Gumroad’s source is available

Posted by philipjoubert 4/4/2025

Gumroad’s source is available(github.com)

486 points | 205 comments

jvns 4/4/2025|

I tried to grep the code for `api.` to get a sense for all the vendors this codebase is using, and which you'd need to have relationships with to run the code. Here's what I found:

payments:

  https://api.paypal.com 
  https://api.stripe.com

tax stuff:

  https://api.taxjar.com
  https://api.vatstack.com (EU VAT)
  https://apiservices.iras.gov.sg

for iOS app (?):

  https://api.appstoreconnect.apple.com 
  https://api.storekit.itunes.apple

AI stuff:

  https://api.iffy.com  (AI content moderation)
  https://api.helper.ai (AI support)
  https://api.openai.com

other:

  https://api.easypost.com  (shipping labels?)
  https://api.sendgrid.com (email)
  https://api.pwnedpasswords.com (haveibeenpwned)
  https://api.worldbank.org (for purchasing power parity?)
  https://api.dropboxapi.com (for "upload from dropbox"?)

ricardobeat 4/4/2025|

That's pretty refreshing compared to the average 400 external "partners" your average online t-shirt store has.

rafram 4/4/2025||

Most of those are probably indirect. Same here: Stripe doesn’t issue credit cards or even process transactions itself. It partners with a half-dozen or so credit card networks, and each network partners with thousands of banks around the world.

ricardobeat 4/6/2025||

No, I'm comparing to what you see on the average cookie consent banner [1]. If you dive into the 'manage' option, most e-commerce sites will literally have hundreds of third-parties listed that your data might be shared with. As far as I understand these are all direct integrations, either in the frontend or backend, not indirect - you don't have to ask for permission for companies downstream of your own providers.

[1] we don't get to see most companies codebases, so this is a good indicator of the amount of integrations

rmason 4/4/2025||

It launched right here on HN 14 years ago.

https://x.com/shl/status/1908090697984426227/photo/1

Aurornis 4/4/2025||

Gumroad became my cautionary tale for startup equity for early engineers.

I remember excitedly following the story from start. It was fun to follow along. Then around 2015 things weren’t working well, so they laid off most of the team. Investors sold the company back to the founder at a steep discount. As I recall, a major investor sold their ownership for $1.

Just like that, the founding engineers who worked so hard lost their jobs and saw their equity valued down to nothing.

It happens! However, the strange thing in this case was that the company kept going. They had laid (almost) everyone off and declared their equity worthless, yet the company was still making money and growing. My younger self struggled to understand how the founding engineers could have gone from working so hard on something to being laid off and seeing their equity wiped out while the business itself continued right on working and generating revenue.

A lot has been written to put positive spin on those events. The founder claims to have helped out some of the early engineers in vague ways. However, I’ll never forget being a young, aspiring startup engineer and watching an entire startup team get wiped out of the business they helped create and then the business just kept on trucking for the founder who walked away with ownership of the company.

tuhins 4/4/2025|||

I was one of them! Joined on August 5, 2012, got 0.5% of equity (I think?), it all went to more-or-less zero monetarily. I don't think most of us really hold any grudges against Sahil here. It was a very fun place to work, and I met some of my closest friends and made some of my strongest professional connections there. It was net-very-positive to my life and career, and I think we were all adults when we were opting-in to the experience.

As for Sahil/Gumroad making money and growing. Meh. He's worked on it for 13 years and showing dedication beyond what I would have for most things. It's fine.

jokethrowaway 4/4/2025||||

A friend built a startup for years and progress was not looking good. Eventually the entire development team quit and left without equities. The founder was then acquired for millions.

Another case: startup running out of money after a series B or C and a history of questionable expenses. Everybody but a few left. The founders sold their main product for cheap to some private equity firm, focused on a crappy internal tool they built and they used their last money to hire a literal army of sales people.

These sales guys were apparently amazing and somehow managed to sell the tool to a bunch of fortune 500 companies and are now making bank.

