licensee - npm Package Compare versions

Comparing version 6.1.0 to 6.2.0

index.js

 module.exports = licensee
 
+var blueOakList = require('@blueoak/list')
 var correctLicenseMetadata = require('correct-license-metadata')
@@ -16,4 +17,11 @@ var licenseSatisfies = require('spdx-satisfies')
   if (!validConfiguration(configuration)) {
-    callback(new Error('Invalid configuration'))
-  } else if (!validSPDX(configuration.license)) {
+    return callback(new Error('Invalid configuration'))
+  }
+  if (configuration.license) {
+    configuration.rule = configuration.license
+  } else {
+    configuration.rule = licenseRuleFromBlueOak(configuration.blueOak)
+  }
+  if (!validSPDX(configuration.rule)) {
+    console.log(configuration.rule)
     callback(new Error('Invalid license expression'))
@@ -122,19 +130,37 @@ } else {
     isObject(configuration) &&
-    // Validate `license` property.
-    configuration.hasOwnProperty('license') &&
-    isString(configuration.license) &&
-    configuration.license.length > 0 && (
-      configuration.hasOwnProperty('whitelist')
-        ? (
-          // Validate `whitelist` property.
-          isObject(configuration.whitelist) &&
-          Object.keys(configuration.whitelist)
-            .every(function (key) {
-              return isString(configuration.whitelist[key])
-            })
-        ) : true
-    )
+    XOR(
+      configuration.license,
+      configuration.blueOak
+    ),
+    XOR(
+      ( // Validate `license` property.
+        configuration.hasOwnProperty('license') &&
+        isString(configuration.license) &&
+        configuration.license.length > 0
+      ),
+      ( // Validate Blue Oak rating.
+        configuration.hasOwnProperty('blueOak') &&
+        isString(configuration.blueOak) &&
+        configuration.blueOak.length > 0 &&
+        blueOakList.some(function (element) {
+          return element.name === configuration.blueOak.toLowerCase()
+        })
+      )
+    ) &&
+    configuration.hasOwnProperty('whitelist')
+      ? (
+        // Validate `whitelist` property.
+        isObject(configuration.whitelist) &&
+        Object.keys(configuration.whitelist)
+          .every(function (key) {
+            return isString(configuration.whitelist[key])
+          })
+      ) : true
   )
 }
 
+function XOR (a, b) {
+  return (a || b) && !(a && b)
+}
+
 function isObject (argument) {
@@ -193,3 +219,3 @@ return typeof argument === 'object'
 function resultForPackage (configuration, tree) {
-  var licenseExpression = configuration.license
+  var rule = configuration.rule
   var whitelist = configuration.whitelist || {}
@@ -277,8 +303,8 @@ var result = {
   var matchesRule = (
-    licenseExpression &&
-    validSPDX(licenseExpression) &&
+    rule &&
+    validSPDX(rule) &&
     result.license &&
     typeof result.license === 'string' &&
     validSPDX(result.license) &&
-    licenseSatisfies(result.license, licenseExpression)
+    licenseSatisfies(result.license, rule)
   )
@@ -322,1 +348,15 @@ if (matchesRule) {
 }
+
+function licenseRuleFromBlueOak (rating) {
+  rating = rating.toLowerCase()
+  var ids = []
+  for (var index = 0; index < blueOakList.length; index++) {
+    var element = blueOakList[index]
+    if (element.name.toLowerCase() === 'model') continue
+    element.licenses.forEach(function (license) {
+      if (validSPDX(license.id)) ids.push(license.id)
+    })
+    if (rating === element.name) break
+  }
+  return '(' + ids.join(' OR ') + ')'
+}

package.json

 {
   "name": "licensee",
   "description": "check dependency licenses against rules",
-  "version": "6.1.0",
+  "version": "6.2.0",
   "author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com/)",
@@ -10,2 +10,3 @@ "contributors": [
   "dependencies": {
+    "@blueoak/list": "^1.0.2",
     "correct-license-metadata": "^1.0.1",
@@ -21,3 +22,3 @@ "docopt": "^0.6.2",
     "spdx-expression-validate": "^2.0.0",
-    "spdx-satisfies": "^4.0.0"
+    "spdx-satisfies": "^5.0.0"
   },
@@ -24,0 +25,0 @@ "bin": "./licensee",

README.md

@@ -36,2 +36,14 @@ Check npm package dependency license metadata against rules.
 
+Instead of a `license` property, you can specify a minimum
+Blue Oak Council [license rating]---lead, bronze, silver, or
+gold---from which `licensee` will generate a rule:
+
+[license rating]: https://blueoakcouncil.org/license
+
+```json
+{
+  "blueOak": "bronze"
+}
+```
+
 The `whitelist` is a map from package name to a [node-semver][semver]
@@ -38,0 +50,0 @@ Semantic Versioning range. Packages whose license metadata don't match

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33810

increased by4.79%

Lines of code

333

increased by12.88%

Number of lines in readme file

176

increased by7.32%

Worsened metrics

Dependency count

12

increased by9.09%

Dependency changes

• + Added@blueoak/list@^1.0.2

• + Added@blueoak/list@1.0.2(transitive)

• + Addedspdx-satisfies@5.0.1(transitive)

• - Removedspdx-satisfies@4.0.1(transitive)

• Updatedspdx-satisfies@^5.0.0