sp-dev-docs
sp-dev-docs copied to clipboard
SharePoint
SPFx license does not permit commercial use
What type of issue is this?
Question
What SharePoint development model, framework, SDK or API is this about?
π₯ SharePoint Framework
Target SharePoint environment
SharePoint Online
What browser(s) / client(s) have you tested
- [ ] π₯ Internet Explorer
- [ ] π₯ Microsoft Edge
- [ ] π₯ Google Chrome
- [ ] π₯ FireFox
- [ ] π₯ Safari
- [ ] mobile (iOS/iPadOS)
- [ ] mobile (Android)
- [X] not applicable
- [ ] other (enter in the "Additional environment details" area below)
Additional environment details
- not applicable
Issue description
We are using SPFx in our SharePoint solutions and are now in trouble because of its license.
A big german car manufacturer had its lawyers check the licensing terms of software components we use and found SPFx referencing a Microsoft Eula that does not permit commercial use: SPFx License
3. SCOPE OF LICENSE. The software is licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you will not (and have no right to): a) work around any technical limitations in the software that only allow you to use it in certain ways; b) reverse engineer, decompile or disassemble the software; c) remove, minimize, block, or modify any notices of Microsoft or its suppliers in the software; d) use the software for commercial, non-profit, or revenue-generating activities; e) use the software in any way that is against the law or to create or propagate malware; or f) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party.
This was already discussed here: https://github.com/SharePoint/sp-dev-docs/issues/4060
patmill stated what the intent is "you can use SPFx to build solutions and profit from those solutions. You can't resell or profit off SPFx itself"
On the other hand Microsoft is advertising the use of SPFx on the marketplace for commercial purposes:
- https://www.microsoftpartnercommunity.com/atvwr79957/attachments/atvwr79957/2222/539/1/Selling%20through%20Microsoft%27s%20commercial%20marketplace.pdf
- https://docs.microsoft.com/office/dev/store/monetize-addins-through-microsoft-commercial-marketplace
Could SPFx use a license which allows to use it commercially?
Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
Preface - I am not a lawyer, and I can't speak to licensing other than my understanding of how the licensing works.
As per PatMill mentions, you can build solutions using SPFx and sell them and use them Commercially. The license is in regards to actual proprietary build toolchain and framework, aka SharePoint Framework "SPFx". As he mentions, you can't re-sell SPFx the toolchain/framework, and call it something else.
You CAN use and sell products that you build using the SPFx toolchain.
Problem is, that lawyers take what they read in the Eula, not what is explained as intended :-)
So it would be really helpful if a license is used that explicitly states that SPFx can be used commercially.
Yes, but if the legal department, full of well educted lawyers, have a look at the EULA, than they read something different! And lawyers takes it very seriously. Unfortunately, it does not help to state out, how it is maybe intended, because the EULA is very clear: . . . ...you will not (and have no right to): . . d) ...use the software for commercial, non-profit, or revenue-generating activities;
For all ISVs and third party vendors worldwide, it would be very helpful, if that question can be clarified.
Right, it's important to differentiate what code you write, vs. what code Microsoft provides. The solutions that you create / build do not have SPFx code in them - it is all externalized. You can not sell the SPFx core libraries, tools, etc. You can build and sell your solutions for profit.
Hi @patmill,
Thanks for that and from a technical perspective, you are right and I understand that. But lawyers, in most cases, do not have the technical understanding. Lawyers just read the EULA and argument, we are not allowed to use that library or framework commercialy. How can we address, what you mentioned so even non-technical professionals are able to understand that?
If this is going to be a common problem, I would advocate that Microsoft updates the license agreement for more clarity and add Distribution criteria under the Use Rights of the SPFx license. Similar to how SharePoint Client Components (CSOM) EULA addresses this (Though technically, you aren't shipping any MSFT proprietary code with a SPFx Web Part as @patmill points out).
So, there was a discussion about 4 years ago, but that was it. We can reach out to legal affairs if needed. But as mentioned, you can't use the Microsoft code for profit, but you aren't doing that, you are using your own created code for profit. I'm not exactly sure how to get lawyers to talk to each other. Let me see what I can find.
I've gone through this numerous times with the legal and OSS teams at my employers - and yes, it's a nightmare every single time. π (And @patmill - I think I'm one of those to blame for raising this a few years ago...)
It doesn't get easier since tools such as license-checker lists a custom license (pointing to aka.ms/spfx) for 11 components (for production) And you'll get similar results using other OSS scan tools such as BlackDuck, WhiteSource etc. that many orgs has as a requirement to be part of the build pipelines.
Although, these are listed as direct dependencies they are not bundled, not shipped, but rather referenced - by using the externals settings of Webpack (which is hidden from plain sight). Exactly what you say. And unfortunately these scan tools does not see such build time optimizations/externalizations happening.
I think a simple article/page about this could make sense, and something CELA could approve of.
Coming back to this, I met with CELA (Corporate somEthing and Legal Affairs), and we are working on a clarification in the wording to make it clear that you can sell your solution for profit, but you can't sell / distribute / etc. the spfx libraries and so forth. I'll post the refined wording here once I get it.
OK, here is the planned update.
- SCOPE OF LICENSE. The software is licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you will not (and have no right to):
a) work around any technical limitations in the software that only allow you to use it in certain ways; b) reverse engineer, decompile or disassemble the software; c) remove, minimize, block, or modify any notices of Microsoft or its suppliers in the software; d) distribute, resell or otherwise profit from the SPFx software on itβs own; e) use the software in any way that is against the law or to create or propagate malware; or f) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party. FOR THE AVOIDANCE OF DOUBT, You may use the SPFx software to build or create solutions that may be for commercial, non-profit, or revenue generating activities, You can not resell or profit off of SPFx alone.
So d) should make it clar that you can't sell spfx, and the avoidance of doubt should make it clear that you can sell your solutions.
This will get into the 1.14 release (it needs to be translated into a bunch of languages, etc.)
The translations are done and new version of EULA is available here: https://aka.ms/spfx/license
Issues that have been closed & had no follow-up activity for at least 7 days are automatically locked. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: Issue List: Our approach to locked issues