counter-sue you for any patents Facebook could have on React.

In other words: if you don't sue us, you don't need to care if we have a patent that covers some React mechanism. If you want to sue us, you should first check if we have any React-related patents we could use against you.


Also, you can countersue Facebook as long as you don't sue over patents you have on React. You also can't sue others over patents on React (without losing the grant).

Also more importantly, the conditions don't apply to the BSD license. The patent grant is a separate patent license on top of the copyright license. The license the patent grant refers to is the patent grant itself.


I don't understand this argument. They are the owners of the patents in question. That gives them a limited monopoly on the rights to use those patents, and can create any number of products using the patents, and offer them to you under any number of licenses.

Facebook re-licensing React doesn't create prior art, any more than an inventor manufacturing a new product using a patent they own would create prior art.


IANAL, and might be (likely) totally wrong. Here's my take on GP's comment.

Apache v2 has an patent clause which explicitly waives the rights of the licensor over the patents they might have on the licensed code. So, presumably, it doesn't matter if the current project has a patent because it was once licensed under Apache v2, and the so those patents can't really be exercised. Unless, any new additions since changing the license are patented. Since you can say the only code you've used with the current license is the diff from since it was Apache licensed.

But all of this is moot since you can't even take the risk of getting sued over a case which cannot be thrown out, because you might be bankrupt by the time the case is over.

Also the current discussion isn't just about the current codebase. It is about using any of FB's projects using this license and problems over suing FB (and its affiliates) for any patent infringement. (Oculus comes to mind because it presumably has tons of important patents)


Patent rights != copyright.


AFAICT that version still had patents.txt no?


I checked on the repo and I didn't see it.


I really like the idea behind this license.

They want to see a world where software patents no longer exist. So they write a term into their licensing that makes it really difficult for people who do like software patents to use their stuff.

I think I will move my projects over to a similar license. The only thing I would change would be to broaden it to invalidate if your company sued anybody over any patent.

If everybody did that, maybe software patents would finally go away.


>Facebook claims that if every company adopted a React-like license, that software patents as we know it would basically die.

If you think patents shouldn't exist then why is the purpose of the license to protect a single company from patent lawsuits. Why isn't the license covering any patent lawsuits of any kind to any party like the ASL does? Why does the license only protect facebook? What if there are patents that apply to react that facebook doesn't own? Patent trolls can't sue facebook but they can still sue users of react and continue to use react.

>If everybody did that, maybe software patents would finally go away. No because facebook can still sue you for other software patents for internal software they didn't release.

Facebook's patent grant is a halfassed solution. They are either outright malicious and merely acting in self interest or blatantly incompetent. But since they are unwilling to change the license and patent grant I'm betting on the former.


Facebook's licence is as half assed as the free Internet they wanted to bring into India and some African countries. It only benefits Facebook and comes with strings attached.


I'm glad you bring this up. React adopted this license in 2014. If FB's intent was really to have all corporations adopt this model, they've had 3 years to achieve that.

However, no other company other than Palantir has adopted this model. Not even in the Valley. The truth is that they are essentially alone.

Here's the follow-up article: https://medium.com/@raulk/list-of-companies-and-popular-proj...


This would only encourage fragmentation. Large companies have to resources to not use your software and create a competing product.


I think you meant encouraging centralization. And yes, big players will often find it cheaper to undercut you via reimplement than a sale. (Or force you to capitulate then get your employees.)


Does this mean I should primarily use services from startups that use React, so that they won't get acquired and the service shut down?


Also keep monitoring them for when they unviel their latest UI change for usability improvements which sublty removes React for some other framework. This change would be the canary in the mine and would probably be accompanied by changes in terms of use / privacy policy with some subtle word changes. One could almost imagine this monitoring being automated... if it could be backed up with data!


FUD, FUD, FUD. Pure FUD.

There are, AFAIK, no known patents on React. This means you can go ahead and sue Facebook for patent violations to your heart's content. The license they granted to you to use any of their patents applied to React (of which there are none) is terminated, and you can merrily continue using React.

