DEV Community

BMBOMICH
BMBOMICH

Posted on

I built the most comprehensive source-visible license ever written — 276 clauses, free to use

#opensource #github #webdev #programming

The Problem

I needed maximum legal protection for my project but couldn't find a license that did what I wanted.

I wanted something that:

  • Let people see the code for transparency and security auditing
  • Let people contribute improvements via Pull Requests
  • Blocked cloning, AI training, commercial use, and exploitation
  • Transferred IP from contributors to me automatically

Nothing like that existed.

The Solution

I built PSVL — the Proprietary Source-Visible License.

276 clauses. 9 sections. Free to use as a template.

What It Covers

Permitted Uses (129 clauses)

  • Personal non-commercial evaluation
  • Security vulnerability research (sandboxed)
  • Performance benchmarking
  • Accessibility testing
  • Community contributions via Pull Requests
  • Educational and academic research

Prohibited Uses (147+ clauses)

  • Commercial use, resale, or monetization
  • AI/ML training on code or user data
  • Reverse engineering or decompilation
  • Government, military, or intelligence use
  • Data scraping, harvesting, or selling
  • All known attack vectors

The Attack Vector Coverage

This is where it gets interesting. Most licenses say "don't hack us." PSVL bans specific techniques by name:

  • Power, timing, acoustic, thermal, electromagnetic side-channel analysis
  • Rowhammer bit-flipping attacks
  • Spectre and Meltdown CPU exploitation
  • Cold boot attacks
  • JTAG and SWD hardware debug port access
  • Photon emission and electron microscope analysis

The Exotic Prohibitions

And then there's Section 4.14. These sound absurd but serve a real legal purpose:

  • DNA biological encoding — Microsoft has been researching DNA data storage since 2019. Real technology.
  • Quantum cryptanalysis — Active threat within 10-15 years. Governments are already preparing.
  • Silicon chip embedding — Custom ASICs exist. Companies burn logic into silicon.

The purpose isn't just future-proofing. When an arbitrator sees you banned DNA encoding and quantum attacks, the message is clear: there is no loophole you didn't think of.

Legal Infrastructure

  • Contributor IP assignment (every PR permanently transfers ownership to you)
  • Binding arbitration with class action waiver
  • 48-hour data breach notification
  • 5-year confidentiality obligations post-termination
  • Severability (one bad clause cannot void the rest)
  • Enterprise insurance requirement ($1M minimum for commercial licensees)

How to Use It

  1. Download PSVL-1.0.txt from the repo
  2. Replace the placeholders with your name and jurisdiction
  3. Save as LICENSE in your project root
  4. Add one line to your README

That's it.

GitHub

https://github.com/BMBOMICH/PSVL

Happy to answer questions about any clause or the reasoning behind the structure.

Top comments (0)