OSLI is an intelligent compliance engine designed to bridge the gap between complex open-source legal jargon and real-world developer workflows. By combining deterministic SPDX data with Gemini AI reasoning, OSLI provides a developer experience that is predictable, correct, and delightful.
The OSLI API is officially deployed and ready for use. You can explore the endpoints, view data schemas, and test requests directly from your browser.
Official Website & Full Documentation: https://osli-doc-web-page.harinis4.workers.dev
Interactive API Docs (Swagger UI): https://open-source-license-api.onrender.com/docs
Base API URL: https://open-source-license-api.onrender.com
Every developer has been there: you find the perfect open-source library that solves all your problems, only to realize your company’s legal team might reject it because of a "Copyleft" clause or a restrictive license you don't fully understand. In the high-speed world of modern software engineering, legal compliance is the ultimate bottleneck. We built OSLI to act as a "Digital Legal Assistant," turning complex legal jargon into actionable, developer-friendly data.
- Framework: FastAPI
- Intelligence: Google Gemini 1.5 Flash
- Registry Integration: Httpx
- Data Validation: Pydantic v2
- Install Dependencies:
pip install -r requirements.txt
- Download the SPDX Data:
curl -o "licenses.json" "https://raw.githubusercontent.com/spdx/license-list-data/master/json/licenses.json"
- Set your API Key:
export GEMINI_API_KEY="your_actual_key"
- Run the API:
Access the interactive docs at: http://127.0.0.1:8000/docs
uvicorn main:app --reload
AI-powered library discovery based on specific functionality and license needs.
curl -X POST "http://127.0.0.1:8000/v1/search" \
-H "Content-Type: application/json" \
-d '{ "query": "Chart library for a closed-source SaaS" }'Expected Response:
{
"results": [
{
"name": "Chart.js",
"license": "MIT",
"reason": "Highly popular, permissive MIT license, and easy to integrate."
},
{
"name": "ApexCharts",
"license": "MIT",
"reason": "Modern interactive charts with a commercial-friendly MIT license."
}
]
}Finds permissive alternatives (e.g., MIT) for a specific restrictive library.
curl -X POST "http://127.0.0.1:8000/v1/alternatives" \
-H "Content-Type: application/json" \
-d '{ "package_name": "highcharts", "desired_license": "MIT" }'Expected Response:
{
"results": [
{
"name": "ApexCharts",
"license": "MIT",
"reason": "Direct alternative with similar feature set and MIT license."
},
{
"name": "Chart.js",
"license": "MIT",
"reason": "Standard for simple interactive charts with an MIT license."
}
]
}Returns official SPDX metadata for a specific license ID.
curl -X GET "http://127.0.0.1:8000/v1/licenses/MIT"Expected Response:
{
"licenseId": "MIT",
"name": "MIT License",
"seeAlso": ["https://opensource.org/licenses/MIT"],
"isOsiApproved": true,
"isDeprecatedLicenseId": false
}Contextual AI risk scoring (0-100) based on your specific business context.
curl -X POST "http://127.0.0.1:8000/v1/analyze" \
-H "Content-Type: application/json" \
-d '{ "package_name": "mongodb", "context": "Commercial closed-source SaaS" }'Expected Response:
{
"risk_score": 85,
"summary": "High risk due to SSPL license in a commercial SaaS context.",
"warnings": [
"SSPL is not OSI-approved.",
"Potential requirement to open-source your infrastructure code."
]
}Batch "Traffic Light" scan (SAFE/WARN) for a list of packages.
curl -X POST "http://127.0.0.1:8000/v1/audit" \
-H "Content-Type: application/json" \
-d '{ "dependencies": ["react", "lodash", "ffmpeg"] }'Expected Response:
{
"results": [
{ "package": "react", "license": "MIT", "status": "SAFE" },
{ "package": "ffmpeg", "license": "LGPL-2.1", "status": "WARN" }
]
}Quick deterministic check if two licenses are legally compatible.
curl -X POST "http://127.0.0.1:8000/v1/compatibility-check" \
-H "Content-Type: application/json" \
-d '{ "license_a": "MIT", "license_b": "GPL-3.0" }'Expected Response:
{
"compatible": true,
"reason": "MIT is compatible with GPL-3.0."
}AI-powered tool to resolve license conflicts between two packages.
curl -X POST "http://127.0.0.1:8000/v1/resolve-conflicts" \
-H "Content-Type: application/json" \
-d '{ "package_a": "ffmpeg", "package_b": "highcharts" }'Expected Response:
{
"has_conflict": true,
"conflict_reason": "Highcharts commercial license conflicts with LGPL-2.1 requirements.",
"suggested_alternative": "ApexCharts",
"alternative_license": "MIT",
"explanation": "Replacing Highcharts with ApexCharts resolves the conflict."
}Generates a professional legal header for source files.
curl -X POST "http://127.0.0.1:8000/v1/generate-header" \
-H "Content-Type: application/json" \
-d '{ "project_name": "Nebula", "license_id": "MIT", "language": "Python" }'Expected Response:
{
"header_text": "# Copyright (c) 2026 Nebula\n# Licensed under the MIT License."
}OSLI prioritizes informative feedback over generic errors. We follow standard HTTP status codes:
- 200 OK: Request was successful.
- 400 Bad Request: Invalid SPDX License ID or missing parameters.
- 404 Not Found: Package not found on NPM or License ID does not exist.
- 500 Internal Error: Issues with AI inference or registry timeouts.
Example 400 Response (Invalid License):
{
"detail": "License ID 'Apache' is not recognized. Check https://spdx.org/licenses/ for valid IDs (e.g., 'MIT', 'Apache-2.0')."
}