Packages stored in Bytesafe registries are scanned for license information, both standardized open source licenses and custom licenses.
Identified licenses are displayed both for the latest version of package and for individual package versions.
Detailed license information allows users to identify problematic licenses or get notified directly for unlicensed or non-standard licenses with the License scanner plugin.
What is an open source software license?Visit our License Compliance page for more information on open source licenses, how it relates to your packages and why you should care about identifying the licenses for the packages you use.
Package license information is retrieved from:
- Licenses defined in
- License analysis of any LICENSE files available in package root
- License analysis of any license information stored in any other package file
To display the source for a specific license, hover over a license badge.
Identified package licenses
Identified licenses will be displayed as badges on both the package and version levels. Hover over a license badge for details on the source for the license.
Bytesafe differentiate between different license information types, depending on the information origin and if the license information can be matched to a standardized license id.
License information identified by Bytesafe is compared to a list of standardized SPDX licenses. Licenses that are matched to a known type, will be classified as a standardized license.
License badges for standardized licenses provide a link to more detailed license information.
Custom licenses defined in
package.json metadata will be displayed alongside standardized licenses. Custom licenses are displayed using a lighter shade of gray to allow for easy identification.
For registries with the License scanner plugin enabled, a corresponding license issue will also be created for the detected non-standard license.
Multiple licenses from different sourcesA single package can have multiple licenses. Different and additional licenses can be available in
package.jsoncompared to other license and package files.
Packages with license files that can’t be matched to any known license will be tagged with a license
For registries with License scanner plugin enabled, a corresponding license issue will also be created for the unknown license detected.
More information on specific licenses
Users that require more information on a specific license can access an overview of the licenses directly from inside Bytesafe.
Clicking on the badge for any standardized license will direct the user to an overview page for the specific license.