Skip to content

feat: have the well-knwon SPDX licenses bundlable and tree-shakable downstream #1371

New issue
New issue
Closed
Closed
feat: have the well-knwon SPDX licenses bundlable and tree-shakable downstream#1371
Assignees
jkowalleck
Labels
enhancementNew feature or request
@jkowalleck

Description

@jkowalleck
jkowalleck
opened on Feb 11, 2026

currently, we have the list of well-known spdx licenses as a JSON file - https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/res/schema/spdx.SNAPSHOT.schema.json

we should provide them as a Set() - so that they are accessible in downstream easily.

use case

a downstream wants to implement a very minimalistic CycloneDX tooling, and needs access to the list of well-known SPDX license ids. They dont need all the features this very library provides. they need a solution that is bundle-able easily.
see pnpm/pnpm#10592 (comment)

requirements

  • the set of well-known SPDX licenses is extractable by tree-shaking methods
  • the set can be bundled downstream
  • the implementation should not rely on an external file (neither JSON nor XML nor other)

ideas for the future: have a separate package that provides the list of well-known SPDX ids.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions