Spdx.js
SPDX License Expression Syntax parser
Install / Use
/learn @kemitchell/Spdx.jsREADME
Use Other Packages
Development on spdx.js has moved to separate, smaller packages.
spdx-expression-parse and spdx-satisfies are direct successors to spdx.js.
You may also be interested in spdx-compare, spdx-correct, and other packages on the npm public registry. kemitchell writes a lot of them.
var spdx = require('spdx')
Simple License Expressions
var assert = require('assert')
assert(spdx.valid('Invalid-Identifier') === null)
assert(spdx.valid('GPL-2.0'))
assert(spdx.valid('GPL-2.0+'))
assert(spdx.valid('LicenseRef-23'))
assert(spdx.valid('LicenseRef-MIT-Style-1'))
assert(spdx.valid('DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2'))
Composite License Expressions
Disjunctive OR Operator
assert(spdx.valid('(LGPL-2.1 OR MIT)'))
assert(spdx.valid('(LGPL-2.1 OR MIT OR BSD-3-Clause)'))
Conjunctive AND Operator
assert(spdx.valid('(LGPL-2.1 AND MIT)'))
assert(spdx.valid('(LGPL-2.1 AND MIT AND BSD-2-Clause)'))
Exception WITH Operator
assert(spdx.valid('(GPL-2.0+ WITH Bison-exception-2.2)'))
Order of Precedence and Parentheses
assert.deepEqual(
spdx.parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
{ left: { license: 'LGPL-2.1' },
conjunction: 'or',
right: {
left: { license: 'BSD-3-Clause' },
conjunction: 'and',
right: { license: 'MIT' } } })
assert.deepEqual(
spdx.parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
{ left: { license: 'MIT' },
conjunction: 'and',
right: {
left: {
license: 'LGPL-2.1',
plus: true },
conjunction: 'and',
right: { license: 'BSD-3-Clause' } } })
Strict Whitespace Rules
assert(!spdx.valid('MIT '))
assert(!spdx.valid(' MIT'))
assert(!spdx.valid('MIT AND BSD-3-Clause'))
Identifier Lists
assert(Array.isArray(spdx.licenses))
assert(spdx.licenses.indexOf('ISC') > -1)
assert(spdx.licenses.indexOf('Apache-1.7') < 0)
assert(spdx.licenses.every(function(element) {
return typeof element === 'string' }))
assert(Array.isArray(spdx.exceptions))
assert(spdx.exceptions.indexOf('GCC-exception-3.1') > -1)
assert(spdx.exceptions.every(function(element) {
return typeof element === 'string' }))
The Specification
assert.equal(spdx.specificationVersion, '2.0')
The Software Package Data Exchange (SPDX) specification is the work of the Linux Foundation and its contributors, and is licensed under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation.
Related Skills
node-connect
339.3kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
339.3kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.9kCommit, push, and open a PR
