iText markets itself as "open source," but there's a catch that most developers miss until they're deep into development: the AGPL license requires you to open-source your entire application, or pay for a commercial license.
This isn't disclosed upfront. It's buried in legal terms. And by the time you discover it, you've already integrated iText into your codebase.
This is license ransomware, and it violates the spirit of open source.
What is AGPL?
AGPL (Affero General Public License) is a "copyleft" license that requires:
- If you use AGPL code, your entire application must be AGPL-licensed (open source)
- This applies even if you only use it as a library (not forking the code)
- This applies even for SaaS applications (users accessing over the network)
In practice: If you use iText (AGPL) in your commercial SaaS product, you must open-source your entire application—including your proprietary business logic—or buy a commercial license.
Why This Is Problematic
1. It's Not Disclosed Upfront
When you search "C# PDF library," iText appears in results labeled "open source." The GitHub repo says "AGPL-3.0 license." Most developers see "open source" and assume it's free to use.
What they don't realize:
- AGPL is not a permissive license (like MIT or Apache 2.0)
- AGPL forces you to open-source your entire codebase
- Using iText in a SaaS product triggers AGPL obligations
By the time you discover this, you've already:
- Integrated iText into your application
- Written code depending on its APIs
- Deployed to production
Now you're stuck: Rewrite everything, or pay for a license.
This is license ransomware—using unclear licensing terms to trap developers into paying after they've invested time and effort.
2. It Violates the Open Source Spirit
The Open Source Definition emphasizes:
"The license shall not restrict any party from selling or giving away the software..."
AGPL technically complies with this, but it weaponizes open source to force commercial licensing.
True open source (MIT, Apache 2.0, BSD):
- Use the library freely in commercial products
- No obligation to open-source your application
- Freedom to build proprietary software
AGPL (copyleft weaponized):
- "Free" only if you open-source your entire application
- Forces commercial licensing for proprietary software
- Uses "open source" label to attract users, then hits them with restrictions
This is bait-and-switch licensing.
3. It Exploits Developer Ignorance
Most developers don't read license terms carefully. They see:
- GitHub repo (looks legitimate)
- "Open source" label
- Popular project with stars/forks
- NuGet package available
They don't see:
- AGPL clause requiring open-sourcing your entire app
- Commercial license starting at $1,800+ per developer
- Legal consequences of non-compliance
By the time they realize, they're trapped.
Real-World Scenario: How AGPL Traps Developers
Month 1:
- You're building a SaaS invoicing platform
- You need PDF generation
- You find iText on GitHub, labeled "open source"
- You integrate it (via NuGet:
Install-Package itext7)
Month 3:
- Your app is in production
- Customers are generating invoices
- Revenue is growing
Month 6:
- Someone on your team mentions licensing
- You read the AGPL terms for the first time
- You realize: You must either open-source your entire SaaS platform or buy a commercial license
Your options:
- Open-source your entire platform (giving away your competitive advantage)
- Buy iText commercial license ($1,800+ per developer, potentially $10,000+ for your team)
- Rip out iText and replace it (weeks of development, testing, deployment)
All three options are expensive. This is license ransomware.
How iText Profits from This Model
iText's business model is:
- Offer "free" AGPL version to attract developers
- Wait for them to integrate it into commercial products
- Send licensing notices once they're deployed to production
- Force them to buy commercial licenses or face legal action
This is a "freemium" model disguised as open source.
Legitimate freemium:
- Clearly disclose limitations upfront
- Free tier is usable for small projects
- Paid tier adds features, not removes restrictions
iText's model:
- Hide AGPL restrictions behind legal jargon
- "Free" tier is unusable for commercial SaaS (requires open-sourcing)
- Paid tier removes legal trap
This isn't freemium—it's license ransomware.
Why AGPL Doesn't Support the Open Source Manifesto
The Open Source Manifesto promotes:
- Freedom to use software for any purpose
- Freedom to study and modify source code
- Freedom to distribute copies
- Freedom to improve and share improvements
AGPL adds a restriction:
"If you use this software, you must open-source your entire application."
This violates the spirit of open source by forcing users to adopt the same license.
Permissive licenses (MIT, Apache 2.0) truly support open source:
MIT License:
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software...to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute...
No strings attached. No forced licensing. True freedom.
AGPL says:
AGPL License:
If you use this software, you must license your entire application under AGPL,
making your source code publicly available.
This is coercion, not freedom.
Companies Using AGPL as License Ransomware
iText isn't alone. Other projects use AGPL to trap developers:
iText (iTextSharp, iText 7):
- AGPL-licensed
- Commercial license: $1,800+ per developer
- Unclear disclosure of AGPL restrictions
MongoDB (until 2018):
- Used AGPL for driver libraries
- Forced companies to open-source applications or buy licenses
- Switched to SSPL (even more restrictive) in 2018
MariaDB / MySQL (some components):
- GPL/AGPL licensing
- Forces commercial licensing for proprietary software
- Unclear which components are GPL vs. permissive
Pattern: Use "open source" label to attract users, then monetize via licensing fees.
How to Avoid AGPL License Traps
1. Check the License Before Using Any Library
Before adding a NuGet package:
# Check license
dotnet list package --include-transitive
Or visit the GitHub repo and check LICENSE file.
