spdx-license-list
Advanced tools
List of SPDX licenses
The lists of licenses are just JSON files and can be used anywhere.
Using SPDX License List version 3.27.0 (2025-07-01)
npm install spdx-license-list
const spdxLicenseList = require('spdx-license-list');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true
}
*/
const mitLicense = require('spdx-license-list/licenses/MIT');
console.log(mitLicense.licenseText);
//=> 'MIT License\r\n\r\nCopyright (c) <year> <copyright holders> …'
You can also get a version with the licence text included:
const spdxLicenseList = require('spdx-license-list/full');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true,
licenseText: '…'
}
*/
Or just the license IDs as a Set:
const spdxLicenseList = require('spdx-license-list/simple');
console.log(spdxLicenseList);
//=> Set {'Glide', 'Abstyles', …}
Type: object
The licenses are indexed by their identifier and contains a name property with the full name of the license, url with the URL to the license, and osiApproved boolean for whether the license is OSI Approved.
The spdx-correct package helps correct common misspellings and variations of SPDX license identifiers. It is useful for ensuring that license identifiers conform to the SPDX standard, but it does not provide detailed license metadata like spdx-license-list.
The spdx-expression-parse package parses SPDX license expressions into a structured format. It is useful for analyzing complex license expressions, but it does not provide a list of licenses or their metadata like spdx-license-list.
The spdx-satisfies package checks if a given license expression satisfies another license expression. It is useful for license compatibility checks, but it does not provide a list of licenses or their metadata like spdx-license-list.
FAQs
List of SPDX licenses
The npm package spdx-license-list receives a total of 400,030 weekly downloads. As such, spdx-license-list popularity was classified as popular.
We found that spdx-license-list demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.