If this is incorrect, and Facebook actually do hold patents on React, then all of the popular alternatives almost certainly infringe on them as well. So, the worst-case scenario is no different.


> There are, AFAIK, no known patents on React.

Really? That's your argument? If there are no public patents today, does it mean there's none in the works?

What tells you there won't be a patent tomorrow?

Let me ask differently. Assuming you're a software engineer, do you pick your stack based on the status quo? Or do you pick a future-proof stack, based not only in its position today, but its projection tomorrow?

What CAN happen today is not as important as what COULD happen tomorrow, based on the legal provisions you're agreeing to by adopting React.

> If this is incorrect, and Facebook actually do hold patents on React, then all of the popular alternatives almost certainly infringe on them as well. So, the worst-case scenario is no different.

This is absolutely incorrect. It depends on the content of the patent. For example, if FB filed a patent for React Mobile, it would not affect Preact and Inferno, as these frameworks do not deal with mobile rendering.


What tells you there won't be a patent tomorrow?

Nothing. But that applies regardless of whether I use React, or I use any other piece of software that Facebook may or may not take a patent out on in the future. Except, in the former case, I at least had a license to begin with.

This is absolutely incorrect. It depends on the content of the patent. For example, if FB filed a patent for React Mobile, it would not affect Preact and Inferno, as these frameworks do not deal with mobile rendering.

There is a small outside chance that Facebook might patent a particular thing that React does that no other view framework does. It's unlikely to be the case, since most frameworks accomplish the same things in the same way.


Then why do they bother the whole React community? Do people sue Facebook just because they use React and they spent hundreds of their lawyers hours in order to prove that there's no violation?


They don't – they bother a particularly vociferous group of people who continue to shout about a non-issue.


Ah, interesting. It would be nice to check if the people in this post are actually using React and also if the popularity of React is actually affected by these rants. Also, what about the non-React rule of Apache Foundation?


> AFAIK

Should I tell that to my investors? That AFA matthewmacleod on HN knows, we are good?

> then all of the popular alternatives almost certainly infringe on them as well.

But the lawsuit would be against those alternatives directly and not my company? I'm not sure about this, but I'm not also sure why we should be taking advice about this issue from non-experts.


You could easily use this argument against the writer of the original blog post. "Someone wrote a blog post saying React's license is bad"


That's a fair point. We really need some patent and license lawyers to weigh in on this and willing to put some skin in the game. I think Facebook should also be willing to change the license to clarify intent so they can't later use the license to do something other than what they claim they want to do: make software patents useless.



Thanks. I'm already aware of that article. What I meant by some skin in the game is the opposite of what the author included at the end of that article:

"Disclaimer: As with everything in law, I reserve the right to throw every word out like yesterday’s newspaper if presented with new information or a recent decision by a non-caffeinated judge. Hubris and the law make for bad bedfellows. If you have information or arguments that I didn’t consider, make them below! I will update this blog if any new information changes my opinion."


No, you’re not supposed to use my advice to decide what technology you should use. You would need to speak to an IP lawyer.

But the lawsuit would be against those alternatives directly and not my company

We are explicitly talking about a situation in which you lose the right to use patented technology in React because you sue Facebook for violating your patents. But if you don’t use React, you don’t have a license to use those patents at all in the first place. You’re in no worse position than you were.


I use react, and I'm not planning on stopping.

Having said that your argument appears to have missed the point, since this has nothing to do with patents on React itself.


Having said that your argument appears to have missed the point, since this has nothing to do with patents on React itself.

Can you explain this? It's precisely about that.

The worst thing that happens if you use React and subsequently sue Facebook is that you lose the license to any patents they hold on React. If there aren't any, then you literally lose nothing.


No, you are right, sorry.

I thought it removed the grant for a broader range of FB patents, but I see now that isn't the case.


Do most software startups even have patentable technology? I'm rather curious about this. Most consumer and SaaS apps I know of are built on non-patented software so I generally question this advice.

The fridge example was a case in point of how ridiculously low the odds of any company getting into patent litigation with Facebook are. To go to battle with FB you're gonna need millions and it's going to take years. That's not a light decision.


