SPDX Identifier

An SPDX identifier is a standardized short code that uniquely names a specific software license or exception, drawn from the SPDX License List maintained by the SPDX project. Examples include MIT, Apache-2.0, GPL-3.0-only, and GPL-3.0-or-later. The purpose is to enable efficient, reliable, machine-readable identification of licenses inside source files, manifests, and software bills of materials.

How it is used

Developers typically declare the license of a file with a single comment line such as SPDX-License-Identifier: GPL-3.0-or-later near the top of the source. Tooling can then scan a project and report its license posture automatically, without parsing full license text. This is far less ambiguous than a free-form phrase like "GPL", which fails to distinguish version 2 from version 3 or "only" from "or later."

License expressions

The SPDX syntax also supports compound expressions using operators such as AND, OR, and WITH, for example GPL-2.0-or-later WITH Autoconf-exception. This lets a project precisely describe dual licensing or added exceptions in one canonical string.

For anyone auditing the firmware or tooling on their hardware, SPDX identifiers make license review fast and unambiguous. They appear throughout open mining projects, including those released under the GPL and the Apache License 2.0.