Heads up: Nocodb is no longer open source.
-
Beware: The latest release/update changes the license.
https://github.com/nocodb/nocodb/discussions/12891
They're moving to a Sustainable Use License.
-
Thanks for heads up. It’s a switch to „source available“ and technically similar to a BUSL license.
Same applies to e.g Hashicorp Vault, n8n, etc. on Cloudron as mentioned before. Other examples with similar licenses are MongoDB, Kibana, Elasticsearch, Redis…
What is not allowed anymore: If you‘re running Cloudron and let your users use NocoDB (and even let the, pay for such access / use), you‘re making available the software as a service - in direct competition to NocoDB itself, btw, who provide such paid access / use themselves.
Sad to read why it happened here (from your link), partly because AI makes it so easy:
Bad actors take our work and sell it as their own, with no intention of complying with AGPLv3. Our engineers have been consulted innumerable times now to help on what appear to be private forks, where code that should be open remains hidden. The approach itself has been so maligned that they withheld that its a private fork until the last moment. And it is not only small players. Companies with significant resources, backed by reputable investors, have chosen this path too. We have prompted them about the license. It has been of no use. With the advent of coding LLMs, exploitation no longer requires any technical skill for a repo. It requires only bad intention. The burden of proving, fighting, and funding that battle falls entirely upon us.
-
Noco Founder Here : coming from reddit and leaving the same message
Hey everybody, Thank you for bringing this up.
When we began this journey at noco, we held a simple belief: that a powerful spreadsheet database should be accessible to every single internet business. Today, more than 25,000 organizations rely on NocoDB completely freely with full collaboration, with role-based permissions, and row level audit logs. We are so deeply grateful for this opportunity to serve our community.
But I must speak plainly about a difficult truth. The open source covenant depends upon mutual respect, that those who benefit from shared work will honour the terms under which it is given. Increasingly, this covenant is being broken every month. Bad actors take our work and sell it as their own, with no intention of complying with AGPLv3. Our engineers have been consulted innumerable times now to help on what appear to be private forks, where code that should be open remains hidden. The approach itself has been so maligned that they withheld that its a private fork until the last moment. And it is not only small players. Companies with significant resources, backed by reputable investors, have chosen this path too. We have prompted them about the license. It has been of no use. With the advent of coding LLMs, exploitation no longer requires any technical skill for a repo. It requires only bad intention. The burden of proving, fighting, and funding that battle falls entirely upon us. Lawyers cost insane amount of $/hour. We are a small team counting every hour, facing adversaries who count on our inability to pursue them.
We do not wish to fight. We wish to build. And so, like n8n before us, who have flourished to 170,000 stars under Fair Code, we choose a path that lets us be more generous to those who use our work honestly, while simply refusing to cooperate with a system that rewards those who do not. You may have already noticed: with v0.301, we gave away several enterprise features freely. We make this move so we can give you more, not less.
As announced in the release note[1] : we've started to give more to community edition. Webhooks customisation, group by aggregations.
-
Noco Founder Here : coming from reddit and leaving the same message
Hey everybody, Thank you for bringing this up.
When we began this journey at noco, we held a simple belief: that a powerful spreadsheet database should be accessible to every single internet business. Today, more than 25,000 organizations rely on NocoDB completely freely with full collaboration, with role-based permissions, and row level audit logs. We are so deeply grateful for this opportunity to serve our community.
But I must speak plainly about a difficult truth. The open source covenant depends upon mutual respect, that those who benefit from shared work will honour the terms under which it is given. Increasingly, this covenant is being broken every month. Bad actors take our work and sell it as their own, with no intention of complying with AGPLv3. Our engineers have been consulted innumerable times now to help on what appear to be private forks, where code that should be open remains hidden. The approach itself has been so maligned that they withheld that its a private fork until the last moment. And it is not only small players. Companies with significant resources, backed by reputable investors, have chosen this path too. We have prompted them about the license. It has been of no use. With the advent of coding LLMs, exploitation no longer requires any technical skill for a repo. It requires only bad intention. The burden of proving, fighting, and funding that battle falls entirely upon us. Lawyers cost insane amount of $/hour. We are a small team counting every hour, facing adversaries who count on our inability to pursue them.
We do not wish to fight. We wish to build. And so, like n8n before us, who have flourished to 170,000 stars under Fair Code, we choose a path that lets us be more generous to those who use our work honestly, while simply refusing to cooperate with a system that rewards those who do not. You may have already noticed: with v0.301, we gave away several enterprise features freely. We make this move so we can give you more, not less.
As announced in the release note[1] : we've started to give more to community edition. Webhooks customisation, group by aggregations.
@o1lab it's understandable in this economy. I only have two real requests for your team:
- 2FA / MFA needs to be one of those enterprise features you give to the community. It is becoming trivial to use tools like Opus 4.6 to find vulnerabilities in open source code and exploit it.
- You need to come up with a plan for the small business self hosted users. I want to support your product development but I don't need you to host it. I hope you guys seriously consider unlocking a "Community Plus" option.
