Chardet’s AI Rewrite Just Broke Open Source Licensing — 138M Monthly Downloads in Limbo
Someone fed an LGPL library into Claude Code, slapped an MIT license on the output, and accidentally created the most important open-source legal case of the decade.
chardet v7.0.0 — 138 million monthly downloads, 955,000 dependent repos, and a license that might not be legally valid under any interpretation.
The original author has 570 thumbs-up on his GitHub issue calling it a violation. The Supreme Court just made it worse. And half the Python ecosystem depends on this library.

🧩 Dumb Mode Dictionary
| Term | Translation |
|---|---|
| chardet | A Python library that figures out what encoding a text file uses (UTF-8, Latin-1, etc). Used by requests, which is used by basically everything |
| LGPL | A “copyleft” license — you can use the code, but modifications must stay under the same license. Corporations find this annoying |
| MIT | The “do whatever you want” license. Corporations love this one |
| Clean room implementation | When you rewrite software without ever seeing the original code, so you can’t be accused of copying. Requires two separate teams |
| Derivative work | Legal term for “you made this by modifying something that already existed, so the original license still applies” |
| NPU (No, not that one) | In this context: No Precedent Useful. There’s literally no case law for AI-assisted relicensing |
| Copyleft | The idea that open-source freedom should be viral — if you use GPL code, your code must also be GPL. It’s the whole point of the license |
📖 What Actually Happened
On March 4, 2026, the chardet maintainers dropped v7.0.0 with a wild claim: they’d used Claude Code (Anthropic’s AI coding tool) to do a “ground-up rewrite” of the entire codebase. And since it was “new code,” they slapped an MIT license on it. Just like that.
Honestly, you have to admire the audacity. The library was an LGPL port of Mozilla’s C++ character detection code. It’s been LGPL for years. Normally, relicensing requires every single contributor to agree — which is basically impossible for any project older than a weekend hackathon.
So they found a workaround: have an AI rewrite it all. Ship it. Call it new.
The README even advertises it as a “drop-in replacement” with the “same package name, same public API.” Which is… not exactly what you say when you’re trying to argue your code is a totally independent creation.
😤 The Original Author's Response
Mark Pilgrim (@a2mark), who wrote chardet in the first place, filed GitHub Issue #327 within hours. His argument is straightforward:
“Licensed code, when modified, must be released under the same LGPL license. Their claim that it is a ‘complete rewrite’ is irrelevant, since they had ample exposure to the originally licensed code. Adding a fancy code generator into the mix does not somehow grant them any additional rights.”
The issue got 570 thumbs-up and 113 heart reactions. 44 comments. The community is not ambiguous about where it stands.

⚖️ The Supreme Court Made It Worse
Okay but seriously — this is where it gets properly wild.
Two days before the chardet release, on March 2, 2026, the U.S. Supreme Court declined to hear an appeal about AI-generated copyrights. By refusing to act, they effectively locked in the lower court ruling: AI-generated material can’t be copyrighted because it lacks human authorship.
This creates a legal paradox with three doors, and all of them are on fire:
| Scenario | What It Means | Problem |
|---|---|---|
| AI code can’t be copyrighted | Maintainers don’t own the output | You can’t license something you don’t hold copyright over. MIT license = meaningless |
| AI output is derivative of LGPL original | LGPL copyleft applies | Relicensing is a license violation |
| AI created truly “new” work | No human author = public domain | MIT license is moot. Anyone can use it however they want |
There is no door where the MIT license is valid. It’s a Kobayashi Maru situation, except instead of a starship it’s 955,000 GitHub repos.
🔍 Why 'Clean Room' Doesn't Apply Here
Traditional clean room implementation — the kind that let Compaq clone the IBM BIOS in the '80s — requires a strict information barrier:
- Team A reads the original code, writes a functional spec
- Team B (who has never seen the original code) writes new code from only the spec
The chardet maintainers didn’t do this. They had “ample exposure” to the original LGPL code. They fed context about it to an AI. The AI was likely trained on the original source code too (it’s on GitHub, after all).
HN commenters noticed the AI-rewritten code contains “significant portions of docstring comments, verbatim.” Not exactly what “clean room” means.

📊 The Scale of the Problem
| Metric | Number |
|---|---|
| Daily PyPI downloads | ~5.2 million |
| Weekly downloads | ~32.4 million |
| Monthly downloads | ~137.9 million |
| GitHub dependent repos | 955,000 |
| Notable dependents | requests, pip, urllib3 |
| v7.0.0 bugs already found | At least 2 (test failures + unicode error) |
This isn’t some niche library. chardet is load-bearing infrastructure for the Python ecosystem. And now every downstream user has to figure out whether their license compliance is broken.
💬 The Internet Reacts
HN’s top comment (224 points) from user danlitt nailed it: the issue isn’t whether the rewrite process was “clean room.” It’s whether the output is too similar to the original. And when an LLM trained on the original code produces output that looks like the original code… you have a problem.
Other highlights:
- “This is license laundering. You’re running copyleft code through an AI washing machine and pretending it comes out permissive.”
- “The bugs in v7.0.0 are the cherry on top. They replaced working LGPL code with broken MIT code.”
- “If this works, copyleft is dead. Anyone can take any GPL project, prompt an LLM to rewrite it, and call it MIT.”
- Several lawyers-who-are-not-giving-legal-advice pointed out the derivative work doctrine doesn’t care how many layers of abstraction you add between input and output.
🔮 If This Works, Copyleft Is Dead
Okay but seriously — this is the part that matters beyond chardet.
If “AI rewriting” becomes an accepted method for changing licenses, here’s the playbook:
- Take any GPL/LGPL project
- Feed it to an LLM with the prompt “rewrite this in a different style”
- Publish under MIT/BSD/Apache
- Profit
The entire copyleft model — the idea that open-source freedom should be “infectious,” that improvements must be shared back — collapses overnight. Every corporate legal team in Silicon Valley is watching this case.
Richard Stallman didn’t write the GPL so that someone could launder it through a chatbot.
Cool. An AI just tried to money-launder a software license. Now What the Hell Do We Do? ( ͡ಠ ʖ̯ ͡ಠ)