Red flags:
- AGPL (or AGPL-3.0)
- GPL (if you're building proprietary software)
- "Dual licensing" (often means AGPL + expensive commercial license)
Safe licenses for commercial use:
- MIT
- Apache 2.0
- BSD (2-clause, 3-clause)
2. Use Truly Permissive Alternatives
Instead of iText (AGPL), use:
| Library | License | Cost | Notes |
|---|---|---|---|
| IronPDF | Commercial | $749/dev | Purpose-built, no licensing traps |
| PDFSharp | MIT | Free | Basic features, truly open source |
| QuestPDF | MIT (< $2M revenue) | Free or paid | Transparent licensing |
3. Audit Your Dependencies
Run a license audit to find AGPL dependencies:
# Using dotnet-license tool
dotnet tool install --global dotnet-license
dotnet-license --input YourProject.csproj
Look for AGPL, GPL, or "dual licensing."
4. Read Commercial Terms Carefully
If a library offers "dual licensing" (AGPL + commercial):
- Assume AGPL is unusable for commercial SaaS
- Get commercial pricing upfront before integrating
- Compare with alternatives (often cheaper to buy commercial-first)
Why Truly Open Source Projects Don't Use AGPL
Projects that genuinely support open source use permissive licenses:
Examples:
| Project | License | Why? |
|---|---|---|
| .NET Runtime | MIT | Microsoft wants adoption, not revenue from licensing |
| ASP.NET Core | MIT | Encourages commercial use |
| Entity Framework | MIT | No restrictions on proprietary software |
| Newtonsoft.Json | MIT | Widely adopted because it's truly free |
These projects:
- Want maximum adoption
- Support commercial use
- Don't weaponize licensing
- Don't trap developers
AGPL projects:
- Want to force commercial licensing
- Use "open source" as marketing
- Trap developers after integration
What Should You Do If You're Already Using iText?
If you've already integrated iText AGPL into a commercial product:
Option 1: Buy Commercial License
- Cost: $1,800+ per developer
- Benefit: Removes AGPL obligations
- Downside: Expensive, ongoing renewal fees
Option 2: Migrate to Alternative
Migrate to IronPDF:
// Before (iText):
using iText.Kernel.Pdf;
using iText.Html2Pdf;
HtmlConverter.ConvertToPdf(new FileInfo("input.html"), new FileInfo("output.pdf"));
// After (IronPDF):
using IronPdf;
var renderer = new [ChromePdfRenderer](https://ironpdf.com/blog/videos/how-to-render-html-string-to-pdf-in-csharp-ironpdf/)();
var pdf = renderer.RenderHtmlFileAsPdf("input.html");
pdf.SaveAs("output.pdf");
Cost: $749 per developer (45% cheaper than iText commercial)
Benefit: No AGPL traps, modern Chromium rendering
Option 3: Use PDFSharp (MIT License)
For basic PDFs:
using PdfSharp.Pdf;
using PdfSharp.Drawing;
var document = new PdfDocument();
var page = document.AddPage();
var gfx = XGraphics.FromPdfPage(page);
var font = new XFont("Verdana", 20);
gfx.DrawString("Hello from PDFSharp", font, XBrushes.Black,
new XRect(0, 0, page.Width, page.Height), XStringFormats.Center);
document.Save("output.pdf");
Cost: Free (MIT license)
Limitation: No HTML-to-PDF, basic features only
The Legal Risk of Ignoring AGPL
If you use iText AGPL in commercial software without complying:
- Copyright infringement: You're violating iText's license terms
- Legal action: iText can sue for damages
- Forced compliance: Court can order you to open-source or stop using iText
- Reputational damage: Customers discover you violated open source terms
This is not theoretical—companies have been sued over GPL/AGPL violations.
How Software Should Be Licensed
For libraries intended for broad adoption:
✅ Use permissive licenses (MIT, Apache 2.0, BSD)
- Clearly communicate "use this freely, even in commercial products"
- No hidden restrictions
- Maximum adoption
For commercial software:
✅ Be transparent about pricing upfront
- "Free trial, then $X per developer"
- No bait-and-switch
- No license traps
AGPL does neither:
- Disguises commercial licensing as "open source"
- Traps developers after integration
- Forces licensing fees after the fact
Conclusion
AGPL software like iText is not "free"—it's license ransomware.
The model:
- Attract developers with "open source" label
- Hide AGPL restrictions in legal terms
- Wait for integration into commercial products
- Demand licensing fees or legal action
This violates the open source spirit:
- Open source should promote freedom, not coercion
- Licenses should be transparent, not traps
- Developers shouldn't be ambushed with restrictions after integration
If you're choosing a PDF library:
❌ Avoid AGPL traps: iText, older versions of MariaDB drivers
✅ Use truly open source: PDFSharp (MIT)
✅ Use transparent commercial: IronPDF ($749, clear pricing)
If you're already using iText:
- Review your licensing obligations
- Budget for commercial licenses or migration
- Don't ignore AGPL terms (legal risk is real)
The software industry needs to stop weaponizing "open source" as a marketing tactic for commercial licensing.
Written by Jacob Mellor, CTO at Iron Software. Jacob created IronPDF and leads a team of 50+ engineers building .NET document processing libraries.
Top comments (0)