It's purely anecdata but I've worked for a dozen different companies in my career. The only companies that are still around today are the companies that had patents.


I worked for a $5 billion 25 year old company that had no patents to its name (until this year). What matters is execution and distribution, above and beyond patents, especially in software.


Are companies getting asked about React in M&A due diligence or has any lawyer recommended this, because otherwise this post is pure clickbait.


code licenses come up in even simple funding rounds. IP happens in due diligence to avoid "oh actually this one freelancer owns all the code"-style situations.


> If all giants agreed to open source under the “BSD + patents” scheme, cross-adoption would grind to a halt. Why? If Google released Project X under “BSD + Patents”, and Amazon really liked it, rather than adopting it and losing their right to ever sue Google for patents, they would go off and build it on their own.

This seems like a reasonable argument, but it doesn't seem to have deterred several big name companies from using React. Airbnb, netflix, and dropbox for example.


Developers are not lawyers, and developers and lawyers don't talk to each other all the time. I wonder how many of those companies even bothered to check the license, given how fast they have to move? I've been guilty of that as well in the past.


> I wonder how many of those companies even bothered to check the license, given how fast they have to move?

Airbnb, Netflix, and Dropbox? I guarantee you all of those companies have lawyers that reviewed the license.


Sure they have lawyers, but I highly doubt they reviewed it and I don't blame them since open source licenses have been pretty vanilla for over a decade now. The only companies that actually even really reviewed open source in terms of legal implications were extremely risk averse ones like the telecoms... in the 90s and early 2000s. Of course I could be wrong especially if any of those companies use a tool that checks licenses (I have my doubts).


Because it's a lot of work to go off and build your own.


Amazon is the poster child of idiotic software patents, see 1-click buying. If this makes their software development more expensive, I'll be really glad.


Aside from the validity of the article's claims about patents (see my other tirades about that) I'm not sure the point even makes sense.

React, the library, is at its core a glorified templating system. It provides plenty of escape hatches that make migration as well as inclusion of foreign UI components and libraries a breeze. It's stupidly simple to migrate away from.

If you are a high valuation startup looking to get acquired for your technology (rather than acquihired) I find it extremely unlikely your valuation hinges on your frontend code. And even if it does I find it extremely unlikely your frontend is tied so closely to React you won't be able to spend, say, 1MM replacing React with Vue or what have you (maybe at the cost of a little pizzazz).

If your frontend is animation-heavy, that likely doesn't live in React land. If your frontend is mostly static, it should be trivial to replace React as well.

If your startup is valuable, being sued over some frontend library is probably the least of your concerns. If the company looking to acquire you has enough cash in the bank to sue Facebook, they have far more than enough cash in the bank to replace React.


Just throwing this out there - replacing an entire front-end monolith framework in large part depends on the size/scale of the application, and how well it was implemented to begin with.


Okay, so maybe the recommendation should be "build your app around the assumption you may have to swap individual dependencies out in the future".

Amazingly enough, this recommendation is also beneficial if it turns out there are patents covering Angular, Vue or Ember.


I'm not using React for another reason. I don't agree with the way they treat their users (i.e., as a product).


What happened to the "software patents are ridiculous and should never be granted" argument?

Now it seems that the same sort of people advancing the anti-patent argument are angry about FB's licence. This seems like pretty muddled thinking.


It seems like the times have changed in that regard. If you hung around on slashdot in the 2000s, it was commonly accepted that software patents are bad, and that the GPL was more good than bad.

Now, it appears there are many people thinking they will at some point get filthy rich with their patents. And I've frequently seen the GPL being derided as some sort of communist plot.

It's good to see that at least the large companies are still on the side of openness, although I fear what will happen when today's commentators become tomorrow's CEOs. Imagine something like the nodejs ecosystem, except now you'll have to buy a $1000/year subscription to the "node modules starter edition".


"So you've sewn up the market eh? Here's your check for $500million."

"But don't you want to know what technology we built it with?"

"No."


