Is all Anvil client-side code de facto open source?

Thank you for open sourcing the App Server!

Just a question:
By deciding to open source the app-server, would all your users also necessarily be open-sourcing their python client code?

My thinking is that client code is downloaded to a browser where an actor could duplicate it, and set up his/her own anvil server. (Although he still does need to write the server side code).

Even if you did not open-source the app-server, this still could be done as they could would have access to all’ Skulpt-based code… so maybe this is a mute point.

But I would not be asking this if it wasn’t for the Ukrainian-Russian war. With sanctions in place, what would be stopping sanctioned actors reproducing and using the open-sourced app-server and our client-code?

I’m not really qualified to answer this overall, but my understanding is that all client-side code is available for anyone to see and copy, Anvil or no. If you want to keep some code secret, it needs to be server-side.


I think the more in-depth part of the question is whether there is such thing as open-source that someone-somewhere is just not allowed to use, sanctions or otherwise.

I think it is either not actively stopping sanctioned people from using it, or it is not open-source. (Not making it unavailable to source/download, just making it broken for some people)
I find the duality hard to reconcile with the vast majority of the human populations understanding of the term open-source.

Just my opinion, though.

The fact that some lines of code are visible doesn’t legally authorize others to duplicate, modify and use them.

For a software to be open source, it needs to come with proper open source license.

If you add some text saying that no one is authorized to duplicate or modify your code, then no one can modify it.

So, if your concern is about what one can legally do with your software, you can just add an EULA or licensing page.

If your concern is about what one can do, regardless of whether it’s legal or not, then your only way to prevent others from accessing your code is to move as much of your code to the server side.

Just like nothing is stopping them from using Linux, Python or any other open source software.

1 Like

Just want to raise awareness that there are some versions of open-licenses (like copy-left style) that disallow this practice, and you would be in violation of your use of the license by declaring that others could not use your derivative work.


So, before adding that text or licensing to your app, you need a lawyer to make sure that your license is compatible with all the licenses used by your app, which, if you use Anvil, include Python, Skulpt, PostgreSQL just to name the big guys, and will include all the libraries used by Anvil.


Lets go to the alternative universe where app-server is NOT open-sourced. If they do not have an account, the hoops someone would have to go through to reproduce your app is now 10x .
If they do have an account then, of course, let’s talk licensing.

I think a better solution to the problem, though not the question you asked is simply this in your server code:

1 Like

then they use a proxy :wink:

1 Like

Ha, yeah I get it, but the solution is to the problem of “Did you try” not, did you get the job done. We’re talking barely enforced government compliance levels of effort :laughing:

Also welcome to the forums @breinbaasnl :wave: