Skip to content

Fix licensing vulnerabilities and strengthen freemium model legal protections #1823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 25, 2025
Merged

Fix licensing vulnerabilities and strengthen freemium model legal protections #1823

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6734c2a
Update licensing documents to clarify Pro features and license valida…
AbanoubGhadban Sep 25, 2025
a7c6aaf
Update LICENSE.md and package.json to clarify Pro licensing terms
AbanoubGhadban Sep 25, 2025
39bd5bf
Refine LICENSE.md to streamline Pro licensing terms
AbanoubGhadban Sep 25, 2025
55c349a
Refactor licensing to clearly separate MIT and Pro scopes
github-actions[bot] Sep 25, 2025
a22230b
Fix package.json license field and add license validation mechanism e…
github-actions[bot] Sep 25, 2025
c98118b
Update LICENSE.md
AbanoubGhadban Sep 25, 2025
f408946
Update LICENSE.md
AbanoubGhadban Sep 25, 2025
ca4d093
linting
AbanoubGhadban Sep 25, 2025
37d1f26
Remove examples of prohibited modifications from LICENSE.md to stream…
AbanoubGhadban Sep 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 37 additions & 8 deletions LICENSE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,41 @@
# Licensing

- **Core**: MIT (this file)
- **Pro**: see [REACT-ON-RAILS-PRO-LICENSE.md](./REACT-ON-RAILS-PRO-LICENSE.md)
This repository contains code under two different licenses:

---
- **Core**: MIT License (applies to most files)
- **Pro**: React on Rails Pro License (applies to specific directories)

## License Scope

### MIT Licensed Code

The following directories and all their contents are licensed under the **MIT License** (see full text below):

## MIT License for Core React on Rails
- `lib/react_on_rails/` (excluding `lib/react_on_rails/pro/`)
- `node_package/src/` (excluding `node_package/src/pro/`)
- All other directories in this repository not explicitly listed as Pro-licensed

Comment on lines 12 to 18
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | πŸ”΄ Critical

🧩 Analysis chain

Consistency checks: align metadata and license text with docs

  • Confirm package.json license expression is acceptable to npm tooling.
  • Ensure Pro license text actually contains the β€œeducation/personal/non-production” allowance and anti-circumvention language referenced here.

Also applies to: 24-31, 66-77

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# 1) Inspect package.json license fields across the repo
rg -n --type=json -H '"license"\s*:\s*' -C1

# 2) Validate that the Pro license file exists and includes key terms
fd -a '^REACT-ON-RAILS-PRO-LICENSE\.md$' -x realpath
rg -n --heading -C2 -e 'educational|classroom|personal|non-?production|evaluation' \
   -e 'anti[- ]?circumvent|circumvention|bypass|reverse engineer' \
   REACT-ON-RAILS-PRO-LICENSE.md

# 3) Cross-check that directories listed here match docs/DIRECTORY_LICENSING.md
echo "Dirs listed in LICENSE.md (MIT vs Pro):"
rg -n 'lib/react_on_rails/pro/|node_package/src/pro/' LICENSE.md
rg -n 'lib/react_on_rails/|node_package/src/' LICENSE.md
echo "Compare with DIRECTORY_LICENSING.md:"
rg -n 'lib/react_on_rails/pro/|node_package/src/pro/' docs/DIRECTORY_LICENSING.md
rg -n 'lib/react_on_rails/|node_package/src/' docs/DIRECTORY_LICENSING.md

Length of output: 188

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) List Pro license files in the repo
echo "Pro license files:"
fd -e md -g '*PRO-LICENSE.md'

# 2) Search for educational/personal/non-production and anti-circumvention terms in each Pro license file
echo
echo "Key terms in Pro license:"
for file in $(fd -e md -g '*PRO-LICENSE.md'); do
  echo "== $file =="
  rg -n --heading -C2 -e 'educational|classroom|personal|non-?production|evaluation' \
     -e 'anti[- ]?circumvent|circumvention|bypass|reverse engineer' "$file" || echo "  (no matches)"
  echo
done

# 3) Verify LICENSE.md directory listings
echo "LICENSE.md directory entries:"
rg -n -C1 'lib/react_on_rails' LICENSE.md
rg -n -C1 'node_package/src' LICENSE.md

# 4) Verify docs/DIRECTORY_LICENSING.md directory listings
echo
echo "docs/DIRECTORY_LICENSING.md directory entries:"
rg -n -C1 'lib/react_on_rails' docs/DIRECTORY_LICENSING.md
rg -n -C1 'node_package/src' docs/DIRECTORY_LICENSING.md

Length of output: 3429

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) License field context in package.json:"
rg -n -C2 '"license"\s*:' package.json || echo "license field not found"

echo
echo "2) Presence of custom license file reference:"
rg -n '"licenseFile"\s*:' package.json || echo "no \"licenseFile\" key"
rg -n '"licenseFilename"\s*:' package.json || echo "no \"licenseFilename\" key"

Length of output: 321

Sync package.json and LICENSE.md with SPDX expression and docs

  • Add "licenseFile": "REACT-ON-RAILS-PRO-LICENSE.md" to package.json so npm tooling resolves LicenseRef-Proprietary.
  • In LICENSE.md’s Pro section, replace lib/react_on_rails/pro/ with lib/react_on_rails_pro/ and add packages/node-renderer/ and packages/react-on-rails-pro/ to match docs/DIRECTORY_LICENSING.md.

