SPDX (Software Package Data Exchange) is a file format used to document information on the software licenses under which a given piece of computer software is distributed. SPDX is authored by the SPDX Working Group, which represents more than twenty different organizations, under the auspices of the Linux Foundation.
SPDX attempts to standardize the way in which organizations publish their metadata on software licenses and components in bills of material.
SPDX describes the exact terms under which a piece of software is licensed. It does not attempt to categorize licenses by type, for instance by describing licenses with similar terms to the BSD License as "BSD-like".
The current version of the standard is 2.1, ratified in November 2016 .
Licence syntax
Each license is identified by a full name, such as "Mozilla Public License 2.0" and a short identifier, here "MPL-2.0". Licenses can be combined by operators AND and OR, and grouping (, ).
For example, (LGPL-2.1 OR MIT) means that you can choose between LGPL-2.1 (GNU Lesser General Public License v2.1 only ) or MIT (MIT license).
On the other hand, (LGPL-2.1 AND MIT) means that both licenses apply.
There is also a "+" operator, when applied to a license, means that future versions of the license apply. For example, GPL-2.0+ means that GPL-2.0 and GPL-3.0 may apply (and future versions if any).