Frequently Asked Questions

What is assists developers in gaining a comprehensive understanding of the licenses associated with open-source software (OSS) packages and their dependencies.

Our platform conducts a thorough analysis across the entire dependency graph of a package, presenting the findings in a user-friendly summary. For each package within the dependency graph, you will find detailed information, including the package name, version, license(s), publish date, and its direct or indirect connection to the original package query.

Furthermore, our results are easily shareable. You can generate README badges for quick linking or sharing, or export the analysis in convenient formats such as CSV or JSON files for seamless integration into your workflows.

How accurate is the information?

We consistently strive to provide the most accurate information. We derive insights from first-party sources directly and verify findings with third-party sources.

It's important to note that the dependency graph for a package may not always be idempotent, influenced by factors such as enabled features, included tests, and more. Given the transitive nature of graph calculation, even a minor alteration in any aspect of the dependency specification can impact the entire graph. Discrepancies may arise due to version skew, undocumented or obscure features of the packaging model, input from the build system not accessible to us, and other contributing factors.

Latency in graph calculation may arise when new versions of a package, as well as its direct or indirect dependencies, are published, potentially leading to staleness. However, it's important to note that any such staleness should be short-lived, as our results are continuously updating.

How are licenses determined?

We extract license information from package metadata by identifying SPDX expressions. In cases where no associated SPDX identifier is found, we denote the license as non-standard. If we encounter difficulties obtaining license information, we label it as unknown.

Please note that the displayed license information is not meant as legal advice. It is advisable to independently verify the license or terms of any software to meet your specific requirements.

What are green licenses?

Green licenses allow a software to be freely used, modified, and shared. These licenses respect the users' liberty to run, copy, distribute, study, change, and/or improve the software.

The following table indicates which SPDX licenses are considered to be green:

SPDXFull NameFSF Free/LibreOSI Approved
0BSDBSD Zero Clause License
AFL-2.1Academic Free License v2.1
AFL-3.0Academic Free License v3.0
Apache-1.1Apache License 1.1
Apache-2.0Apache License 2.0
APSL-2.0Apple Public Source License 2.0
Artistic-1.0Artistic License 1.0
Artistic-2.0Artistic License 2.0
BlueOak-1.0.0Blue Oak Model License 1.0.0
BSD-2-ClauseBSD 2-Clause "Simplified" License
BSD-3-ClauseBSD 3-Clause "New" or "Revised" License
BSL-1.0Boost Software License 1.0
CC-BY-1.0Creative Commons Attribution 1.0 Generic
CC-BY-2.0Creative Commons Attribution 2.0 Generic
CC-BY-2.5Creative Commons Attribution 2.5 Generic
CC-BY-3.0Creative Commons Attribution 3.0 Unported
CC-BY-4.0Creative Commons Attribution 4.0 International
CC0-1.0Creative Commons Zero v1.0 Universal
CDDL-1.0Common Development and Distribution License 1.0
CDDL-1.1Common Development and Distribution License 1.1
CPL-1.0Common Public License 1.0
EPL-1.0Eclipse Public License 1.0
FTLFreetype Project License
IPL-1.0IBM Public License v1.0
ISCISC License
libtifflibtiff License
LGPL-2.0GNU Library General Public License v2
LGPL-2.1GNU Library General Public License v2.1
LGPL-3.0GNU Library General Public License v3.0
LPL-1.02Lucent Public License v1.02
MITMIT License
MPL-1.0Mozilla Public License 1.0
MPL-1.1Mozilla Public License 1.1
MPL-2.0Mozilla Public License 2.0
MS-PLMicrosoft Public License
NCSAUniversity of Illinois/NCSA Open Source License
OpenSSLOpenSSL License
PHP-3.0PHP License v3.0
Python-2.0Python License 2.0
RubyRuby License
Unicode-3.0Unicode License v3
Unicode-DFS-2015Unicode License Agreement - Data Files and Software (2015)
Unicode-DFS-2016Unicode License Agreement - Data Files and Software (2016)
UnlicenseThe Unlicense
W3CW3C Software Notice and License (2002-12-31)
XnetX.Net License
Zend-2.0Zend License v2.0
Zlibzlib License
ZPL-2.0Zope Public License 2.0
Green SPDX Licenses

How to generate a badge?

You can generate a badge for a package's README by constructing the following URL template:

or, to a specific package version:
The package registry. Allowed values: npm
The package name. Must be URI encoded. Example: express, %40acme%2Fanvil
The package semver version. Must be exact. Example: 1.2.0

It is recommended that you link the badge to the package's detailed view; for example:


Or, using HTML:

<a href="">
  <img src="" alt="licenses" />