This license applies to all files within this repository, with the exception of the code located in the following directories, which are licensed separately under the React on Rails Pro License:
### Pro Licensed Code

```text
SPDX-License-Identifier: LicenseRef-Proprietary
```

The following directories and all their contents are licensed under the **React on Rails Pro License**:

- `lib/react_on_rails/pro/`
- `node_package/src/pro/`

See [REACT-ON-RAILS-PRO-LICENSE.md](./REACT-ON-RAILS-PRO-LICENSE.md) for complete Pro license terms.

**Important:** Pro-licensed code is included in this package but requires a valid React on Rails Pro subscription to use. Using Pro features without a valid license violates the React on Rails Pro License.

---

## MIT License

This license applies to all MIT-licensed code as defined above.

Copyright (c) 2017, 2018 Justin Gordon and ShakaCode
Copyright (c) 2015–2025 ShakaCode, LLC

Expand Down Expand Up @@ -41,7 +65,12 @@ SOFTWARE.

## React on Rails Pro License

The code in the directories listed above is part of the React on Rails Pro framework and is licensed under the React on Rails Pro License.

You can find the full text of the license agreement here:
For Pro-licensed code (as defined in the "License Scope" section above), see:
[REACT-ON-RAILS-PRO-LICENSE.md](./REACT-ON-RAILS-PRO-LICENSE.md)

**Key Points:**

- Pro features require a valid React on Rails Pro subscription for production use
- Free use is permitted for educational, personal, and non-production purposes
- Modifying MIT-licensed interface files is permitted under MIT terms
- However, using those modifications to access Pro features without a valid license violates the Pro License
48 changes: 43 additions & 5 deletions REACT-ON-RAILS-PRO-LICENSE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# ShakaCode React on Rails Pro – End User License Agreement (EULA)

_Version 2.0 β€” 2025-09-06_
_Version 2.1 β€” 2025-09-25_
Β© 2015–2025 ShakaCode, LLC. All rights reserved.

---
Expand Down Expand Up @@ -51,7 +51,11 @@ The Organization shall not:

1. redistribute or resell the Software or derivatives;
2. remove, obfuscate, or disable required attribution;
3. use the Software to build a directly competing product exposing substantially similar functionality.
3. use the Software to build a directly competing product exposing substantially similar functionality;
4. **circumvent, bypass, modify, disable, or tamper with any license validation mechanisms, license checks, or authentication systems;**
5. **reverse engineer, decompile, or disassemble the Software for the purpose of circumventing license restrictions;**
6. **create, use, or distribute any tools, scripts, patches, or modifications designed to enable unauthorized use of Pro features;**
7. **attempt to access or use Pro features without a valid, active subscription.**

---

Expand Down Expand Up @@ -85,6 +89,9 @@ While subscribed, the Organization receives software updates and reasonable supp

If ShakaCode reasonably suspects non-compliance, the Organization will cooperate in good faith to verify compliance, including enabling inspection for attribution presence and providing a usage statement. ShakaCode will use commercially reasonable efforts to minimize disruption.

**9.1 Detailed Audits**
ShakaCode or a certified auditor acting on its behalf may, upon reasonable request and at ShakaCode’s expense, audit the Organization’s use of the Software to verify compliance with this Agreement. Audits may be conducted by mail, electronically, or by in-person visits during regular business hours and shall minimize disruption to the Organization’s business. If the audit reveals a material unauthorized use, the Organization shall reimburse ShakaCode for reasonable audit costs.

---

## 10. Feedback & Contributions
Expand Down Expand Up @@ -118,12 +125,43 @@ Direct damages are limited to amounts paid in the 12 months preceding the claim.

---

## 15. Governing Law; Venue
## 15. Indemnification

The Organization agrees to defend, indemnify, and hold harmless ShakaCode and its affiliates from any claims, losses, damages, liabilities, costs, or expenses (including legal fees) arising out of the Organization’s use of the Software or breach of this Agreement.

---

## 16. Export Compliance

The Organization agrees to comply with all applicable export laws and regulations, including restrictions on export, re-export, or redistribution of the Software.

---

## 17. Attorneys’ Fees and Costs

In any enforcement or legal action arising under this Agreement, the prevailing party shall be entitled to recover reasonable attorneys’ fees and costs.

---

## 18. Governing Law; Venue

This Agreement is governed by the laws of the **State of Hawaii**, USA. Exclusive jurisdiction and venue lie in the courts located therein.

---

## 19. Miscellaneous

- **19.1 Severability**
If any provision is held invalid or unenforceable, the remainder shall continue in full force.

