Comparing version 6.1.0 to 6.2.0
80
index.js
module.exports = licensee | ||
var blueOakList = require('@blueoak/list') | ||
var correctLicenseMetadata = require('correct-license-metadata') | ||
@@ -16,4 +17,11 @@ var licenseSatisfies = require('spdx-satisfies') | ||
if (!validConfiguration(configuration)) { | ||
callback(new Error('Invalid configuration')) | ||
} else if (!validSPDX(configuration.license)) { | ||
return callback(new Error('Invalid configuration')) | ||
} | ||
if (configuration.license) { | ||
configuration.rule = configuration.license | ||
} else { | ||
configuration.rule = licenseRuleFromBlueOak(configuration.blueOak) | ||
} | ||
if (!validSPDX(configuration.rule)) { | ||
console.log(configuration.rule) | ||
callback(new Error('Invalid license expression')) | ||
@@ -122,19 +130,37 @@ } else { | ||
isObject(configuration) && | ||
// Validate `license` property. | ||
configuration.hasOwnProperty('license') && | ||
isString(configuration.license) && | ||
configuration.license.length > 0 && ( | ||
configuration.hasOwnProperty('whitelist') | ||
? ( | ||
// Validate `whitelist` property. | ||
isObject(configuration.whitelist) && | ||
Object.keys(configuration.whitelist) | ||
.every(function (key) { | ||
return isString(configuration.whitelist[key]) | ||
}) | ||
) : true | ||
) | ||
XOR( | ||
configuration.license, | ||
configuration.blueOak | ||
), | ||
XOR( | ||
( // Validate `license` property. | ||
configuration.hasOwnProperty('license') && | ||
isString(configuration.license) && | ||
configuration.license.length > 0 | ||
), | ||
( // Validate Blue Oak rating. | ||
configuration.hasOwnProperty('blueOak') && | ||
isString(configuration.blueOak) && | ||
configuration.blueOak.length > 0 && | ||
blueOakList.some(function (element) { | ||
return element.name === configuration.blueOak.toLowerCase() | ||
}) | ||
) | ||
) && | ||
configuration.hasOwnProperty('whitelist') | ||
? ( | ||
// Validate `whitelist` property. | ||
isObject(configuration.whitelist) && | ||
Object.keys(configuration.whitelist) | ||
.every(function (key) { | ||
return isString(configuration.whitelist[key]) | ||
}) | ||
) : true | ||
) | ||
} | ||
function XOR (a, b) { | ||
return (a || b) && !(a && b) | ||
} | ||
function isObject (argument) { | ||
@@ -193,3 +219,3 @@ return typeof argument === 'object' | ||
function resultForPackage (configuration, tree) { | ||
var licenseExpression = configuration.license | ||
var rule = configuration.rule | ||
var whitelist = configuration.whitelist || {} | ||
@@ -277,8 +303,8 @@ var result = { | ||
var matchesRule = ( | ||
licenseExpression && | ||
validSPDX(licenseExpression) && | ||
rule && | ||
validSPDX(rule) && | ||
result.license && | ||
typeof result.license === 'string' && | ||
validSPDX(result.license) && | ||
licenseSatisfies(result.license, licenseExpression) | ||
licenseSatisfies(result.license, rule) | ||
) | ||
@@ -322,1 +348,15 @@ if (matchesRule) { | ||
} | ||
function licenseRuleFromBlueOak (rating) { | ||
rating = rating.toLowerCase() | ||
var ids = [] | ||
for (var index = 0; index < blueOakList.length; index++) { | ||
var element = blueOakList[index] | ||
if (element.name.toLowerCase() === 'model') continue | ||
element.licenses.forEach(function (license) { | ||
if (validSPDX(license.id)) ids.push(license.id) | ||
}) | ||
if (rating === element.name) break | ||
} | ||
return '(' + ids.join(' OR ') + ')' | ||
} |
{ | ||
"name": "licensee", | ||
"description": "check dependency licenses against rules", | ||
"version": "6.1.0", | ||
"version": "6.2.0", | ||
"author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com/)", | ||
@@ -10,2 +10,3 @@ "contributors": [ | ||
"dependencies": { | ||
"@blueoak/list": "^1.0.2", | ||
"correct-license-metadata": "^1.0.1", | ||
@@ -21,3 +22,3 @@ "docopt": "^0.6.2", | ||
"spdx-expression-validate": "^2.0.0", | ||
"spdx-satisfies": "^4.0.0" | ||
"spdx-satisfies": "^5.0.0" | ||
}, | ||
@@ -24,0 +25,0 @@ "bin": "./licensee", |
@@ -36,2 +36,14 @@ Check npm package dependency license metadata against rules. | ||
Instead of a `license` property, you can specify a minimum | ||
Blue Oak Council [license rating]---lead, bronze, silver, or | ||
gold---from which `licensee` will generate a rule: | ||
[license rating]: https://blueoakcouncil.org/license | ||
```json | ||
{ | ||
"blueOak": "bronze" | ||
} | ||
``` | ||
The `whitelist` is a map from package name to a [node-semver][semver] | ||
@@ -38,0 +50,0 @@ Semantic Versioning range. Packages whose license metadata don't match |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
33810
333
176
12
+ Added@blueoak/list@^1.0.2
+ Added@blueoak/list@1.0.2(transitive)
+ Addedspdx-satisfies@5.0.1(transitive)
- Removedspdx-satisfies@4.0.1(transitive)
Updatedspdx-satisfies@^5.0.0