TL;DR - In 2012, Yahoo sued Facebook over 10 patents, "general sentiment in the industry was that the lawsuit against Facebook was without merit; some said Yahoo was a patent troll." Facebook spent a lot of money acquiring a patent warchest to be used defensively against patent suits in the future. Yahoo then drops the patent infringement case.
"The key thing to understand is that Facebook used and invested in patents as an important way to defend itself."
Facebook asserts that anyone can use these open source libraries with a patent use grant. However, if that company then sues Facebook over patent infringement, Facebook reserves the right to revoke all patent grants so they can use their own patents in a countersuit.
I can see how it makes sense for Facebook, but still a toxic effect on the actual "open source" status of React et al.
First of all, the whole thing is limited to patents, which are a small part of the IP of most IT companies. If Microsoft uses GraphQL, Facebook can't freely pirate Windows.
Second of all, you can still sue FB over patents, you just have to stop using things they are providing free of charge first. Also, there is an exception if FB sues you first. It seems fairly clear that the intent is to avoid litigation over patents, especially software patents, which many people think are a bad thing.
So if fb just uses something patented by my company in one of their products, just uses it without my company's permission, but doesn't sue, what is my company's recourse?
What is my company's leverage or incentive to get them to pay my company for a license?
You assume an intent but the intent is unclear here. React is an incredibly attractive technical product. As a web dev at my company I really want to use it, but had I not realized its strange underhanded bidirectional patent grant and evangelized it I could have boxed my company into a corner, forcing it to decide to sacrifice our React web infrastructure or defend our patents.
Spreading misinformation about the danger only serves to undermine the OSS community's response.
No. Apache 2.0 indemnifies you only in relation to the patents held by contributors to that project.
In more concrete terms, if you see some project is licensed under Apache 2.0, then you can still be sued for using it, because while you may have a guarantee that its contributors won't sue you, it doesn't make anybody else's patents go away.
In slightly more concrete terms than that, if Project X causes Facebook to be sued by Corp Y because Facebook is using that project, then Facebook has no protection if it is not a Corp Y project nor have they ever contributed to it.
In real life, Corp Y is Yahoo, who sued Facebook several years ago on a bunch of patent-related matters. Facebook then went on a tear building up a war chest and crafting the PATENTS text so that it could never happen again.
TL;DR - In 2012, Yahoo sued Facebook over 10 patents, "general sentiment in the industry was that the lawsuit against Facebook was without merit; some said Yahoo was a patent troll." Facebook spent a lot of money acquiring a patent warchest to be used defensively against patent suits in the future. Yahoo then drops the patent infringement case.
"The key thing to understand is that Facebook used and invested in patents as an important way to defend itself."
Facebook asserts that anyone can use these open source libraries with a patent use grant. However, if that company then sues Facebook over patent infringement, Facebook reserves the right to revoke all patent grants so they can use their own patents in a countersuit.
I can see how it makes sense for Facebook, but still a toxic effect on the actual "open source" status of React et al.