This article covers various information and definitions for terms used on the Licenses report in the Tidelift application. If you see a term in our application that isn't clear, please contact our team for help at firstname.lastname@example.org.
Having your open source licenses managed for you is one of the benefits of the Tidelift Subscription. We proactively resolve license problems by researching missing, inconsistent, or non-SPDX-compliant license information to identify the correct license.
We rely on SPDX license tags, a vendor-agnostic standard for declaring license information.
Without our research shown on this page, you would have to research and fix up the license tags on each of these packages, before applying a policy. This Licenses page is showing what corrections we've made on your behalf:
- Licenses researched and corrected by Tidelift: Tidelift manually identified the license tag, usually because it was missing.
- Converted to SPDX format: Tidelift converted the license tag to proper SPDX format. The package had a license tag but with a non-SPDX-compliant format, usually related to spelling.
- Lifter Verified: The lifter has confirmed that we have the right license tag for the package they maintain.
- Correct: The SPDX license tag is currently in the correct format and did not need fixed.
- Needs Research: The license is still missing or spelled unusually. Tidelift proactively performs this research but if you see any licenses in this state, please contact email@example.com.
Setting up and configuring your open source policy
To ensure direct and transitive dependencies comply with your organization's legal requirements, you'll need a machine-readable license on every package in SPDX format.
If we have identified any licensing issues, they will also appear as a result on the Issues page.
For more information on how to set up and configure an open source policy, check out our documentation.