SPDX 2.3
System Package Data Exchange (SPDX) definition
| Type | object |
|---|---|
| File match |
*.spdx.json
*.spdx.yaml
*.spdx.yml
|
| Schema URL | https://catalog.lintel.tools/schemas/schemastore/spdx-2-3/latest.json |
| Source | https://raw.githubusercontent.com/spdx/spdx-spec/refs/tags/v2.3/schemas/spdx-schema.json |
Validate with Lintel
npx @lintel/lintel checkProperties
Uniquely identify any element in an SPDX document which may be referenced by other elements.
One instance is required for each SPDX file produced. It provides the necessary information for forward and backward compatibility for processing tools.
4 nested properties
Identify when the SPDX document was originally created. The date is to be specified according to combined date and time in UTC format as specified in ISO 8601 standard.
Identify who (or what, in the case of a tool) created the SPDX document. If the SPDX document was created by an individual, indicate the person's name. If the SPDX document was created on behalf of a company or organization, indicate the entity name. If the SPDX document was created using a software tool, indicate the name and version for that tool. If multiple participants or tools were involved, use multiple instances of this field. Person name or organization name may be designated as “anonymous” if appropriate.
An optional field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created.
License expression for dataLicense. See SPDX Annex D for the license expression syntax. Compliance with the SPDX specification includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata"). The SPDX specification contains numerous fields where an SPDX document creator may provide relevant explanatory text in SPDX-Metadata. Without opining on the lawfulness of "database rights" (in jurisdictions where applicable), such explanatory text is copyrightable subject matter in most Berne Convention countries. By using the SPDX specification, or any portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree and acknowledge that the SPDX-Metadata is provided to you "as-is" and without any representations or warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement, or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
Identify name of this SpdxElement.
Provide a reference number that can be used to understand how to parse and interpret the rest of the file. It will enable both future changes to the specification and to support backward compatibility. The version number consists of a major and minor version indicator. The major field will be incremented when incompatible changes between versions are made (one or more sections are created, modified or deleted). The minor field will be incremented when backwards compatible changes are made.
Provide additional information about an SpdxElement.
Identify any external SPDX documents referenced within this SPDX document.
Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.
Reviewed
The URI provides an unambiguous mechanism for other SPDX documents to reference SPDX elements within this SPDX document.
Packages, files and/or Snippets described by this SPDX document
Packages referenced in the SPDX document
Files referenced in the SPDX document
Snippets referenced in the SPDX document
Relationships referenced in the SPDX document