Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
spdx-exceptions
Advanced tools
What is spdx-exceptions?
The spdx-exceptions npm package provides a list of exceptions to the SPDX license list. These exceptions are additional permissions that can be applied to a license, which are not included in the standard license text. The package is useful for software that needs to validate or parse license identifiers in compliance with the SPDX specification.
What are spdx-exceptions's main functionalities?
List of SPDX license exceptions
This feature allows you to retrieve an array of all SPDX license exceptions. The code sample shows how to import the spdx-exceptions package and log the list of exceptions to the console.
const spdxExceptions = require('spdx-exceptions');
console.log(spdxExceptions);Other packages similar to spdx-exceptions
spdx-license-list
This package provides a list of commonly found licenses and exceptions used in free and open-source software and proprietary software. It is similar to spdx-exceptions but focuses on the licenses themselves rather than the exceptions.
spdx
The spdx package is a more comprehensive tool that allows users to parse, validate, and compare SPDX license expressions. It includes the functionality of spdx-exceptions as part of its broader feature set.
spdx-expression-parse
This package is used to parse and validate SPDX license expressions. While it does not provide a list of exceptions, it is related in the sense that it deals with SPDX license expressions which can include exceptions.
The package exports an array of strings. Each string is an identifier for a license exception under the Software Package Data Exchange (SPDX) software license metadata standard.
Copyright and Licensing
SPDX
"SPDX" is a federally registered United States trademark of The Linux Foundation Corporation.
From version 2.0 of the SPDX specification:
Copyright © 2010-2015 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved.
The Linux Foundation and the SPDX working groups are good people. Only they decide what "SPDX" means, as a standard and otherwise. I respect their work and their rights. You should, too.
This Package
I created this package by copying exception identifiers out of the SPDX specification. That work was mechanical, routine, and required no creativity whatsoever. - Kyle Mitchell, package author
United States users concerned about intellectual property may wish to discuss the following Supreme Court decisions with their attorneys:
-
Baker v. Selden, 101 U.S. 99 (1879)
-
Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991)
FAQs
list of SPDX standard license exceptions
The npm package spdx-exceptions receives a total of 27,363,559 weekly downloads. As such, spdx-exceptions popularity was classified as popular.
We found that spdx-exceptions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 Feb 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024