Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
spdx-exceptions
Advanced tools
The spdx-exceptions npm package provides a list of exceptions to the SPDX license list. These exceptions are additional permissions that can be applied to a license, which are not included in the standard license text. The package is useful for software that needs to validate or parse license identifiers in compliance with the SPDX specification.
List of SPDX license exceptions
This feature allows you to retrieve an array of all SPDX license exceptions. The code sample shows how to import the spdx-exceptions package and log the list of exceptions to the console.
const spdxExceptions = require('spdx-exceptions');
console.log(spdxExceptions);
This package provides a list of commonly found licenses and exceptions used in free and open-source software and proprietary software. It is similar to spdx-exceptions but focuses on the licenses themselves rather than the exceptions.
The spdx package is a more comprehensive tool that allows users to parse, validate, and compare SPDX license expressions. It includes the functionality of spdx-exceptions as part of its broader feature set.
This package is used to parse and validate SPDX license expressions. While it does not provide a list of exceptions, it is related in the sense that it deals with SPDX license expressions which can include exceptions.
The package exports an array of strings. Each string is an identifier for a license exception under the Software Package Data Exchange (SPDX) software license metadata standard.
"SPDX" is a federally registered United States trademark of The Linux Foundation Corporation.
From version 2.0 of the SPDX specification:
Copyright © 2010-2015 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved.
The Linux Foundation and the SPDX working groups are good people. Only they decide what "SPDX" means, as a standard and otherwise. I respect their work and their rights. You should, too.
I created this package by copying exception identifiers out of the SPDX specification. That work was mechanical, routine, and required no creativity whatsoever. - Kyle Mitchell, package author
United States users concerned about intellectual property may wish to discuss the following Supreme Court decisions with their attorneys:
Baker v. Selden, 101 U.S. 99 (1879)
Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991)
FAQs
list of SPDX standard license exceptions
The npm package spdx-exceptions receives a total of 27,363,559 weekly downloads. As such, spdx-exceptions popularity was classified as popular.
We found that spdx-exceptions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.