4.0.0 • Published 4 months ago

spdx-expression-parse v4.0.0

Weekly downloads
17,937,249
License
MIT
Repository
github
Last release
4 months ago

This package parses SPDX license expression strings describing license terms, like package.json license strings, into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.

In a nutshell:

var parse = require('spdx-expression-parse')
var assert = require('assert')

assert.deepEqual(
  // Licensed under the terms of the Two-Clause BSD License.
  parse('BSD-2-Clause'),
  {license: 'BSD-2-Clause'}
)

assert.throws(function () {
  // An invalid SPDX license expression.
  // Should be `Apache-2.0`.
  parse('Apache 2')
})

assert.deepEqual(
  // Dual licensed under either:
  // - LGPL 2.1
  // - a combination of Three-Clause BSD and MIT
  parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
  {
    left: {license: 'LGPL-2.1'},
    conjunction: 'or',
    right: {
      left: {license: 'BSD-3-Clause'},
      conjunction: 'and',
      right: {license: 'MIT'}
    }
  }
)

The syntax comes from the Software Package Data eXchange (SPDX), a standard from the Linux Foundation for shareable data about software package license terms. SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.

The bulk of the SPDX standard describes syntax and semantics of XML metadata files. This package implements two lightweight, plain-text components of that larger standard:

  1. The license list, a mapping from specific string identifiers, like Apache-2.0, to standard form license texts and bolt-on license exceptions. The spdx-license-ids and spdx-exceptions packages implement the license list. spdx-expression-parse depends on and require()s them.

    Any license identifier from the license list is a valid license expression:

    var identifiers = []
      .concat(require('spdx-license-ids'))
      .concat(require('spdx-license-ids/deprecated'))
      .filter(function (id) { return id[id.length - 1] !== '+' })
    
    identifiers.forEach(function (id) {
      assert.deepEqual(parse(id), {license: id})
    })

    So is any license identifier WITH a standardized license exception:

    identifiers.forEach(function (id) {
      require('spdx-exceptions').forEach(function (e) {
        assert.deepEqual(
          parse(id + ' WITH ' + e),
          {license: id, exception: e}
        )
      })
    })
  2. The license expression language, for describing simple and complex license terms, like MIT for MIT-licensed and (GPL-2.0 OR Apache-2.0) for dual-licensing under GPL 2.0 and Apache 2.0. spdx-expression-parse itself implements license expression language, exporting a parser.

    assert.deepEqual(
      // Licensed under a combination of:
      // - the MIT License AND
      // - a combination of:
      //   - LGPL 2.1 (or a later version) AND
      //   - Three-Clause BSD
      parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
      {
        left: {license: 'MIT'},
        conjunction: 'and',
        right: {
          left: {license: 'LGPL-2.1', plus: true},
          conjunction: 'and',
          right: {license: 'BSD-3-Clause'}
        }
      }
    )

This package differs slightly from the SPDX standard in allowing lower- and mixed-case AND, OR, and WITH operators:

assert.deepEqual(
  parse('MIT or BSD-2-Clause'),
  { left: { license: 'MIT' }, conjunction: 'or', right: { license: 'BSD-2-Clause' } }
)
assert.deepEqual(
  parse('GPL-2.0 with GCC-exception-2.0'),
  { license: 'GPL-2.0', exception: 'GCC-exception-2.0' }
)

The Linux Foundation and its contributors license the SPDX standard under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.

spdx-correctvalidate-npm-package-licensearchetype-libraryeasy-select-rnchinjowwchinjowvuedragdropuploadimagesreact-native-bluetooth2killi8n-react-native-fast-imagepipihomern-send-sms@icanpm/api-master@arisageha/react-lazyload@arisageha/react-lazyload-fix@cashremit/cr-streamline-icons@almeidaa/msreact-native-template-rfbaseairscanairscan-examplebb-chatreact-native-esc-pos-sahaab@borisovart/atol-kkt-module@frxf/frxfdeneme323112@ntt_app/react-native-custom-notificationreact-native-covid-sdkgql_din_modbitgetreact-native-thanh-toast-librarymutasi-bca@jttechnic/interpreter@thanhnguyen14797/react-native-thanh-toast-library@saeon/ol-react@saeon/quick-formcthpb-plugin-social@olivervorasai/slidermysql-formatpanqibaoreact-native-printer-brothersrn-pdf-reader-offlinereact-native-shekhar-bridge-testcogoportutilsukor-remaster@oiti/documentoscopy-react-native@respondea/cordova-plugin-v-inappbrowser@mink-opn/build-tokensquoc-testreact-native-slider-kfunblock-block-save-variableslcom@saaspe/componentsplginexpand-react-bridgeopea-bootstraapluminos-ui-core@everything-registry/sub-chunk-2804iqra-calculatorjawwy-sdkjawwy_gamification_releasereact-native-sphereuisphereuijawwy_libraryreact-native-credit-card-pkgp149-table@rabailriaz/hisaab-web-portalreact-native-jawwy_sampleelvylibrary-analyzerlicense-badgerlicense-checkerlicense-checker-cilicense-checker-commitka-flow.jskafirchain-tetrisl2forlernalib-errorlicense-checker-customlicense-checker-dkbcodefactorylicense-checker-lzlicense-checker-peerlicense-checker-regexplicense-checker-rseidelsohnlicense-checker-wsplicense-compliancelicense-lslicenseelicenseguardlitepie-datepicker-gabehelp-widgethexyun.helpershot-zone-vuehong1-utilshubot-budakhaled-salem-custom-componentskountexamplegogency-test-2gogencygoogle-remakelapture-ui-complaptureui
4.0.0

4 months ago

3.0.1

4 years ago

3.0.0

6 years ago

2.0.2

7 years ago

2.0.1

7 years ago

2.0.0

7 years ago

1.0.4

7 years ago

1.0.3

8 years ago

1.0.2

8 years ago

1.0.1

8 years ago

1.0.0

9 years ago