Package licenses

Analysis and display of license information

Packages stored in Bytesafe registries are scanned for license information, both standardized open source licenses and custom licenses.

Identified licenses are displayed both for the latest version of package and for individual package versions.

Detailed license information allows users to identify problematic licenses or get notified directly for unlicensed or non-standard licenses with the License scanner plugin.

What is an open source software license?

Visit our License Compliance page for more information on open source licenses, how it relates to your packages and why you should care about identifying the licenses for the packages you use.

License analysis

Package license information is retrieved from:

Licenses defined in package.json metadata (license and old licenses tags)
License analysis of any LICENSE files available in package root
License analysis of any license information stored in any other package file

To display the source for a specific license, hover over a license badge.

Identified package licenses

Identified licenses will be displayed as badges on both the package and version levels. Hover over a license badge for details on the source for the license.

package license display

Bytesafe differentiate between different license information types, depending on the information origin and if the license information can be matched to a standardized license id.

Standardized licenses

License information identified by Bytesafe is compared to a list of standardized SPDX licenses. Licenses that are matched to a known type, will be classified as a standardized license.

License badges for standardized licenses provide a link to more detailed license information.

Custom licenses

Custom licenses defined in package.json metadata will be displayed alongside standardized licenses. Custom licenses are displayed using a lighter shade of gray to allow for easy identification.

package custom license display

For registries with the License scanner plugin enabled, a corresponding license issue will also be created for the detected non-standard license.

Multiple licenses from different sources

A single package can have multiple licenses. Different and additional licenses can be available in package.json compared to other license and package files.

Unknown licenses

Packages with license files that can’t be matched to any known license will be tagged with a license UNKNOWN.

package unknown license display

For registries with License scanner plugin enabled, a corresponding license issue will also be created for the unknown license detected.

More information on specific licenses

Users that require more information on a specific license can access an overview of the licenses directly from inside Bytesafe.

Clicking on the badge for any standardized license will direct the user to an overview page for the specific license.

license-information

License scanner plugin

Scan registries for unlicensed or unstandardized licenses with the License scanner. Get notified when license issues are identified.