It depends.
Both Mozilla Public License 2.0 and Common Development and Distribution License 1.0 are weak (file- or library-level) copyleft licenses. Combining them is usually feasible, but the obligations of each apply to its own files. Have a lawyer review if you intend to redistribute the combined work.
| License | Family | Patent grant |
|---|---|---|
| Mozilla Public License 2.0 (MPL-2.0) | weak-copyleft | Yes |
| Common Development and Distribution License 1.0 (CDDL-1.0) | weak-copyleft | Yes |
Mozilla Public License 2.0: File-level copyleft: modifications to MPL files must be MPL, but linking with non-MPL code is fine.
Common Development and Distribution License 1.0: File-level copyleft, similar in spirit to MPL.
If you found this page because you're trying to figure out whether shipping a particular dependency is safe, the answer above is a starting point — not a substitute for reading the actual licenses or talking to a lawyer when stakes are high.
LicenseHound walks every transitive dependency in your repo, maps each to its SPDX license, and flags pairs like this one in PR comments. The CLI is free; the team dashboard is paid.