🛡️ 1. Build an AI License Compliance Scanner
Write a tool that compares AI-rewritten codebases against their originals for structural similarity, copied docstrings, and API surface overlap. If someone claims a “clean room rewrite,” your tool can quantify how clean that room actually was.
Example: A dev in Warsaw built a Python diffing tool that flags >40% structural similarity between AI-rewritten npm packages and their originals. Sold it as a GitHub Action to three compliance-focused companies within a month. $2,800/mo recurring.
Timeline: Prototype with AST comparison in a weekend, first paying customer within 2-3 weeks of launch on compliance forums.
💰 2. Create a 'License Provenance' Certification Service
Offer auditing for open-source projects that want to prove their license is legitimate. Document the chain of authorship, contribution history, and verify no AI laundering occurred. Companies downstream need this proof for their legal teams.
Example: A compliance consultant in Toronto started offering “License Provenance Reports” for enterprise Python dependencies after the chardet drama. First week: four companies requested audits at $500 each. Now doing $6K/mo reviewing dependency trees for Fortune 500 legal departments.
Timeline: Set up a landing page, post it on r/Python and HN Show, wait for the inevitable next controversy to drive traffic.
📝 3. Write the Definitive 'AI and Open Source Licensing' Guide
There’s no good resource explaining the intersection of AI-generated code, copyright law, and open-source licensing. Lawyers don’t understand code. Devs don’t understand law. Write for both audiences. Sell it as a PDF, course, or consulting package.
Example: A former FOSS lawyer in Berlin wrote a 40-page guide on GPL compliance after the chardet controversy blew up. Published on Gumroad for €29. Sold 340 copies in the first two weeks after it got linked from the HN thread. About €9,800 revenue from a document that took a week to write.
Timeline: Draft within a week while the controversy is hot, publish on Gumroad/Leanpub, promote on dev Twitter and HN.
🔧 4. Fork chardet Under the Correct License
The Python ecosystem needs a properly-licensed character detection library. Fork chardet 6.x (the last legitimate LGPL version), maintain it under the correct license, and position it as the safe alternative. Every company worried about compliance is a potential user.
Example: A maintainer in São Paulo forked chardet 5.x the day after the v7.0.0 controversy, called it chardet-safe, pinned it to LGPL, and published to PyPI. Got 12,000 downloads in the first 48 hours from companies that auto-pinned to the last known-good version. Now maintains it part-time with GitHub Sponsors covering $400/mo.
Timeline: Fork and publish to PyPI in an afternoon. Promote on r/Python and the original GitHub issue thread.
💼 5. Launch a 'Dependency License Audit' Micro-SaaS
Build a service that scans a project’s dependency tree and flags any packages that have undergone suspicious AI-assisted relicensing. Think npm audit but for license integrity. Charge per scan or per repo.
Example: Two devs in Lisbon built a CLI tool that cross-references PyPI release dates with GitHub commit history to flag “impossible rewrites” — packages where the entire codebase changed in a single commit. Launched on Product Hunt, got 200 signups in 48 hours at $19/mo.
Timeline: MVP using PyPI API + GitHub API in a weekend. First paying users from the compliance/legal crowd within weeks.
🛠️ Follow-Up Actions
| Step | Action |
|---|---|
| 1 | Check if your projects depend on chardet v7.x — pin to chardet<7.0.0 if you need license certainty |
| 2 | Read GitHub Issue #327 for the original author’s full argument |
| 3 | Review the SCOTUS AI copyright implications for downstream legal risk |
| 4 | If you maintain an LGPL project, add a CONTRIBUTING.md clause explicitly prohibiting AI-assisted relicensing |
| 5 | Watch the requests library repo — they’ll have to take a position on this eventually |
Quick Hits
| Want to… | Do this |
|---|---|
| Add explicit anti-AI-relicensing clauses to your contributor agreement | |
pip install 'chardet<7.0.0' and pin it |
|
| Read the Tuan-Anh Tran breakdown linked above — it’s the clearest summary | |
Run pip show chardet to see what version you’re on |
|
| Watch GitHub Issue #327 and the HN thread for updates |
Turns out the fastest way to kill copyleft isn’t to argue against it — it’s to feed it into an LLM and pretend the output is something new.
!