npmpackage.info

spdx-license-list

List of SPDX licenses

6.9.0

CC0-1.0

JavaScript

20.87 kB

34,875,744 3.5

Installations

npm install spdx-license-list

Developer Guide

BETA

Typescript

Yes

Module System

N/A

Min. Node Version

>=8

Node Version

21.6.2

NPM Version

9.2.0 Score

99.8

Supply Chain

92.9

Quality

76.8

Maintenance

100

Vulnerability

63.2

License

Pull Requests

Open

0

Total

11

Closed

3

Merged

8

Issues

Open

0

Total

11

Closed

11

Releases

v6.9.0

Published on 21 Feb 2024

v6.8.0

Published on 30 Oct 2023

v6.7.0

Published on 31 Aug 2023

v6.6.0

Published on 09 Jun 2022

v6.5.0

Published on 04 Apr 2022

v6.4.0

Published on 24 Jan 2021

View all 12 releases

Contributors

Unable to fetch Contributors

View all 10 contributors

Languages

JavaScript

TypeScript

JavaScript (82.73%)

TypeScript (17.27%)

Developer

sindresorhus

Download Statistics

Total Downloads

34,875,744

Last Day

55,559

Last Week

291,881

Last Month

964,349

Last Year

12,408,394

GitHub Statistics

88 Stars

63 Commits

16 Forks

9 Watching

1 Branches

10 Contributors

Bundle Size

91.79 kB

Minified

20.87 kB

Minified + Gzipped

Bundlephobia

Sponsor this package

https://github.com/sponsors/sindresorhus

Maintainers

Package Meta Information

Latest Version

6.9.0

Package Id

spdx-license-list@6.9.0

Unpacked Size

9.50 MB

Size

2.26 MB

File Count

650

NPM Version

9.2.0

Node Version

21.6.2

Publised On

21 Feb 2024

Total Downloads

Cumulative downloads

Total Downloads

34,875,744

Last day

4.6%

55,559

Compared to previous day

Last week

14%

291,881

Compared to previous week

Last month

-18.5%

964,349

Compared to previous month

Last year

22.4%

12,408,394

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

ava got hard-rejection ora p-map tsd xo

Versions

spdx-license-list

List of SPDX licenses

The lists of licenses are just JSON files and can be used anywhere.

spdx.json contains just license metadata
spdx-full.json includes the license text too
spdx-simple.json only contains the license IDs

Using SPDX License List version 3.23 (2024-02-08)

Install

1npm install spdx-license-list

Usage

1const spdxLicenseList = require('spdx-license-list');
2
3console.log(spdxLicenseList.MIT);
4/*
5{
6	name: 'MIT License',
7	url: 'http://www.opensource.org/licenses/MIT',
8	osiApproved: true
9}
10*/

1const mitLicense = require('spdx-license-list/licenses/MIT');
2
3console.log(mitLicense.licenseText);
4//=> 'MIT License\r\n\r\nCopyright (c) <year> <copyright holders> …'

You can also get a version with the licence text included:

1const spdxLicenseList = require('spdx-license-list/full');
2
3console.log(spdxLicenseList.MIT);
4/*
5{
6	name: 'MIT License',
7	url: 'http://www.opensource.org/licenses/MIT',
8	osiApproved: true,
9	licenseText: '…'
10}
11*/

Or just the license IDs as a Set:

1const spdxLicenseList = require('spdx-license-list/simple');
2
3console.log(spdxLicenseList);
4//=> Set {'Glide', 'Abstyles', …}

API

spdxLicenseList

Type: object

The licenses are indexed by their identifier and contains a name property with the full name of the license, url with the URL to the license, and osiApproved boolean for whether the license is OSI Approved.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

Score

3.5

/10

Last Scanned on 2025-01-06

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to spdx-license-list

spdx-license-ids

3.0.21

A list of SPDX license identifiers

spdx-exceptions

2.5.0

list of SPDX standard license exceptions

spdx-ranges

2.1.1

list of SPDX standard license ranges

get-spdx-license-ids

2.1.0

Get an array of the latest list of SPDX license IDs from spdx.org