npmpackage.info

spdx-license

Get SPDX license information

1.0.2

TypeScript

3.90 kB

10,866

1.3

Installations

npm install spdx-license

Score

49.5

Supply Chain

96.4

Quality

75.2

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Developer

bconnorwhite

Module System

BETA

CommonJS

Statistics

1 Stars

6 Commits

1 Watching

1 Branches

1 Contributors

Updated on 16 Sept 2020

Bundle Size

12.77 kB

Minified

3.90 kB

Minified + Gzipped

Bundlephobia

Languages

TypeScript (87.52%)

JavaScript (12.48%)

Total Downloads

Cumulative downloads

Total Downloads

10,866

Last day

25%

Compared to previous day

Last week

89.4%

Compared to previous week

Last month

177.8%

300

Compared to previous month

Last year

-75.1%

1,301

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

cross-fetch-json

Dev Dependencies

@bconnorwhite/bob jest

Versions

spdx-license

Get SPDX license information.

Uses cross-fetch-json to support usage in both brower and node.

Installation

1yarn add spdx-license

1npm install spdx-license

API

Types

1import { getLicense, getLicenses, FullLicense, Licenses, License } from "spdx-license";
2
3function getLicense(id: string): Promise<FullLicense | undefined>;
4
5function getLicenses(): Promise<Licenses>;
6
7type FullLicense = {
8  id: string;
9  name: string;
10  url: string;
11  isDeprecated: boolean;
12  isOSIApproved: boolean;
13  isFSFLibre?: boolean;
14  text: string;
15};
16
17type Licenses = {
18  [id: string]: License;
19}
20
21type License = {
22  id: string;
23  name: string;
24  url: string;
25  isDeprecated: boolean;
26  isOSIApproved: boolean;
27  isFSFLibre?: boolean;
28  getText: () => Promise<string | undefined>;
29}

Dependencies

cross-fetch-json: Universal fetch API that only returns JSON

Dev Dependencies

@bconnorwhite/bob: Bob is a toolkit for TypeScript projects
jest: Delightful JavaScript Testing.

License

MIT

Related Packages:

npm-description: Fetch a package's description from NPM
all-package-names: Get all NPM package names.
is-name-taken: Check if an NPM package name is taken

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

SAST

Determines if the project uses static code analysis.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

License

Determines if the project has defined a license.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

43 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh

Score

1.3

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to spdx-license

spdx-license-ids

3.0.20

A list of SPDX license identifiers

spdx-exceptions

2.5.0

list of SPDX standard license exceptions

spdx-expression-parse

4.0.0

parse SPDX license expressions

spdx-correct

3.2.0

correct invalid SPDX expressions