> If there is no chance of igniting a community, there is no reason to open source.

I see most of this article as a dangerous way of thinking, but especially the above.

The mentality I get from this quote (especially combined with its context) is basically: I should only open source something I'm working on if I can build a community around it (that I control/influence/benefit from).

Open sourcing your software should be the default. If I make a tool or small library/function, I would more look for a reason NOT to open source it. When I can't think of one, I will open it up, regardless of whether or not there is a "chance of igniting a community".


Can someone please share what patents cover react?

Because if they're revoking patents that don't cover react then there should be no problem to continue using react right?


If I understand that license correctly, it is not 'patents that cover react', it is 'any facebook patent, present or future'. Also as explained in the article, it is also about my patents if I have any, in case facebook tries violating them. Far wider than 'react patents'.


I understand that but here's the scenario I'm talking about:

- I use React for my startup's dashboard

- I sue facebook for violating my startup's patent without removing my react dashboard first

Now, what patents can facebook use to counter sue me that they couldn't sue me with anyway had I not used react?


As far as is known: None. There don't seem to be any patents.


Facebook won't counter sue you. They don't have to. You just lose your right to use React, due to its license.


That's not true: https://code.facebook.com/pages/850928938376556

Facebook can't take away your rights to use React under the BSD license, no matter what you do.


I believe you still have a right to use it under copyright law since the license isn't terminated, it's just that potentially you may be infringing some patents, but so far nobody has actually pointed out what those patents would be, so I think it's a valid question.


You only lose the patent license, not the copyright license. So it is important to know if facebook actually owns patents covering react and if those patents cover other frameworks as well (e.g. because they cover all virtual DOMs).


The problem is if you ever found facebook infringing on one of your patents, you could not sue them -- your react patent grant would be rescinded.

This is not a behavior of free software.


This is the same BS repeated on HN almost every day now. You can sue FB anytime, whether you use React or not. You do not give them any kind of permission to use YOUR patents just by using React.

The only thing that happens when you sue FB over patents is that your patent grant covering React is gone, reducing your license to a regular BSD license. If you use Angular, vue or whatnot open source products covered by licenses without patents grants, there is NO guarantee whatsoever that this piece of software is free from patents of Google, FB, Oracle your favorite patent troll from around the corner. Yet people seem more fine with using software which comes without any patent grants whatsoever, and declare that hell would come over us if the FB patent grant on the software would be revoked.

Btw, clauses that revoke patent grants when you sue a party are pretty regular and present in the Apache License v2 and the (L)GPLv3, no one is crying about it and says that those licenses are not open source anymore. The GPLv3 goes even further and invalidates your right to use the software at all if you start sueing people who created that software.

Gosh, I am so happy to live in the EU where we do not have to deal with this kind of BS and can just use the best technology that solves the problem.


I agree that it is frustrating to have to constantly push back against the hysteria around the license, however, I think parent was correct in their initial assertion - "The problem is if you ever found facebook infringing on one of your patents, you could not sue them -- your react patent grant would be rescinded.".

While rescinding the patent grant does not remove your license to use the product, I've seen some lawyers argue that Facebook's license is weaker than a "regular BSD license". The argument goes that a "regular BSD license" has an implicit patent grant that is stronger than what the React license offers through its explicit patent grant. Thus, you are not reverting to a "regular BSD license", you are reverting to a "regular BSD license MINUS the implicit patent grant".

(http://en.swpat.org/wiki/Implicit_patent_licence#USA)

(IANAL so I have no particular understanding whether this is a good legal argument, but assuming it is, it seems like a strong counterpoint).


Wait... I live in the EU aswell (UK).

What do you mean by:

"Gosh, I am so happy to live in the EU where we do not have to deal with this kind of BS and can just use the best technology that solves the problem."


Software Patenting theoretically does not exist in the EU[1]. But in practice I guess it's up to the interpretation of the law by national courts.

[1] https://en.wikipedia.org/wiki/Software_patents_under_the_Eur...


You're responding to something I never claimed.

