SPDX License Expression Satisfier
JSON →The `spdx-satisfies` library provides a robust utility for programmatically validating whether a given SPDX license expression is satisfied by a predefined list of approved licenses. Currently at version 6.0.0, this package is a direct successor to the deprecated `spdx.js` and focuses specifically on accurate satisfaction checks against the SPDX specification. It supports complex license expressions involving `OR` and `WITH` operators for the license expression being checked, but strictly requires that the 'approved licenses' list contains only simple identifiers, plus-ranges (e.g., `GPL-2.0+`), or licenses with exceptions (e.g., `Apache-2.0 WITH LLVM`), prohibiting compound expressions in the approved list. This strictness makes it a critical tool for open-source license compliance, software supply chain security, and automated dependency scanning, offering precise and machine-readable license verification.
Traffic · last 30 days ↓50% vs prev 7d
top countries 🇺🇸 United States · 🇨🇦 Canada · 🇩🇪 Germany · 🇫🇷 France · 🇮🇳 India