Security

SPDX License Reference

Search the full SPDX license list by identifier or name. Each result shows the canonical SPDX ID, OSI-approved status, FSF free status, and a link to the full license text. Data embedded from the SPDX 3.x release β€” runs entirely in your browser.

No data is transmitted β€” everything runs locally
Tool
About this tool

SPDX License Reference

The SPDX License Reference provides a searchable index of all SPDX identifiers with OSI-approved, FSF-free, and deprecation flags, sourced from the SPDX 3.x license list.

β€’ Look up the correct SPDX identifier for a license before writing an SBOM or package.json

β€’ Check whether a license is OSI-approved before accepting a dependency in a commercial project

β€’ Find the canonical identifier for a license you know by common name (e.g. 'MIT License' β†’ 'MIT')

β€’ Build SPDX expressions for compound licenses: identify both components before combining

Next step
Alerting Threshold Calculator β€” Compute multi-window SLO burn rate alert thresholds from the Google SRE Workbook method.
Open Alerting Threshold Calculator β†’
FAQ
What does this tool tell you?
The SPDX License Reference provides a searchable index of all SPDX identifiers with OSI-approved, FSF-free, and deprecation flags, sourced from the SPDX 3.x license list.
What affects the result most?
SPDX (Software Package Data Exchange) is the ISO/IEC 5962:2021 standard for SBOM and license expression. Each identifier is unique, case-sensitive, and machine-readable: 'MIT' not 'The MIT License'. OSI-approved flag indicates Open Source Initiative recognition.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.
Related tools
Tool
CVSS Calculator
Decode any CVSS 3.x vector string into a full severity breakdown.
Tool
Secrets Leak Scanner
Detect exposed credentials before they reach your repo.
Tool
Dependency CVE Scanner
Check npm and pip packages against known critical CVEs.
DevOps pipeline visibility. Better Stack for DevOps teams monitoring deployments, incident response, and on-call alerting.
View monitoring options β†’
External site Β· Independent provider Β· We may receive a commission Β· Not a recommendation