The main product they sold? It's still on life support, the original buyer just sold it to another holding.

adrr 4/4/2025|||

How did lose all their equity? You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.

hobofan 4/4/2025|||

Even if they don't "lose" their equity, it might just turn essentially worthless. Very often "equity" founding staff receives is in the form of (V)ESOP s = (virtual) employee stock options, or other equity grants that only materialize in the case of an "exit event". Depending on how the exit events are specified in the contract, the founder taking the company private (/ divestment from the investors) might have resulted in an exit event with $1 value of the company.

beefnugs 4/5/2025||

Yeah so pure grift : if it was really dying then just keep your worthless-percent forever, or get emotionally manipulated into selling for $1 like a sucker

rahimnathwani 4/4/2025||||

Google 'drag along rights'.

Aurornis 4/5/2025||||

> You can’t declare equity is worthless. You can raise new rounds with different valuations and dilute previous investors/employees but they would also dilute themselves.

The investors sold the company back to the founder for $1. That's as close as it gets to declaring equity as worthless.

bigtunacan 4/5/2025|||

Equity for pre-IPO companies is often tied to an expiration. If there is no qualifying liquidity event before the expiration then your equity disappears unless the company takes action to reissue your equity. That sometimes happens for people who are still employed with the company, but almost never for former employees.

ihowlatthemoon 4/4/2025|||

Original discussion thread here: https://news.ycombinator.com/item?id=2406614

occamschainsaw 4/4/2025|||

Interesting discussion on the merits of the initial plan of a paid link shortening service and the opposite approach (easy-to-setup paid access to links).They were discussing adding Bitcoin as a payment method when it was 0.7 cents a pop.

spiderice 4/4/2025||

That part made me chuckle.

> At the current ~$0.70 / bitcoin, this means that every American will be able to have ~$0.05 in his or her electronic wallet, once all bitcoins are generated. Assuming that the rest of the world does not participate at all and that bitcoins are evenly distributed.

> Sure, you could imagine an instant dollar-to-bitcoin-to-dollar conversion at the point of payment. Or you could imagine a bitcoin2.org that generates more coins. Or you could hope for a massive surge in the value of the bitcoin.

> I'd put my money on Paypal sticking around, though.

Even back that people pointed out the obvious flaw of Bitcoin remaining at $0.70. But I wonder if any of them believed it would be at $100,000 in 14 years

https://news.ycombinator.com/item?id=2407998

owebmaster 4/4/2025|||

One day work to start a multi-million project, 13 years ago. That's the real vibing.

ignoramous 4/4/2025||

Some might not be aware: It wasn't always smooth sailing for Sahil (could have had a much comfortable life if he stayed put at Pinterest). https://news.ycombinator.com/item?id=37059594

jatins 4/4/2025||

didn't he mention that he got fired from Pinterest?

Multiplayer 4/4/2025||

I'm reading a lot of complaints here but let's recognize some interesting aspects that Sahil is talking about: 1. It's the 5th largest rails codebase open to AI ingestion. 2. They are offering bounties for issues. Not large bounties but whatever, it's something.

I personally like rails and would love to see AI tools improve with it. No idea if this code base will really help that, and when but it can't hurt. In my experience I can get next apps up in a jiffy but rails is much more of a struggle. If anyone has any tips here, please post.

I'm always curious about how well bounties work especially now in an AI age. I wonder what the arbitrage on AI spend vs. bounty will be for people that take a run at them.

irf1 4/4/2025|

I run a bounties platform (https://algora.io) and I've seen people who create bounties try to use some AI like Devin to solve them (@seveibar livestreamed trying it) just for fun and in all cases AI failed to solve the bounties.

A Rust project that rewarded 300+ bounties ($37k) is now building an AI coding agent with the aim to solve bounties on Algora - it's an interesting benchmark I guess.

Curious myself what the next years might look like, but from everything I've seen so far we're definitely not there yet.

tomhow 4/4/2025||

https://danb.me/blog/gumroad-is-not-open-source/

jppope 4/5/2025|

in a chatGPT world, just flip it over to laravel and you're off to the races

Imustaskforhelp 4/4/2025||

Dear SHL , Please truly open source this. I personally wouldn't mind AGPL but would still much prefer MIT Thanks.

echelon 4/4/2025|

There's no way he's going to do that. The leverage and market advantage would evaporate.

deanc 4/4/2025|||

It's in fact the market position (leader) that gives them the advantage here, not the code.

Imustaskforhelp 4/4/2025|||

Well. Any suggestions please?

