Skip to main content


Automating Compliance

By Announcements

This talk was given at the Open Source Leadership Summit on March 7th, 2018 by Kate Stewart (SPDX Technical Team Lead), Greg Kroah-Hartman (Linux Kernel Developer), and  Philippe Ombredanne ( Maintainer).  It discusses efforts to help automate license identification, where open source tools are out and some of the challenges around this using the Linux Kernel as an example.

Link to the slides

NPM and the License List

By Announcements

The site now:

  1. Displays links to license texts on, including for dual-license and other non-trivial SPDX expressions
  2. Displays a tiny green OSI logo (and obligatory registered-trademark symbol) for packages that offer at least one OSI-approved choice
  3. Displays license information only for packages in the registry that set `license` in `package.json` to a valid SPDX expression

To see it in action:

The NPM project uses the License List short identifier to describe the licensing of a Package.