![require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages](https://cdn.sanity.io/images/cgdhsj6q/production/be8ab80c8efa5907bc341c6fefe9aa20d239d890-1600x1097.png?w=400&fit=max&auto=format)
Security News
require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
spdx-license-list
Advanced tools
The spdx-license-list npm package provides a list of SPDX license identifiers and their associated metadata. It is useful for validating, listing, and retrieving information about software licenses in a standardized format.
List all SPDX license identifiers
This feature allows you to retrieve and list all available SPDX license identifiers. The code sample demonstrates how to import the package and log all license identifiers to the console.
const spdxLicenseList = require('spdx-license-list');
console.log(Object.keys(spdxLicenseList));
Get license details by identifier
This feature allows you to get detailed information about a specific license by its identifier. The code sample shows how to retrieve and log details for the 'MIT' license.
const spdxLicenseList = require('spdx-license-list');
const licenseDetails = spdxLicenseList['MIT'];
console.log(licenseDetails);
Check if a license identifier is valid
This feature allows you to check if a given license identifier is valid according to the SPDX license list. The code sample demonstrates how to check if 'MIT' is a valid license identifier.
const spdxLicenseList = require('spdx-license-list');
const isValid = 'MIT' in spdxLicenseList;
console.log(isValid);
The spdx-correct package helps correct common misspellings and variations of SPDX license identifiers. It is useful for ensuring that license identifiers conform to the SPDX standard, but it does not provide detailed license metadata like spdx-license-list.
The spdx-expression-parse package parses SPDX license expressions into a structured format. It is useful for analyzing complex license expressions, but it does not provide a list of licenses or their metadata like spdx-license-list.
The spdx-satisfies package checks if a given license expression satisfies another license expression. It is useful for license compatibility checks, but it does not provide a list of licenses or their metadata like spdx-license-list.
List of SPDX licenses
The lists of licenses are just JSON files and can be used anywhere.
Using SPDX License List version 3.23 (2024-02-08)
npm install spdx-license-list
const spdxLicenseList = require('spdx-license-list');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true
}
*/
const mitLicense = require('spdx-license-list/licenses/MIT');
console.log(mitLicense.licenseText);
//=> 'MIT License\r\n\r\nCopyright (c) <year> <copyright holders> …'
You can also get a version with the licence text included:
const spdxLicenseList = require('spdx-license-list/full');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true,
licenseText: '…'
}
*/
Or just the license IDs as a Set
:
const spdxLicenseList = require('spdx-license-list/simple');
console.log(spdxLicenseList);
//=> Set {'Glide', 'Abstyles', …}
Type: object
The licenses are indexed by their identifier and contains a name
property with the full name of the license, url
with the URL to the license, and osiApproved
boolean for whether the license is OSI Approved.
FAQs
List of SPDX licenses
The npm package spdx-license-list receives a total of 284,162 weekly downloads. As such, spdx-license-list popularity was classified as popular.
We found that spdx-license-list demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.