sbom.day

A Daily Exhibition of What Software Is Made Of

react@18.3.1
lodash@4.17.21
express@4.19.2
MIT

The Dependency Tree

Every package stands on the shoulders of others. Behold the invisible web of trust.

my-app@1.0.0
webpack@5.91
react@18.3
axios@1.7.2
acorn@8.12
tapable@2.2
scheduler@0.23
react-dom@18.3
follow-redirects
proxy-from-env
v2.1.0
v0.8.3
v3.14.1

License Specimens

Every line of code comes with a promise. Flip each card to discover the terms within.

MIT

MIT License

The most permissive of friends

MIT License

  • Commercial use
  • Modification
  • Distribution
  • No liability
  • No warranty
Apache

Apache 2.0

Permissive with patent protection

Apache 2.0

  • Commercial use
  • Patent grant
  • Modification
  • Trademark restriction
  • No liability
GPL

GPL 3.0

Freedom with a condition: share alike

GPL 3.0

  • Commercial use
  • Modification
  • Disclose source
  • Same license
  • No liability
BSD

BSD 3-Clause

Minimal strings attached

BSD 3-Clause

  • Commercial use
  • Modification
  • Distribution
  • Copyright notice
  • No endorsement
ISC

ISC License

Simple and to the point

ISC License

  • Commercial use
  • Distribution
  • Modification
  • No liability
  • No warranty
MPL

MPL 2.0

File-level copyleft flexibility

MPL 2.0

  • Commercial use
  • Modification
  • Disclose source (per file)
  • Same license (per file)
  • No trademark
Apache

The Version Timeline

A fizzing chronicle of change. Every bubble holds a moment of progress.

v0.1.0
v0.5.0
v1.0.0
v1.2.0
v2.0.0
v2.3.0
v3.0.0
zlib@1.3.1

Every package has a story.

sbom.day helps you read it.

trust
MIT
v1.0.0
clarity