Extended package license information

The open source licenses information available for packages in Bytesafe has been extended, with:

  • Identification and support for custom or proprietary licenses from package.json metadata
  • Validation of standardized SPDX licenses
  • License issues now provide information on the issue origin on hover

Identification of custom licenses and validation of SPDX licenses

Custom licenses are displayed using a lighter gray to allow for easy identification of these licenses. On hover, users can view the origin of a licenses.

License-validation

Any custom licenses identified for a package will create a license issue regarding a non-standardized licenses detected.

In addition, the dashboard overview of most common licenses for a registry also includes custom licenses identified. license-overview

Validation of SPDX licenses

Open source licenses identified from either package.json metadata or license information in package files are now validated compared to standardized SPDX licenses. Validation is not case sensitive, to avoid false positives and reduce noise for Bytesafe users.

Valid SPDX licenses are displayed with a deeper shade of gray. Standardized licenses provide a link to more detailed license information.

License issue origin

License issue found by the License scanner plugin have been improved with an additional tooltip. On hover, information regarding the origin of a specific license issue is displayed.

License-issue-origin-info

This allows users to easier identify what part of a package or file that contain problematic license information.

Interested in License Compliance?

See our dedicated License compliance page for more details on why you need to care about open source licenses, license compliance and what Bytesafe can do to assist with your license compliance.