JavaScript License Web Labels: Background and Rationale

Users browsing the web nowadays typically run huge amounts of proprietary software on their computers, often unknowingly. Free software is succeeding on the desktop partly because of the copyleft protection guaranteeing users be told up front when a particular program is free for them to use, study, share, and modify. On the Web, browsers download and run JavaScript without ever informing users of the program's license or their freedoms—or how other programs deny users' freedoms.

To address this problem, we developed the LibreJS program which recognizes nontrivial JavaScript code and checks its license. Its functioning depends on specifying licenses in a way that a program which lacks human intelligence can reliably recognize. In addition, all GNU software licenses require distributors to state the license with the software, so recipients know their rights, and to say where to find the source code.

The simple way to specify the license is with a stylized comment in the JavaScript code. However, that can be inconvenient for minified library files, so we have developed another way to state their licenses: JavaScript web labels.

Rationale

Conditions in free software licenses to include a copy of the license terms and access to source code are almost always easy to follow when software is distributed through the Web or other Internet channels. However, distributing JavaScript embedded in Web sites is complicated by a couple of unique factors: visitors usually receive the software without expressly requesting it, and webmasters can only serve a single file of JavaScript code (so they can't, for example, send an archive file that includes other resources required by the license).

These issues combined leave webmasters with few obvious ways to provide additional material required by free software licenses. The simplest solution would be to serve only JavaScript in source code form, with a full copy of the license in its comments. That can be acceptable on smaller sites, but when JavaScript begins to represent a lot of repeat traffic, webmasters are understandably reluctant to serve so much data. Our method gives them a clear place to serve additional license resources—and visitors a clear place to look for it—by addressing both of these points. First, it makes the software distribution visible by offering “JavaScript license information” through a link. The linked page gives webmasters a space where they can publish those resources that's appropriately prominent but not confusing to visitors.

Machine readability

In order to make it easier for people to reject nonfree JavaScript in their browsers, our method is specific enough for a plug-in or other software to find the site's table of JavaScript license information, confirm that all of the JavaScript is under a known free license, download the source code, and confirm that it corresponds to the optimized JavaScript that's being served from the site. This way, visitors can quickly and conveniently check whether or not the JavaScript is free, and decide accordingly whether or not they want to run it. LibreJS is a plug-in for Mozilla-based browsers that helps users avoid running nonfree JavaScript, and it will implement these checks to enhance its capabilities.

We considered using another format like RDF as the basis for our system, in order to simplify this job for programmers by giving them more detailed information in an easily parsed format. However, our goal was to make this information accessible to human readers first, and machines second. Using well-structured HTML provided the best match with those priorities.

Next steps

We are not saying that webmasters that host free software JavaScript must follow this specific method to comply with the licenses. Every free software license clearly lays out its own conditions, and any webmaster who wants to use a different method that meets those conditions is welcome to do so. However, this method has the benefit of making full license information readily accessible to visitors—an issue that's been a struggle to address to date—without compromising webmasters' ability to serve JavaScript the way they feel is best.

We are very interested to hear feedback and suggestions about other ways we might accomplish the same goals, while making the system more useful for webmasters, site visitors, or developers working on license-checking software. If we get enough suggestions to publish a new method that's noticeably improved over this one, we'll do so. (That's why this method uses such a verbose identifier for the license information table: to allow software to distinguish this method from others we might craft in the future.) If this is an issue that you're interested in, please subscribe to the LibreJS mailing list, and write there with your comments and suggestions. We look forward to hearing from you.