Licensing regarding SPDX CC-By-3.0 output


Hello all, I had a quick question or two. I hope this is the right place to ask.

I am using the License Checker plugin to build a JSON list of all licenses in my React/Gatsby project.
This plugin uses a number of SPDX-adjacent plugins to basically loop through each folder in "node_modules" and check the package.json file's SPDX license against a SPDX list of some sort.
As far as I can tell, the outputted JSON from License Checker never grabs any information directly from SPDX, but merely verifies that, say the package's license "MIT" matches the SPDX identifier "MIT".

The only SPDX licensing I can see is from the SPDX-Exceptions, SPDX Expression Parse, and SPDX-Ranges packages where the SPDX information is licensed under Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). The other plugins, such as SPDX Satisfies, do not mention SPDX's licensing.

My questions are:
  • Since this implementation of the SPDX material seems to be "server-side" and not outputted in the JSON or included as JS files, do I need to attribute SPDX in a public webpage?
  • If I need to attribute SPDX, if I have done so already but did not include a link to SPDX and the material title (as per CC-BY-3.0) is my license terminated?
  • Is "SPDX is Copyright © 2010-2015 Linux Foundation and its Contributors. Licensed under the Creative Commons Attribution License 3.0 Unported. All other rights are expressly reserved." a valid enough attribution line?

Thank you!