My only point was Free Software (in spirit) does not take away (patent)rights once they've been granted.


Exactly! And if the day came where this because an issue, for 1/10th the cost of actually retaining a lawyer and reasonably going after Facebook for a patent, you could rewrite your app in something else.


This is a badly written article full of FUD. It's written by an angry backend engineer, not a lawyer, and it shows.

He goes from this:

> The instant you sue Facebook, your patent rights for React — and any other Facebook ‘open source’ technology you happen to use) — are automatically revoked.

To this:

> If you use React, you cannot go against Facebook for any patent they hold. Full period.

"Full period", really? Because the first does not imply the second. This is now how patent law works.

Now, I'm not a lawyer either, but broad assertions like these should tell you that there's emotion at work here, not reason. In his fourth update, he made a list of companies that add something about patents to their open source licenses, implying that somehow that that proves something.

So the thing that people confuse here is patents and copyrights. The BSD license grants you the right to use works copyrighted by Facebook people and contributors. The patents clause, further, promises that should Facebook hold any patents that cover the OSS, they won't use them against you, unless you sue them first.

There is the whole idea floating around the internet that a BSD license somehow ensures that nobody will sue you for patent infringement. I really don't understand where this comes from. Hell, Android is Apache Licensed (which includes a patent grant) and still anyone who makes an Android phone has to pay license fees to all kinds of patent trolls (Microsoft most notably). These things are totally separate.

So first, if you sue Facebook for patents, you lose their patent grant (so they can sue you back, which everybody always does anyway - it's the only defense companies have in patent wars). But you don't lose the BSD license or anything. That's not how it works. All you lose is Facebook's promise not to sue you because you use React.

Secondly, and this is the core point, patents don't cover code, they cover ideas. Any patents that Facebook might have that, right or wrong, cover React, will surely be written broad enough that they also cover Preact, Inferno, Vue.js probably, and I bet also Angular. Not using React but one of these other libraries therefore makes no difference - in both cases, Facebook can use their React-ish patents to sue you.

To my understanding, patent lawsuits rarely get to the nitty gritty details of actual patents in reality. It does not matter whether a Facebook patent written broadly actually covers Vue.js or not - in practice, more often than not, companies will compare the height of the patent stacks they have, and agree on a settlement based on that.

All this patent grant says is that Facebook gets to use their patents that cover OSS to make their stack of paper a bit higher. Like they would if they hadn't made a patent grant at all.

So, repeat after me: using open source does not shield you from patent infringment lawsuits.


What makes the PATENTS file legally binding? If I install React via NPM/Yarn, or even as a dependency of another project, I will not see this file.

LICENSE is a pretty common convention and you could argue I should seek out this file in every one of my dependencies' dependencies - but how would I know to look for PATENTS?

Are all statements in the code base legally binding? Could they be hidden in a source file somewhere?


Let's phrase it this way: what do you gain from pretending the PATENTS file isn't legally binding?

The BSD license contains no patent grant. You'd be on very thin ice expecting a court to rule that the BSD copyright license also implies a patent grant. And in this specific case that defense would likely never hold because the PATENTS file even if it weren't binding would signal the intent.


If you didn't have the patent grant, then the default position would be that Facebook could take legal action against you if your use of React infringed any relevant patent they hold, whether you had sued them first or not.

Ignoring (wilfully or otherwise) the PATENTS file doesn't make you any better off.


And it's existence doesn't make me any worse off? It only grants patents that I wouldn't by default have?


IANAL, but yes, that is my understanding.


Not a lawyer, but I can imagine it can be expected that you do some due diligence before installing it through npm - like checking the website whether their license allows you to use it, and on what terms.


Exactly. The "they didn't force me to comply" defence hardly ever holds.

In the Netherlands, somebody was recently fined for using an image she got from a "free photo's" website. It was a picture that was illegally published on that website, and the judge said she should've checked whether it was actually royalty free. The fine was even higher than expected because she also cropped the picture, which was another breach of copyright, apparently.