- **19.2 Waiver**
Failure to enforce any provision is not a waiver of rights.

Choose one: **State of Hawaii**, USA. Exclusive jurisdiction and venue lie in the courts located therein.
- **19.3 Assignment**
The Organization may not assign this Agreement without prior written consent.

---

## 16. Entire Agreement; Order of Precedence
## 20. Entire Agreement; Order of Precedence

This EULA and any order (pricing/term) are the entire agreement. If there is a conflict, the order controls.
9 changes: 7 additions & 2 deletions docs/DIRECTORY_LICENSING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,19 @@ All directories in the `react_on_rails` repository are MIT licensed:
react_on_rails/
β”œβ”€β”€ lib/react_on_rails/ # Core Ruby code (MIT)
β”œβ”€β”€ node_package/src/ # Core JS/TS code (MIT)
β”‚ └── pro/ # Pro features placeholder (MIT but references pro)
β”‚ └── pro/ # Pro features with license validation (Pro licensed)
β”œβ”€β”€ spec/ # Core tests (MIT)
β”œβ”€β”€ docs/ # Documentation (MIT)
β”œβ”€β”€ .github/ # GitHub workflows (MIT)
└── [all other directories] # MIT
```

**Exception:** The `node_package/src/pro/` directory contains placeholder code that references Pro features, but the actual Pro implementation is in the separate `react_on_rails_pro` repository.
**Exception:** The `node_package/src/pro/` directory contains Pro implementation code licensed under the React on Rails Pro License. This code is included in the package but requires a valid Pro license to use.

**Important Distinction:**
- **MIT-licensed interface files** (outside `pro/` directories) can be freely modified under MIT terms
- **Using those modifications to access Pro features** without a license violates the Pro License
- **Pro-licensed files** (inside `pro/` directories) require a Pro license to use in any way
Copy link
Member

@justin808 justin808 Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"in any way."
@claude can we change this to add:

"Note, ShakaCode offers FREE licenses for educational and demonstration purposes."

Copy link

@claude claude bot Sep 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude finished @justin808's task β€”β€” View job β€’ claude/pr-1823-20250925-2106 β€’ [Create PR βž”](https://github.com/shakacode/react_on_rails/compare/master...claude/pr-1823-20250925-2106?quick_pull=1&title=PR%20%231823%3A%20Changes%20from%20Claude&body=This%20PR%20addresses%20pr%20%231823%0A%0AGenerated%20with%20%5BClaude%20Code%5D(https%3A%2F%2Fclaude.ai%2Fcode)

βœ… Task Completed

  • Read docs/DIRECTORY_LICENSING.md to understand context
  • Add the educational/demonstration license note at line 28
  • Commit and push the change

Summary

Successfully added the note about free educational and demonstration licenses to docs/DIRECTORY_LICENSING.md at line 28. The text now reads:

Pro-licensed files (inside pro/ directories) require a Pro license to use in any way. Note, ShakaCode offers FREE licenses for educational and demonstration purposes.

This clarification helps users understand that while Pro features require a license, ShakaCode offers free options for educational and demonstration use cases.

Branch: claude/pr-1823-20250925-2106 |


### react_on_rails_pro Repository - Pro Licensed

Expand Down
10 changes: 9 additions & 1 deletion docs/LICENSING_FAQ.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ react_on_rails/ (monorepo root)

**A:** We maintain two separate repositories:

- **react_on_rails** (MIT) - Core functionality, completely free except pro directories as stated in LICENSE.md
- **react_on_rails** (MIT + Pro) - Core functionality is MIT-licensed and completely free. Pro features (in `pro/` directories) are Pro-licensed and require a subscription for production use
Copy link
Member

@justin808 justin808 Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing period.

Add:

Note, ShakaCode offers FREE licenses for educational and demonstration purposes.

- **react_on_rails_pro** (Pro License) - Advanced features, subscription required for production

### Q: What requires a Pro subscription?
Expand All @@ -110,6 +110,14 @@ react_on_rails/ (monorepo root)

See [REACT-ON-RAILS-PRO-LICENSE.md](../REACT-ON-RAILS-PRO-LICENSE.md) for complete Pro license terms.

### Q: Can I modify the MIT-licensed interface files?

**A:** Yes! Under the MIT license, you can freely modify any MIT-licensed files (those outside `pro/` directories). However:

- **Permitted:** Modifying MIT-licensed code for your own purposes
- **Not Permitted:** Using those modifications to access Pro features without a valid license
- **Distinction:** The MIT license grants you modification rights, but the Pro License restricts unauthorized use of Pro features

### Q: Can I try Pro features for free?

**A:** Yes! Pro license allows free use for:
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@
"Rails"
],
"author": "[email protected]",
"license": "MIT",
"license": "MIT AND LicenseRef-Proprietary",
"bugs": {
"url": "https://github.com/shakacode/react_on_rails/issues"
},
Expand Down
Loading