This question isn’t library specific.  The problem exists in both FOSS development with UI elements as well as OER development when code and non-code assets with different licenses get combined and distributed as part of a project.

If none of the members of this list knows of a standard, I hoping someone can at least point me in the direction of developers who are having similar issues vetting licenses.

I’ve described the problem in detail in the queue of a popular OER project managed by the University of Colorado in, but the TL;DR version is…

- Currently most packaging systems include a license element (Packagist, NPM, etc) that use the SPDX identifiers (MIT, GPL-2.0,  CC-CY-SA, OFL-SIL, etc)
- Packages often include several licenses
- Figuring out which license applies to what is an important factor in determining compatibility

A project like does a great job of defining which license apply to what in the package’s description…

Font files - SIL OFL 1.1
CSS, LESS, and Sass – MIT
Documentation – CC-BY-3.0

But if I’m only looking at, it’s less clear if the package can be distributed with a license like GPL-2.0.  Because the OFL-1.1 licenses is normally only used for fonts, if assume that and also assume that the everything else uses the MIT since that’s the only other license named in the composer.json, I might come to the conclusion that the resulting combination can be distributed as GPL-2.0.

But what about CC-CY-3.0?  While typically applied to content (text, images, audio), it can be applied to code, there are enough projects like that use CC-BY-NC-3.0 license to only grant free use of their code for non-commercial uses that I wouldn’t be comfortable assuming what a CC license applies to.  And why does FontAwesome include the SIL-OFL license in their package for PHP projects, but not the CC-BY-3.0 license?

Thanks in advance for any help find a standard way to handle this!


Kevin Reynen
Lead Software Engineer – Web Express
University of Colorado Boulder