Open source licenses create a legal framework that plays a crucial role in the widespread adoption of open source projects. Without a license, any source code available on the internet could not be openly (re)distributed. Although recent studies provide evidence that most popular open source projects have a license, developers might lack confidence or expertise when they need to combine software licenses, leading to a mistaken project license unification. This license usage is challenged by the high degree of reuse that occurs in the heart of modern software development practices, in which third-party libraries and frameworks are easily and quickly integrated into a software codebase. This scenario creates what we call “multi-licensed” projects, which happens when one project has components that are licensed under more than one license. Although these components exist at the file-level, they naturally impact licensing decisions at the project-level. In this paper, we conducted a mix-method study to shed some light on these questions. We started by parsing 1,426,263 (source code and non-source code) files available on 1,552 JavaScript projects, looking for license information. Among these projects, we observed that 947 projects (61%) employ more than one license. On average, there are 4.7 licenses per studied project (max: 256). Among the reasons for multi-licensing is to incorporate the source code of third-party libraries into the project’s codebase. When doing so, we observed that 373 of the multi-licensed projects introduced at least one license incompatibility issue. We also surveyed with 83 maintainers of these projects aimed to cross-validate our findings. We observed that 63% of the surveyed maintainers are not aware of the multi-licensing implications. For those that are aware, they adopt multiple licenses mostly to conform with third-party libraries’ licenses.

开源许可证创建了一个法律框架，该框架在开源项目的广泛采用中起着至关重要的作用。没有许可证，Internet上可用的任何源代码都无法公开（重新）分发。尽管最近的研究提供了证据，表明大多数流行的开源项目都具有许可证，但是开发人员在需要组合软件许可证时可能缺乏信心或专业知识，从而导致错误的项目许可证统一。在现代软件开发实践的心脏中发生的高度可重用性对该许可证的使用提出了挑战，在该实践中，第三方库和框架可以轻松，快速地集成到软件代码库中。这种情况创建了我们所谓的“多许可”项目，当一个项目的组件被多个许可所许可时，就会发生这种情况。尽管这些组件存在于文件级别，但它们自然会影响项目级别的许可决策。在本文中，我们进行了混合方法研究，以阐明这些问题。我们首先解析1,552个JavaScript项目上可用的1,426,263个文件（源代码和非源代码），以查找许可证信息。在这些项目中，我们观察到947个项目（占61％）使用了多个许可证。平均而言，每个研究的项目有4.7个许可证（最多256个）。进行多许可的原因之一是将第三方库的源代码合并到项目的代码库中。这样做时，我们观察到373个多许可项目引入了至少一个许可不兼容问题。我们还对这些项目的83位维护者进行了调查，旨在对我们的发现进行交叉验证。我们观察到63％的受调查维护者不了解多许可的含义。对于那些了解这些知识的人，他们大多采用多种许可以符合第三方库的许可。