If you refer to the case in De rijdende rechter ("The traveling judge"): she didn't have to pay a fine, but pay damages to the opposing party (which applies to civil rather than criminal law). In addition to that, both parties have agreed to submit to a binding arbitration decision, with the 'judge' actually being the arbitrator, despite what the program's name would suggest. That means that the decision doesn't actually have to follow the law.

I personally find it unhelpful that the program never clarifies that it is a display of binding arbitration instead of a decision by a judge. I've seen the layman confuse the two quite a few times.


You are correct, damages, not a fine, I used the wrong word.

Also, while I agree that they don't have to follow the law, they usually do. In the end, the 'judgement' is still based on the law and legal precedent, like in an actual court case.


If what you say is true then I think our tool chains are failing us.

My React project has 1,015 dependencies (directories in node_modules). If I didn't have locked versions then every minor automatic update could bring in more dependencies without me knowing.

Can anyone honestly say they've done such due diligence?


Can anyone honestly say they've done such due diligence?

That seems doubtful.

And that's a real and potentially serious problem, because IP laws typically don't contain any exemptions for code you're using that infringes someone's IP rights just because it was contributed by a third party.


I agree that that would probably fall into the same category as saying that you've read the terms and conditions.

That said, the amount of dependencies you have locally installed is likely to be a multitude of the number you'd get if you'd exclude devDependencies, which I'm guessing don't count.


Can the title be generalized? Like don't use anything from FB?


This is true, all of Facebook's projects have the same PATENTS file. The title is the most clickbaity though, which is the intention of the piece.


Yarn, RocksDB and ZStandard does not.


Even if everything in this article were 100% correct, which is clearly arguable, think about how this would truly play out. Company X would sue Facebook. Facebook would sue them back for using React... and then... lawsuits would ensue. Attorneys would do their things. Cases would be argued out of court. Lots of legal stuff would be going on, and plenty of time would be had for the engineers to select and move to a new framework.

Yes, I think there are problems with the license, and I'm not using React. But do I really think those problems will result in some scenario where you have an overnight show-stopper of your business because of it? Extremely unlikely.

Startups need to stop fearing the law and start understanding it.


What is the safe alternative here?

I mean probably FB got patents.

and

Probably they have at least one that covers things React can do.

Almost every framework moved to components and virtual DOM.

So there is a big chance that any framework out there could infringe some of these React patents.

So their either can

revoke your React license when you sue them

or

Sue you over patent infringement if you don't use React


You're mostly right, except:

> revoke your React license when you sue them

Incorrect; all they can do is revoke your patent grant and then sue you for patent infringement. They can't "revoke your React license".

So the difference is, if you use React they can only sue you for patent infringement if you sue them first; if you use something else they can sue you no matter what...

...if they have a patent on React. Despite your breezy assertion, patents are public, people have looked, and none have been found.


So other libraries can't be sued because there are no patents to be infringed?

And it doesn't matter that FB terminates the patent grant if you sue them, because there were no patents to start with?


Have you watched Wargames? The only winning move is not to play.

If you have code, you're at risk of being sued over software patents. In the end if you do get sued it likely won't be Google or Facebook, it will be some patent troll you've never heard of that randomly extorts companies into bankruptcy and can't be countersued because they're a non-practicing entity (i.e. they don't have code).

Maybe Facebook has patents for React. Maybe Facebook has patents for other libraries. Maybe other companies have patents for React. You won't find out until it's too late, so stop worrying.


It almost makes you wonder if startups should make a point of using react somewhere, even if it's just peripheral so as to be sure that they have a patent license for whatever frontend framework they are using.


There were a lot of people in the older thread about the patents stuff saying things like "well, are you ever going to sue Facebook?? You don't need to worry about the patents stuff".

But consider this: Facebook do something disastrous, like leak a bunch of private or financial data and it affects you really badly. There's a class action against Facebook. Now you can't join it, because you don't wanna rewrite your app without React to ensure Facebook can't counter sue over a patent that may or may not exist on React.


Except that the patent grant states that the grant only voids if you sue (or are contributing money to such a cause) because of patents. The grant is still valid if you sue Facebook for non-patent related issues.


