Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
spdx-license-list
Advanced tools
The spdx-license-list npm package provides a list of SPDX license identifiers and their associated metadata. It is useful for validating, listing, and retrieving information about software licenses in a standardized format.
List all SPDX license identifiers
This feature allows you to retrieve and list all available SPDX license identifiers. The code sample demonstrates how to import the package and log all license identifiers to the console.
const spdxLicenseList = require('spdx-license-list');
console.log(Object.keys(spdxLicenseList));
Get license details by identifier
This feature allows you to get detailed information about a specific license by its identifier. The code sample shows how to retrieve and log details for the 'MIT' license.
const spdxLicenseList = require('spdx-license-list');
const licenseDetails = spdxLicenseList['MIT'];
console.log(licenseDetails);
Check if a license identifier is valid
This feature allows you to check if a given license identifier is valid according to the SPDX license list. The code sample demonstrates how to check if 'MIT' is a valid license identifier.
const spdxLicenseList = require('spdx-license-list');
const isValid = 'MIT' in spdxLicenseList;
console.log(isValid);
The spdx-correct package helps correct common misspellings and variations of SPDX license identifiers. It is useful for ensuring that license identifiers conform to the SPDX standard, but it does not provide detailed license metadata like spdx-license-list.
The spdx-expression-parse package parses SPDX license expressions into a structured format. It is useful for analyzing complex license expressions, but it does not provide a list of licenses or their metadata like spdx-license-list.
The spdx-satisfies package checks if a given license expression satisfies another license expression. It is useful for license compatibility checks, but it does not provide a list of licenses or their metadata like spdx-license-list.
List of SPDX licenses
The lists of licenses are two JSON files and can be used wherever.
licenses
folder with the same name.Using SPDX License List version 2.0.
$ npm install --save spdx-license-list
var spdxLicenseList = require('spdx-license-list');
console.log(spdxLicenseList.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true
}
*/
// you can also get a version with the licence text included
var spdxLicenseList2 = require('spdx-license-list/spdx-full');
console.log(spdxLicenseList2.MIT);
/*
{
name: 'MIT License',
url: 'http://www.opensource.org/licenses/MIT',
osiApproved: true,
license: '...'
}
*/
Type: object
The licenses are indexed by their identifier and contains a name
property with the full name of the license, url
with the URL to the license, and osiApproved
boolean for whether the license is OSI Approved.
MIT © Sindre Sorhus
FAQs
List of SPDX licenses
The npm package spdx-license-list receives a total of 189,359 weekly downloads. As such, spdx-license-list popularity was classified as popular.
We found that spdx-license-list demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.