Though technically I don't mind it , its still great he source availabled it

I am probably not going to reach 1 mln $ sales but still man if I do , then I probably want some grace period and I mean ....

fbn79 4/4/2025||

License is very limiting for Business

RobotToaster 4/4/2025||

Yeah, it's not open source, the licence violates point five of the OSD https://opensource.org/osd

snvzz 4/4/2025||

It's also not Free Software, as it also violates the Free Software definition[0].

0. https://www.gnu.org/philosophy/free-sw.en.html

Tomte 4/4/2025||

Of course. Has anyone ever found a case of a license that not one or the other?

The Free Software Definition and the Open Source Definition are structured differently, but pretty obviously map from one to another.

desdenova 4/4/2025||

There's plenty of OSD licenses that don't fit the FSD, but a free software license is necessarily open source, so the opposite can't happen.

Tomte 4/4/2025|||

I’d really be interested in an example of such a license. Where is the difference in the two definitions?

lolinder 4/4/2025||

Not OP, but I linked to some details here:

https://news.ycombinator.com/item?id=43581484

The NASA Open Source Agreement is the one I found.

Tomte 4/4/2025||

Thank you!

singpolyma3 4/4/2025||||

No there cannot be an OSD license that violates the FSD

lolinder 4/4/2025||

GNU has a helpful chart where they clearly show that there is a sliver of "nonfree open source" licenses that are available [0].

> The term “open source” software is used by some people to mean more or less the same category as free software. It is not exactly the same class of software: they accept some licenses that we consider too restrictive, and there are free software licenses they have not accepted. However, the differences in extension of the category are small: we know of only a few cases of source code that is open source but not free.

I was able to find one example, the NASA Open Source Agreement, which is accepted by the OSI [1] but rejected by the FSF [2]:

> The NASA Open Source Agreement, version 1.3, is not a free software license because it includes a provision requiring changes to be your “original creation”. Free software development depends on combining code from third parties, and the NASA license doesn't permit this.

[0] https://www.gnu.org/philosophy/categories.html

[1] https://opensource.org/license/nasa1-3-php

[2] https://www.gnu.org/licenses/license-list.html#NASA

singpolyma3 4/4/2025||

Guarantee that all "nonfree open source" is different readings. Take the NASA case. If youu read it as strictly as Stallman does then it violates the OSD also. The people at OSI at the time it was submitted read it more like a lawyer and decided it was compliant. Possibly today's OSI would disagree. Possibly tomorrow's FSF would agree. It's not a difference between free software and open source but a difference between how two sets of humans interpreted the text of the license.

lolinder 4/4/2025||

Which point of the OSD would be violated by the NASA clause if read the same way that the FSF reads it?

singpolyma3 4/4/2025||

OSD 3

And possibly 9

lolinder 4/5/2025||

Eh, OSD 3 just says that derived works must be possible, it doesn't say that you must be able to incorporate third party source code into the derived work. Meanwhile the FSF's definition explicitly calls out this freedom as an essential component of Freedom 1:

> One important way to modify a program is by merging in available free subroutines and modules. If the program's license says that you cannot merge in a suitably licensed existing module—for instance, if it requires you to be the copyright holder of any code you add—then the license is too restrictive to qualify as free.

https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms

arielcostas 4/4/2025|||

Yeah, it's more of a "source available" than Open Source in its definition. I'd rather they use AGPL or something like that.

graemep 4/4/2025||

To put it another way they want to call it open source without actually being open source.

notpushkin 4/4/2025|||

I don’t think they actually call it open source themselves – rather, the HN poster made a (probably benign) mistake.

ecedeno 4/4/2025|||

The founder does. See: https://x.com/shl/status/1908090697984426227

notpushkin 4/4/2025||

Yikes :-(

gcau 4/4/2025|||

It's not a mistake because someone doesn't subscribe to the same definition as you. There are 2 widely competing definitions that are both perfectly valid, if you want to be more specific you can say "not OSI approved" to more accurately reflect what you're talking about, if you don't want to do that then you can understand how others feel.

benatkin 4/5/2025|||

I used to make a bigger deal about this, but now I think that whether something calls itself Open Source is less relevant than if bait and switches are being done.

Teasing a release on X is less bothersome than what Matrix is doing by relicensing from Apache to AGPL and making what was billed as a vendor neutral communication platform not so vendor neutral. The people working at Element certainly don't want to use Matrix/Element under the AGPL, so why should they expect earlier users and members of their community like me to want to use it under the AGPL?

