Open Source License Types: A Complete Guide

The most popular open source license. Permits commercial use, modification, distribution, and private use. Requires only that the copyright notice and license text be included in all copies or substantial portions of the software. No warranty, no liability. The MIT license is used by React, jQuery, Rails, .NET, and tens of thousands of npm packages.

Also known as the "FreeBSD License." Functionally identical to MIT -- permits all use with attribution. The only difference from MIT is the wording. Used by FreeBSD, some parts of the Go standard library, and many academic projects.

Adds a "no endorsement" clause to BSD-2-Clause: you cannot use the name of the copyright holder or contributors to endorse or promote products derived from the software without written permission. Used by the original BSD operating system derivatives, Django, and many scientific computing libraries.

A simplified version of MIT/BSD written by the Internet Systems Consortium. Functionally equivalent to MIT but with cleaner, more concise language. The ISC license removed the "sublicense" and "sell copies" clauses from MIT because they are considered redundant under copyright law. Used by the ISC BIND DNS server, OpenBSD, and many npm packages.

A permissive license with an explicit patent grant. Contributors grant users a royalty-free patent license covering any patents that the contribution necessarily infringes. This provides stronger IP protection than MIT or BSD. However, the patent grant terminates if the user initiates patent litigation against the licensor. Used by Android, Kubernetes, TensorFlow, Apache HTTP Server, and the majority of the Java ecosystem.

A public domain dedication. The author waives all copyright and related rights, placing the work in the public domain worldwide. If public domain dedication is not legally effective in a jurisdiction, the Unlicense grants a permissive license as a fallback. The Unlicense is more aggressive than CC0 in its waiver of moral rights. Some legal scholars question whether a complete waiver of copyright is possible in civil law jurisdictions.

A public domain dedication created by Creative Commons. Waives all copyright and neighboring rights to the maximum extent permitted by law. Unlike the Unlicense, CC0 includes a comprehensive fallback license for jurisdictions where public domain dedication is not legally possible. CC0 is preferred for data, documentation, and configuration files rather than software, though it is used by some software projects.

Designed specifically for software libraries. If you dynamically link against an LGPL library, your own application code does not need to be released under the LGPL. However, you must: (1) allow users to replace the LGPL library with a modified version, (2) provide the LGPL library's source code, and (3) not impose additional restrictions on the LGPL components. Static linking triggers the full LGPL copyleft requirements, requiring that the user be able to relink the application with a modified version of the library. Used by glibc, GTK 2.x, and many GNU libraries.

The LGPL-3.0 is structured as additional permissions on top of the GPL-3.0. It provides the same library-level copyleft as LGPL-2.1 but adds the GPL-3.0's anti-Tivoization provisions: if you distribute a device that contains LGPL-3.0 software, you must provide the installation information needed to install modified versions of the LGPL library on that device. Used by GCC runtime libraries and some GNOME components.

File-level copyleft. If you modify a file that is under MPL-2.0, you must make the modified source of that specific file available under MPL-2.0. Your own new files can be under any license, including proprietary. This makes MPL-2.0 one of the most commercially friendly copyleft licenses. MPL-2.0 also includes an explicit "Larger Work" provision that allows combining MPL code with proprietary code without the copyleft extending to the proprietary files. Additionally, MPL-2.0 has a built-in compatibility clause with GPL-2.0+, LGPL-2.1+, and AGPL-3.0. Used by Firefox, Terraform (pre-BSL switch), and LibreOffice.

Module-level copyleft used primarily in the Eclipse/Java ecosystem. Modifications to EPL-covered code must be released under EPL-2.0, but your own modules that merely depend on EPL modules remain under your chosen license. EPL-2.0 includes a secondary license clause that allows the original author to designate GPL-2.0+ as an alternative license, enabling combination with GPL projects. Used by Eclipse IDE, Jakarta EE, and many Eclipse Foundation projects.

The license that started the copyleft movement. GPL-2.0 requires that if you distribute a "work based on" GPL code, the entire work must be released under GPL-2.0. "Distribution" means providing copies to others -- using GPL software internally without distributing it does not trigger the copyleft obligation. The key question is what constitutes a "derivative work": static linking clearly creates one, dynamic linking is debated, and separate process communication (via pipes, sockets, or RPC) is generally considered not to create a derivative work. The Linux kernel is the most prominent GPL-2.0 project, and its "syscall exception" explicitly permits userspace programs to use kernel services without becoming derivative works.

GPL-3.0 adds several provisions beyond GPL-2.0: (1) an explicit patent grant from contributors, (2) anti-Tivoization provisions requiring "Installation Information" for consumer devices, (3) compatibility with Apache-2.0 (resolving a longstanding incompatibility), and (4) stronger protections against DRM restrictions. The anti-Tivoization clause is the most controversial addition -- it requires that if you distribute GPL-3.0 software on a device, you must provide the keys and instructions needed to install modified versions. This is why the Linux kernel remains GPL-2.0 only: Linus Torvalds has publicly rejected GPL-3.0 because of this provision. Used by GCC, GIMP, Bash, and many GNU utilities.

The AGPL-3.0 is the GPL-3.0 with one additional clause (Section 13): if you run a modified version of the software on a server and users interact with it over a network, you must provide the source code to those users. "Interact remotely through a computer network" includes any interaction via HTTP, WebSocket, gRPC, or any other protocol. This means that SaaS providers using AGPL-3.0 components must release the source code of their entire application -- not just the AGPL component, but the complete combined work. Major companies including Google have banned AGPL internally. Used by MongoDB (before the SSPL switch), Grafana, and Nextcloud.

Created by MongoDB in 2018 after Amazon launched DocumentDB as a managed MongoDB-compatible service. The SSPL is based on AGPL-3.0 but extends the network copyleft to cover the entire "service" -- if you offer the SSPL software as a service, you must release the source code of your entire service stack, including management software, backup systems, monitoring tools, and deployment automation. The OSI rejected the SSPL as not meeting the Open Source Definition because of this extreme breadth. MongoDB, Graylog, and some Elastic products use the SSPL.

A time-delayed open source license created by MariaDB. Software under BSL-1.1 is source-available with restrictions on production use for a specified period (the "change date"), after which it automatically converts to an open source license (the "change license," typically GPL-2.0 or Apache-2.0). The "Additional Use Grant" field specifies which production uses are allowed before the change date -- for example, HashiCorp allows non-competing use. BSL-1.1 is used by HashiCorp (Terraform, Vault, Consul), MariaDB MaxScale, Sentry, and CockroachDB.

Created by Elastic for Elasticsearch and Kibana after their SSPL adoption was met with community pushback. ELv2 is simpler than SSPL: you can use, copy, and modify the software for any purpose except (1) providing it as a managed service, and (2) circumventing license key functionality. There is no copyleft component -- you do not need to share your modifications. This makes it more commercially practical than SSPL for organizations that are not competing with Elastic's cloud offering.