What to do when somebody “steals” your MIT licensed code?

Question

I maintain an npm module that enables react applications to authenticate against generic IDPs using pkce. I wrote this to auth against Cognito back when the Amplify packages were adding 1.7MB to the bundle size.I just noticed that somebody copied the files from my repo into a new repo, destroying all the git history. This person then added a LICENSE file claiming copyright over all the files.My repo lacks a LICENSE file but it is marked as MIT on the GitHub project page. I would assume the person can't claim license over all of my work like that. For jurisdictions: the person appears to live in Norway while I live in New Zealand.I sent them an email and haven't heard back yet. What should I do?

toast0 · Accepted Answer

The first thing to do is decide if you actually care. I try to do open source work so other people don't have to work as hard to redo what I did. If someone else wants to claim my work as theirs, it's annoying, but it doesn't prevent me from using my work and it may result in my work being more widely spread, so I guess it's fine. But that's just like my opinion, man.If it bothers you enough to take action, and you've waited a reasonable amount of time for the other person to respond, your options are probably international copyright lawsuits or DMCA requests. Lookup the github dmca procedure and make a request with the proper information and go where it takes you. Expect to be called out as unreasonable, but whatever.

version_five · Answer

If they are turning around and coming after you, that is a separate issue, otherwise, I dont see that you would be able to do more than let them know (and presumably they already do) that they are using your code.
If they were to claim that you or anyone who had used your code is infringing their copyright, then its more in the realm of a frivolous lawsuit, that you might have to defend yourself against.
It may also be just a sloppy oversight. I have worked places where it is standard practice to include a copyright notice with the code, and that use appropriately licensed open source components. Might it just be a matter of them applying their corporate policy without any particular malice?

znpy · Answer

> What should I do?First things first, if your repository does not include a license file, I'm not sure how important the github icon is. Otherwise the default is public domain? Which still entitles you to something (at least in the eu afaik).Other than that, if youve got a bit of money to spare, have a lawyer send a letter or something, just to have some form of precedent set.

denton-scratch · Answer

IANAL, but sticking a mendacious LICENCE on the code looks to me to be fraud, rather than copyright violation. It seems pretty clear-cut to me, so you might be able to get a legal opinion to that effect in a half-hour consultation.In the UK, many solicitors will give you a 30-minute consultation for nothing.

templarchamp · Answer

You can then write some proprietary components and add a note to the original work that to get additional features, they should email you. M&M principle could also work.

gus_massa · Answer

Do each file in your repo has the copyright+license at the beginning? IIRC they can not remove it if they use a "substancial portion of the Software".