Package licenses

Analysis and display of license information

Packages stored in Bytesafe registries are scanned for license information. This includes both standardized open source licenses and custom licenses.

Detailed license information allows users to identify License Issues with the License Compliance plugin and get notified directly non-compliant, unlicensed or non-standard licenses .

License analysis

Package license information is retrieved from:

Licenses defined in package.json metadata (license and old licenses tags)
License analysis of any LICENSE files available in package root
License analysis of any license information stored in any other package file

Enhanced License Compliance with Bytesafe Business & Enterprise

Get in-depth license analysis with License Compliance. License information for free accounts is based on package.json metadata.

To display the source for a specific license, hover over a license badge.

Identified package licenses

Identified licenses will be displayed as badges on both the package and version levels. Hover over a license badge for details on the source for the license.

package license display

Bytesafe differentiate between different license information types, depending on the information origin and if the license information can be matched to a standardized license id.

Standardized licenses

License information identified by Bytesafe is compared to a list of standardized SPDX licenses. Licenses that are matched to a known type, will be classified as a standardized license.

License badges for standardized licenses provide a link to more detailed license information.

Custom licenses

Custom licenses defined in package.json metadata will be displayed alongside standardized licenses. Custom licenses are displayed using a lighter shade of gray to allow for easy identification.

package custom license display

For registries with the License Compliance enabled, license issues can be opened in line with the applied License Policy.

Multiple licenses from different sources

A single package can have multiple licenses. Different and additional licenses can be available in package.json compared to other license and package files.

Unknown licenses

Packages with license files that can’t be matched to any known license will be tagged with a license UNKNOWN.

package unknown license display

For registries with the License Compliance enabled, license issues can be opened in line with the applied License Policy.

More information on specific licenses

Users that require more information on a specific license can access an overview of the licenses directly from inside Bytesafe.

Clicking on the badge for any standardized license will direct the user to an overview page for the specific license.

license-information

What are open source software licenses?

Visit our knowledge resource on Open source licenses & compliance for more information on open source licenses, how it relates to your packages and why you should care about identifying the licenses for the packages you use.