Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
spdx-exceptions
Advanced tools
The spdx-exceptions npm package provides a list of exceptions to the SPDX license list. These exceptions are additional permissions that can be applied to a license, which are not included in the standard license text. The package is useful for software that needs to validate or parse license identifiers in compliance with the SPDX specification.
List of SPDX license exceptions
This feature allows you to retrieve an array of all SPDX license exceptions. The code sample shows how to import the spdx-exceptions package and log the list of exceptions to the console.
const spdxExceptions = require('spdx-exceptions');
console.log(spdxExceptions);
This package provides a list of commonly found licenses and exceptions used in free and open-source software and proprietary software. It is similar to spdx-exceptions but focuses on the licenses themselves rather than the exceptions.
The spdx package is a more comprehensive tool that allows users to parse, validate, and compare SPDX license expressions. It includes the functionality of spdx-exceptions as part of its broader feature set.
This package is used to parse and validate SPDX license expressions. While it does not provide a list of exceptions, it is related in the sense that it deals with SPDX license expressions which can include exceptions.
The package exports an array of strings. Each string is an identifier for a license exception under the Software Package Data Exchange (SPDX) software license metadata standard.
"SPDX" is a federally registered United States trademark of The Linux Foundation Corporation.
From version 2.0 of the SPDX specification:
Copyright © 2010-2015 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved.
The Linux Foundation and the SPDX working groups are good people. Only they decide what "SPDX" means, as a standard and otherwise. I respect their work and their rights. You should, too.
I created this package by copying exception identifiers out of the SPDX specification. That work was mechanical, routine, and required no creativity whatsoever. - Kyle Mitchell, package author
United States users concerned about intellectual property may wish to discuss the following Supreme Court decisions with their attorneys:
Baker v. Selden, 101 U.S. 99 (1879)
Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991)
FAQs
list of SPDX standard license exceptions
The npm package spdx-exceptions receives a total of 23,237,117 weekly downloads. As such, spdx-exceptions popularity was classified as popular.
We found that spdx-exceptions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.