Open Source License Compliance Basics
TL;DR: Most teams don't need to become license experts, but they do need enough context to recognize when a dependency might create obligations or require a policy decision.
This page gives a practical, engineering-focused overview of common open source license concepts. It is not legal advice, but can help teams ask better questions and spot potential issues earlier.
Common license families
- Permissive (MIT, BSD, Apache-2.0, ISC) – generally easier to combine and redistribute.
- Copyleft (GPL, AGPL, LGPL, MPL) – may introduce sharing or reciprocal obligations.
- Custom or proprietary – can have bespoke terms that need careful review.
Why compliance tools exist
- Modern applications depend on large graphs of third-party packages.
- Licenses can change across versions, especially for transitive dependencies.
- Manual tracking is difficult at scale without automation.
How Inspectly fits in
Inspectly's Dependency License & Risk Inspector is a lightweight, client-side helper that surfaces heuristics and potential license risk signals from dependency lists you paste into the browser.
It is not a full SBOM generator or a replacement for enterprise compliance tooling, but it can help catch surprises early in development.
Try the Dependency License & Risk Inspector
Paste a dependency list into the Dependency License & Risk Inspector to see how license heuristics can highlight potential risk.
This content is for informational purposes only and is not legal advice.