npm-license-corrections
Advanced tools
SPDX license expressions for npm packages without proper metadata
SPDX license expressions for npm packages without proper metadata
licensee uses this package, along with correct-license-metadata, to find valid license expressions for npm packages without them.
This package exports an Array of Objects. Each Object looks like:
{
"name": "optimist",
"version": "6.0.1",
"license": "MIT"
}
license contains a valid SPDX license expression for version of package name.
name may contain a scope, as well as a package name, like @scope/package.
| When this project ... | ... it will increment |
|---|---|
| corrects an entry | patch |
| adds a new entry | minor |
| breaks schema | major |
FAQs
SPDX license expressions for npm packages without proper metadata
We found that npm-license-corrections demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A brand-squatted TanStack npm package used postinstall scripts to steal .env files and exfiltrate developer secrets to an attacker-controlled endpoint.
Research
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environments.
Company News
Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.