Open Source License Compatibility: Which Licenses Can Be Combined?

Open Source License Compatibility

License compatibility determines whether code under one license can be combined with code under another license. Incompatible licenses mean you cannot legally merge or link the code together.

Why Does Compatibility Matter?

Modern software projects depend on hundreds of libraries. If any two dependencies have incompatible licenses, you may not be able to legally distribute the combined work. Understanding compatibility is essential for compliance.

Compatibility Matrix (Simplified)

From \ To	MIT	Apache-2.0	GPL-2.0	GPL-3.0	LGPL-3.0	MPL-2.0
MIT	Yes	Yes	Yes	Yes	Yes	Yes
Apache-2.0	No*	Yes	No	Yes	Yes	Yes
GPL-2.0	No	No	Yes	No**	No	No
GPL-3.0	No	No	No	Yes	No	No
LGPL-3.0	No	No	No	Yes	Yes	No
MPL-2.0	No	No	No	Yes	Yes	Yes

*Apache-2.0 code cannot be relicensed as MIT (losing patent grant). **GPL-2.0-only is not compatible with GPL-3.0; GPL-2.0-or-later is.

Key Rules

1. Permissive to copyleft — Code under permissive licenses (MIT, BSD, ISC) can generally be incorporated into copyleft projects
2. Copyleft to permissive — Code under copyleft cannot be relicensed under a permissive license
3. GPL-2.0 vs GPL-3.0 — These are NOT compatible unless the code is licensed as "GPL-2.0-or-later"
4. Apache-2.0 and GPL — Apache-2.0 is compatible with GPL-3.0 but NOT with GPL-2.0

Handling Incompatible Licenses

• Separate processes — Run incompatible code in separate processes communicating via APIs
• System libraries exception — GPL allows linking to system libraries
• Dual licensing — Ask the author to dual-license under a compatible license
• Rewrite — Replace the incompatible dependency with a compatible alternative

Tools for Checking Compliance

• license-checker (npm) — List licenses of all dependencies
• cargo-license (Rust) — Show licenses of crate dependencies
• FOSSA, Snyk, WhiteSource — Enterprise license compliance tools