Choose & verify a variant¶
Every release ships two modules. Pick by licence, then verify before you trust it.
Which one?¶
graph TD
A[Do you need libx264-quality H.264 encoding?] -->|No| L[ffmpeg-wasi-lgpl.wasm]
A -->|Yes| B[Can your distribution accept GPL?]
B -->|Yes| G[ffmpeg-wasi-gpl.wasm]
B -->|No| Lffmpeg-wasi-lgpl.wasm— the default. LGPL-2.1+, proprietary-compatible. H.264 encode via openh264 (BSD); everything else in the baseline.ffmpeg-wasi-gpl.wasm— LGPL plus--enable-gpl+ libx264 for best-in-class H.264 encoding. The artifact is GPL-2.0+.
When in doubt, start with LGPL. See the licensing model for the full picture (and why shipping both together is clean).
H.264 and AVC patents
Both variants encode H.264, and both are self-compiled — so neither rides under Cisco's openh264 binary patent grant. We ship encode under the AVC pool's royalty-free volume tier and will pull it on request; the obligation sunsets when the last AVC essential patent expires (2027-11-29 in the U.S.). Full detail in the licensing model.
Verify the checksum¶
Each release includes checksums.txt. Always verify the module you downloaded:
# Download the module + checksums.txt from the release, then:
sha256sum -c checksums.txt --ignore-missing
# ffmpeg-wasi-lgpl.wasm: OK
Or check a single file against the published value:
Pin it in a consumer¶
When loading the module from Go via afmpeg, pin both the URL and the SHA-256 so an unexpected artifact is rejected:
rt, _ := afmpeg.New(ctx, afmpeg.WithModuleURL(
"https://gitlab.com/api/v4/projects/83847809/packages/generic/ffmpeg-wasi/n8.1.2-1/ffmpeg-wasi-lgpl.wasm",
afmpeg.WithSHA256("0f338dac4ed1be3819aaf26f1cdeef119e817b43103f1460ca19354ea56bacc9"),
))
Each release lists every asset's URL
and checksums.txt. For n8.1.2-1 the GPL module's SHA-256 is
093c9e084fa82780e7247cd7457c3742e398fc3075ba803eef6924cc72512586. For exactly what went into
a build (FFmpeg version, dependencies, configure line, licence), read its provenance.json.