Finding Library Substitutions for Open-Source LIcense Violations

Over the years, it has become increasingly common for developers to reuse open source code during software development. While this can save them time and effort in development, software developers tend to misuse or misunderstand the software licenses in free and open source software projects (FOSS). Software licenses dictate how software can be modified, reused, and distributed. In the case of FOSS, licenses generally fall under two main categories: permissive and restrictive. When a license violation occurs in a developer’s project, failure to address it can lead to legal issues such as being prevented from distributing their software or even monetary implications. When addressing a library with a violation, replacing it manually can often be time consuming especially when the library has many features used in the developer’s project. In this paper, we propose a semi-automated approach to assess license compatibility within a codebase and suggest replacement method calls from another library. We implement our tool as an Eclipse plugin and demonstrate our approach is capable of finding potential license violations accurately and able to successfully recommend alternatives in both artificial and open source Java projects from GitHub.