SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to systems.

[2] The original purpose of SPDX was to improve license compliance,[3] and it has since been expanded to facilitate additional use cases such as supply-chain transparency and security.

The SPDX specification is recognized as the international open standard for security, license compliance, and other software supply chain artifacts as ISO/IEC 5962:2021.

This independence is required to support a variety of content exchange and analysis use cases and makes it easier to communicate single elements of interest.

[17] SPDX 2.2.1 was submitted to the International Organization for Standardization (ISO) in October, 2020, and was published as ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1 in August, 2021.

In 2017, the FSFE launched REUSE, which provides tools to validate the comment and to efficiently extract copyright information.

[23] The SPDX license identifier is also used in a number of package managers such as npm,[24] Python,[25] and Rust cargo.

[26] SPDX license expressions are used in RPM package metadata in Fedora Linux, replacing the earlier use of the Callaway system.