Now that 2022 is under way, it’s a good time to take a look at the open source license usage trends in 2021 and compare them to previous years.
Our research team has collected information from the Mend database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2021. Results show that the use of permissive open source licenses continues to rise, while usage of copyleft licenses, especially GPL licenses, continues to decrease.
It’s no surprise that permissive open source licenses continue to dominate. The Apache 2.0 license and the MIT License are far more popular than the GPL family, together comprising over 50% of the top open source licenses currently in use.
Permissive licenses place minimal restrictions on how others can use open source components. They permit varying degrees of freedom to use, modify, and redistribute open source code, and they allow the use of permissive-licensed open source components in proprietary derivative works, requiring nearly nothing in return.
As open source usage has become common practice in organizations, and open source libraries dominate most corporations’ codebases, companies are showing a clear preference for components with permissive licenses because they place minimal limitations on the users.
When it comes to open source creators — as demand for permissive licenses rises, so does the supply. Creators attach permissive licenses to their open source projects because they want to reach as wide an audience as possible. While releasing an open source project under a permissive license means that corporations can use them and build on them without having to give much back to the community, so far most open source creators continue to choose the permissive route.
According to this year’s data, 78% of open source components have permissive licenses. That’s a 2% rise from last year’s 76%. Only 22% of open source licenses are copyleft, compared to 24% last year.
We’ve come a long way since the Apache 2.0 license shook things up by pushing the GPL 3.0 license from second to third place in 2017. This year Apache 2.0’s ascent continues, as it takes first place with 30%, rising above the MIT license’s 26%
GitHub’s choosealicense.com explains that the Apache 2.0 license’s main conditions require preservation of copyright and license notices, providing an express grant of patent rights, and allowing licensed works, modifications, and larger works to be distributed under different terms and without source code. Apache 2.0 is the license for quite a few popular open source projects, including Kubernetes, which may be one reason for its rising popularity. Another reason is Apache 2.0’s explicit patent grant, which is often a sticking point for developers.
The express grant of copyright may be one reason why end users are choosing the Apache 2.0 license as a safer choice that covers the patent angle, as opposed to MIT’s brief license that doesn’t address patent rights.
This year, the MIT license took second place, with 26% of open source licenses. While no longer in first place, don’t expect this short and simple license to lose much popularity in the foreseeable future. Ben Balter, attorney, open source developer, and Senior Product Manager at GitHub, said that developers choose the MIT license because “It’s short and to the point. It tells downstream users what they can’t do, it includes a copyright (authorship) notice, and it disclaims implied warranties (buyer beware). It’s clearly a license optimized for developers. You don’t need a law degree to understand it, and implementation is simple.”
GitHub’s choosealicense.com, states that the MIT license “lets people do anything they want with your code as long as they provide attribution back to you and don’t hold you liable.” A few years ago Facebook very publicly replaced the contentious React license with an MIT license.
While GPLv3 keeps its third place position, it dropped from 10% in 2020 to 9% in 2021. GPLv2 also kept its fourth place position, going down to 9% from 10% last year.
This year GPL v3.0, GPL v2.0, and LGPLv2.1, which all came in the top 10, got a combined 21% out of all top 10 licenses, which marks a slight decrease in popularity for the GNU GPL family of licenses.
The GPL was a trailblazer at the start of the open source revolution and is the OG of the copyleft or viral license. When users incorporate a component licensed under one of the GPL licenses, they must release its source code and the rights to modify and distribute the entire code. In addition, they are required to release their source code under the same GPL license.
There will always be GPL users. It’s the Linux kernel license, created by a huge open source community. However, it’s clear at this point that business-wise, the preference is for licenses with fewer restrictions and limitations.
The tension between creating a viable business model and maintaining a robust and successful open source project continues to grow. We will continue to see open source projects struggling to find the balance between making a profit and being supportive members of the open source community.
As much as support for the open source community continues to thrive, we will most probably see more hard-working unpaid creators and maintainers of small but critical projects updating licenses for a better business model or even abandoning projects due to burn-out.
Of course, we will also have the community in contentious debates over larger enterprises that will update their open source offerings claiming they can’t afford to give away their work.
The open source community continues to expand and evolve, and new business models will rise and fail, as the decentralized nature of the open source community continues to deliver a wide spectrum of diverse opinions and new ideas that defy the consensus. One thing remains certain: open source is here to stay, and it appears that currently, when it comes to licenses, the less restrictions, the better.