Ask HN: What to do when somebody “steals” your MIT licensed code?

13 points by gardnr ↗ HN
I maintain an npm module that enables react applications to authenticate against generic IDPs using pkce. I wrote this to auth against Cognito back when the Amplify packages were adding 1.7MB to the bundle size.

I just noticed that somebody copied the files from my repo into a new repo, destroying all the git history. This person then added a LICENSE file claiming copyright over all the files.

My repo lacks a LICENSE file but it is marked as MIT on the GitHub project page. I would assume the person can't claim license over all of my work like that. For jurisdictions: the person appears to live in Norway while I live in New Zealand.

I sent them an email and haven't heard back yet. What should I do?

11 comments

[ 5.0 ms ] story [ 39.4 ms ] thread
> What should I do?

Get over yourself?

> What should I do?

First things first, if your repository does not include a license file, I'm not sure how important the github icon is. Otherwise the default is public domain? Which still entitles you to something (at least in the eu afaik).

Other than that, if youve got a bit of money to spare, have a lawyer send a letter or something, just to have some form of precedent set.

If your code does not contain an explicit license, it is by default “All rights reserved”, I.e not open-source or free.

For op, they are obviously in violation of the MIT open-source requirements, but unfortunately the ramifications for this are usually minimal.

Thanks for posting this. I'll see how they respond and maybe contact some Norwegian council.
If they are turning around and coming after you, that is a separate issue, otherwise, I dont see that you would be able to do more than let them know (and presumably they already do) that they are using your code.

If they were to claim that you or anyone who had used your code is infringing their copyright, then its more in the realm of a frivolous lawsuit, that you might have to defend yourself against.

It may also be just a sloppy oversight. I have worked places where it is standard practice to include a copyright notice with the code, and that use appropriately licensed open source components. Might it just be a matter of them applying their corporate policy without any particular malice?

The first thing to do is decide if you actually care. I try to do open source work so other people don't have to work as hard to redo what I did. If someone else wants to claim my work as theirs, it's annoying, but it doesn't prevent me from using my work and it may result in my work being more widely spread, so I guess it's fine. But that's just like my opinion, man.

If it bothers you enough to take action, and you've waited a reasonable amount of time for the other person to respond, your options are probably international copyright lawsuits or DMCA requests. Lookup the github dmca procedure and make a request with the proper information and go where it takes you. Expect to be called out as unreasonable, but whatever.

> If someone else wants to claim my work as theirs, it's annoying

yeah, this is probably it. It's just annoying that they have taken credit for my work while intentionally excluding me from the credit.

I don't have enough time or money to engage them on a legal level so I guess we'll just see how it plays out.

Do each file in your repo has the copyright+license at the beginning? IIRC they can not remove it if they use a "substancial portion of the Software".
You can then write some proprietary components and add a note to the original work that to get additional features, they should email you. M&M principle could also work.