Newtonsoft.Json.Schema icon indicating copy to clipboard operation
Newtonsoft.Json.Schema copied to clipboard

Published 20 hours ago verified publisher icon JamesNK

Invalid AGPL license with 1000 requests threshold ?

Open Tearion opened this issue 2 years ago • 2 comments

Hi, we moved from the older schema validation to the newest package from nuget.org and where suprised by a limit on 1000 requests per hour.

There is no information about this threshold in the license file in the code repository or nuget.org desctiption. Our developer just updated the package, because he got a depricated hint on his visual studio. So from my side it feels a little bit missleading, if you implement a threshold, that stops the open source software from working, that is licensed under a AGPL license. It feels more like a shareware.

if (_validationCount > maxOperationCount) { throw new JSchemaException("The free-quota limit of {0} schema validations per hour has been reached. Please visit http://www.newtonsoft.com/jsonschema to upgrade to a commercial license.".FormatWith(CultureInfo.InvariantCulture, maxOperationCount)); } }

The other thing is that i'm currently not sure, if it is possible to combine a AGPL license and a commercial license for the same source code. I found serveral discussions on stack overflow for another open source / commercial product that indicates, it could be a problem: https://opensource.stackexchange.com/questions/13075/can-a-company-offering-a-dual-license-agpl-paid-commercial-product-require-comme

So in our case, we removed the whole packages from newtonsoft.

Is it possible to adjust the information on nuget.org and check your license conditions?

Thanks

Tearion avatar Dec 08 '22 12:12 Tearion

Dual licensing is normal and common - https://www.synopsys.com/blogs/software-security/software-licensing-decisions-consider-dual-licensing/

The question in the issue you linked is about someone who publish software as AGPL but prohibited it from being used by commercial software. They can't prohibit that. AGPL can be used with commercial software. However, AGPL is viral, and the requirement to publish the entire app's source code usually isn't desirable.

JamesNK avatar Dec 08 '22 13:12 JamesNK

Getting this error in snyk, how should i correctly handle the licensing issue?

License issues:
  ✗ AGPL-3.0 license [High Severity][https://snyk.io/vuln/snyk:lic:nuget:newtonsoft.json.schema:AGPL-3.0] in [email protected]

brunomartinspro avatar Oct 19 '23 10:10 brunomartinspro