SpdxValidator

Check if dependent modules in nodejs app is valid as per spdx list of valid licenses.

What is spdx

Software Package Data Exchange® (SPDX®) is an open standard for communicating software bill of material information (including components, licenses, copyrights, and security references).

npm spdxvalidator

Its this easy:

npm i spdxvalidator -g

spdxvalidator --jarPath "spdx_jar_file_path.jar"

how to get scan.json

Include scan.json if you want to exclude licence that contains less than 100% match in licence text. Alt text

Org name and creater in spdxConfig.json

{
    "orgName": "org name", 
    "createrInfo": "webinfo@org.com"
}

Licence file

It will remove packages that does not contain valid licence name as per spdx

Alt text

How does it work?

It scan's all licences in current directory node_modules, from's a list of licenses, creates a spdx file for it and validate it against the jar file specified.

It's that simple :)

HI its me deepak, I don't maintain this package if you want to be a contributer, drop me a mail at deepak.r.poojari@gmail.com.

spdxvalidator

SpdxValidator

What is spdx

how to get scan.json

Org name and creater in spdxConfig.json

Licence file

It will remove packages that does not contain valid licence name as per spdx

How does it work?

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

spdxvalidator

SpdxValidator

What is spdx

how to get scan.json

Org name and creater in spdxConfig.json

Licence file

It will remove packages that does not contain valid licence name as per spdx

How does it work?

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads