[skissane]

> since companies will never know if their dependencies are going to suddenly start charging money

It is more of a risk for some open source projects than others. Look for example at React – I very much doubt Facebook will try to relicense it into a commercial product, simply because they are not in the business of selling software and probably don't want to get into that business. But, compare that to many small companies who have a product (such as a development tool or database or whatever) and they offer an open source version and a commercial version with extra features–there is a much bigger risk they might decide their open source offering is harming their commercial one, and therefore should be discontinued.

Similarly, an open source project run by a single individual or small community is more likely to be closed up than one run by a large community. On the other hand, a project run by a single individual is likely to be a smaller code base, and hence more feasible to fork or maintain in-house.

So, I think businesses should be aware of this risk, but should evaluate that risk for each open source dependency independently.