There was a time when saying Open Source meant something by itself. Now you have to include details like the license, what exactly is under the license, and the leadership.

captn3m0 4/4/2025|||

> You may use the software under this license only if (1) your company has less than 1 million USD (2024) total revenue in the prior tax year, and less than 10 million USD (2024) GMV (Gross Merchandise Value), or (2) you are a non-profit organization or government entity. Adjust the revenue threshold for inflation according to the United States Bureau of Labor Statistics' consumer price index for all urban consumers, U.S. city average, for all items, not seasonally adjusted, 1982–1984=100 reference base.

WhyNotHugo 4/4/2025|||

Even more so for individuals.

ZeroTalent 4/4/2025|||

Use the source as inspiration and create something new in a more modern language/framework.

rustc 4/4/2025||

It would be a bad idea to read any of this code if you're working on a competitor based on the license terms.

ZeroTalent 4/7/2025||

I would say the risk of a lawsuit is infinitessimal.

Timshel 4/4/2025||

While limiting, it's not atrocious:

handfuloflight 4/4/2025||

So if it someone uses this software to build a $10M GMV per annum business, it's completely unclear the pounds of flesh Gumroad et. al will want as their cut.

Timshel 4/4/2025||

Yes but before you reach this point you probably have a bit of time to start discussing with them ?

eemil 4/4/2025|||

By the time licensing becomes relevant, your business is built around the platform and this gives Gumroad an unreasonable advantage in any negotiations. Imagine what they could say:

- You're now a competitor. Stop using our software (you can still sell on gumroad.com, hint hint)

- Give us 20% for 1 year (next year, who knows...)

- We won't give you a license, but we'll buy you out for next to nothing.

rustc 4/4/2025|||

And at that point they can ask for anything because the alternative would be rewriting all your code.

_joel 4/4/2025||

An ecommerce platform designed to allow creators to sell to users.. apparently. https://en.wikipedia.org/wiki/Gumroad

soco 4/4/2025|

Which also dropped Android support, so I dropped them.

rchaud 4/4/2025||

Web app works fine. I'm an Android user, I sell through Gumroad and it's never occurred to me to download a native app that offers no functionality beyond what's already on the website. Sale notifications go to my email, as they should.

shipscode 4/4/2025||

It's pretty cool that this license allows you to make up to $1mm revenue, at which point you can pivot and rebuild the stack. This is going to be a game changer for anybody who wants to MVP an app similar to Gumroad. MIT would be ideal, but I prefer this to GPL's force release model.

noname120 4/4/2025||

Any idea what the motivation could be?

verghese 4/4/2025||

Gumroad's journey has been interesting: https://sahillavingia.com/reflecting -> Billion dollar journey with VC backing to Kleiner selling back their stake to Gumroad for $1, which enabled Sahil to steer the company in a different direction.

Perhaps the shift to making the source available has more to do with work culture: https://sahillavingia.com/work

geenat 4/4/2025|||

https://x.com/shl/status/1908146557708362188

Probably not entirely, but straight from the author.

spiffyk 4/4/2025||

Can't help but notice he's basically knowingly "donating" the code to multi-billion corporations to train their LLMs on (while in general those same corporations source their training data in ethically questionable ways), while mere mortal human individuals and small businesses are bound by a non-free license. An interesting decision to say the least.

s17n 4/4/2025||

i mean... what would any "mere mortals" use the code for other than to directly compete with Gumroad?

jslakro 4/4/2025||

Sahil anticipates AI will significantly commoditize software. Especially following DeepSeek's impact. He has promoted Devin via twitter and likely aims to position Gumroad as the leading creator-focused alternative to traditional Open Source e-commerce platforms.

turnsout 4/4/2025|

I looked for a blog post announcing this, and couldn't find it. But Antiwork's Github profile mentions:

  > Antiwork emerged from Gumroad's mission to automate repetitive tasks. In 2025, we're taking a bold step by open-sourcing our entire suite of tools that helped run and scale Gumroad. We believe in making powerful automation accessible to everyone.

That's pretty wild! I've always loved Gumroad's simplicity for creators and buyers. Now I guess people will have a pretty compelling option when searching "Gumroad open source alternative"

ge96 4/4/2025||

Here I was thinking it was the subreddit

Brosper 4/4/2025|||

it's basicly free development

More comments...