This doesn't convince me. As a consumer patents and patent lawsuits are almost always bad. Patents reduce options in the market, lawsuits between companies waste resources, startups being acquired reduce market options. The only real argument is that it will prevent communities from forming. But I don't buy it. Open source needs competition too, monolythic ecosystems are bad. As an example, Apple didn't want to contribute to gcc so they created LLVM which is a boon to everybody.


apple did not create llvm. llvm started as an academic project, and apple took advantage from its ecosystem -- same as many other companies did.


I wonder if Facebook's claims that they are doing this in order to make patents useless would have legal standing. In other words, if they become "evil" about this patent clause at some point in the future and try to enforce this in the bad ways that people are imagining might happen, then doesn't Facebook's clearly and publicly stated intentions hurt any claim they would make which goes against those intentions?


Facebook is like the Disney in the tech world. They want to be that trove of intellectual property.

They take free-to-use stuff (Disney is cheap ripoff of Hans Christian Anderson's fables), and create "magical" stuff that they protect with their arsenal of lawyers.

If Facebook is able to pull the wool over our eyes this time... OSS is gonna be in a bad place in the next century just like how Disney single-handedly lobbied to change public domain laws in America.


Someone with knowledge should bring clarity to all this noise!

My understanding is, if I sue FB for some patents, they can sue me back with any patents they may hold on React. We do not know of any such patents they own. So practically I am no safer if I use preact/vue or even Angular, since they may own some patents that cover those tech.

tldr; Do not sue FB unless you have muscles.


It truly seems non-mature businesses should stop relying on open-source with "baggage" and utilize only free software (AGPL3+) that has dual-licensing for commercial use with support as e.g. in Qt, unless you are 100% sure for your product lifecycle you won't get into direct business collision with the "baggage" author.


AGPL is too toxic to use. Fortunately, there's not much compelling software using it, so it's easy to avoid.

Businesses should shun AGPL, period.


Why is AGPL toxic? I'd advise all developers to do dual AGPL/commercial license for all their open source projects. AGPL would guarantee that their work is not used by others without giving back anything; commercial one to keep them afloat and allow proper business.


"Look, we were going to buy you for $500million but our thorough due diligence has turned over a rather nasty stone that you probably wished we didn't look under. You know what I mean don't you? YES - we found out your dirty little secret that you're using ReactJS. Due to this, we have decided to pull the deal in favor of your competitor who uses AngularJS. What you need to understand is that although you've cornered the market with your superb software and business model, we are dead serious about never buying companies that have built on ReactJS. We have a deep, and we think entirely valid, concern that Facebook will, at a point in time, suddenly pull the carpet from under you and Mark Zuckerberg will be laughing at us saying 'suckers... we sure got you with the whole ReactJS ruse didn't we!'"

"We're also not very enthused about you building on Amazon - surprised you'd take a risk like that, it doesn't indicate much business sense."

"Sorry to say, but your business, due to the ReactJS decision, is worth $0."


If you're using angular, you're almost certainly using Typescript which contains this less extreme version of the same sort of patent clause:

3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

As I understand it, Angular in general doesn't contain a patent grant at all. Believing that that is superior to a grant that is removed in certain circumstances requires some contentious legal argument that as far as I know has not been demonstrated to stand up in court.


But TypeScript compiles to JS right ? How can one prove it's "used" in production ?


my reason is that your app doesn't need the whiz bang reactiveness of react of any other frontend framework just yet. it's just extra overhead.


I've been saying this for months. Don't use React!


Easy workaround: Install Preact. No code changes required, at least not for me last year.


even the creator of preact said he doesn't know if he infringed FB patents with the creation of preact, because nobody knows what React covering patents FB holds.


And in this, the situation is exactly the same as with any front end library, or even not using one at all. It's almost impossible to know if you're infringing any patents.


Wouldn't Preact run into the same hypothetical patents as React?


Yeah because small startups will totally go after Facebook. Make sense. Wow.


Google looking to acquire small startup X? Not anymore because they use React. Wow.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: