spdx-license-list
Advanced tools
List of SPDX licenses
The lists of licenses are just JSON files and can be used anywhere.
Using SPDX License List version 3.27.0 (2025-07-01)
npm install spdx-license-list
const spdxLicenseList = require('spdx-license-list');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true
}
*/
const mitLicense = require('spdx-license-list/licenses/MIT');
console.log(mitLicense.licenseText);
//=> 'MIT License\r\n\r\nCopyright (c) <year> <copyright holders> …'
You can also get a version with the licence text included:
const spdxLicenseList = require('spdx-license-list/full');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true,
licenseText: '…'
}
*/
Or just the license IDs as a Set:
const spdxLicenseList = require('spdx-license-list/simple');
console.log(spdxLicenseList);
//=> Set {'Glide', 'Abstyles', …}
Type: object
The licenses are indexed by their identifier and contains a name property with the full name of the license, url with the URL to the license, and osiApproved boolean for whether the license is OSI Approved.
The spdx-correct package helps correct common misspellings and variations of SPDX license identifiers. It is useful for ensuring that license identifiers conform to the SPDX standard, but it does not provide detailed license metadata like spdx-license-list.
The spdx-expression-parse package parses SPDX license expressions into a structured format. It is useful for analyzing complex license expressions, but it does not provide a list of licenses or their metadata like spdx-license-list.
The spdx-satisfies package checks if a given license expression satisfies another license expression. It is useful for license compatibility checks, but it does not provide a list of licenses or their metadata like spdx-license-list.
FAQs
List of SPDX licenses
The npm package spdx-license-list receives a total of 371,364 weekly downloads. As such, spdx-license-list popularity was classified as popular.
We found that spdx-license-list demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Compromised SAP CAP npm packages download and execute unverified binaries, creating urgent supply chain risk for affected developers and CI/CD environments.
Company News
Socket has acquired Secure Annex to expand extension security across browsers, IDEs, and AI tools.
Research
/Security News
Socket is tracking cloned Open VSX extensions tied to GlassWorm, with several updated from benign-looking sleepers into malware delivery vehicles.