If I release a commercial client-side JavaScript library similar to the jQuery, how can I detect people using it without paying my license fee?
If I insist that the license fee must be paid before the library can be used in a web application, how can I enforce this and determine who is violating this policy?
Is this even possible?
I suppose you could have it work only by making some requests to a web service on your side with some sort of hash, check that on your side and reply back with an "ok" status. Of course you should keep the amount of data sent back and forth to a minimum so it wouldn't be a bad user experience.
I think it is impossible to achieve this because the very nature of ecmascript makes impossible to prevent a determined user from removing the locks. You can make it harder by obfuscation, but cant prevent it.
You can't. It runs in the Browser, they can modify it in any way they want. Take for example Claudiu's suggestion:
So again, it's simply impossible, just as it is impossible to protect your images, videos or anything else on the web.
The best way to do it would probably be to use JSONP to contact your server, where you have a list of domains that are allowed to use it, and check the referer [sic] header. That said, this isn't a bulletproof solution, as the referer [sic] header isn't required to be sent. Also, as this is a Javascript library, they could always modify the source, but you could make it harder by using the YUI Compressor along with Dean Edward's packer to make the code as hard as possible to understand, and therefore hard to get around.
That said, not to be rude, but why would people want to use your script for a fee, when they could use jQuery, which is free and has a large community of free plugins, and many people willing to help for free, for your library that costs a fee, and probably costs for support as well?
I'd be inclined to say don't bother. As per the previous reply, some sort of call back to your servers is the obvious method, however, being javascript, which means you are supplying source code, means that the moment someone notices the calls happening, they have all the information they need to rip them out. Also your call backs will not work in environments (such as secure intranets or developers who are not online) where a connection cannot occur.
This is rather like much of the discussion about music, films and pirating. You can try and police this which I think will be extremely difficult and ultimately a waste of time.
Or you can embrace it. Think about what you are offering and how you can encourage people to register for a paid copy. Can you offer better support for example? Printed documentation? other things? Use the fact that people can pass your library around as a marketing tool. A way of getting a bigger audience, more feature requests and even bug fixes.