normalize-package-data - npm Package Compare versions

Comparing version 2.2.1 to 2.3.0

lib/fixer.js

 var semver = require("semver")
-var spdx = require('spdx');
+var validateLicense = require('validate-npm-package-license');
 var hostedGitInfo = require("hosted-git-info")
@@ -295,8 +295,12 @@ var depTypes = ["dependencies","devDependencies","optionalDependencies"]
       return this.warn("missingLicense")
-    } else if (
-      typeof(data.license) !== 'string' ||
-      data.license.length < 1 ||
-      !spdx.valid(data.license)
-    ) {
-      this.warn("nonSPDXLicense")
+    } else{
+      if (
+        typeof(data.license) !== 'string' ||
+        data.license.length < 1
+      ) {
+        this.warn("invalidLicense")
+      } else {
+        if (!validateLicense(data.license).validForNewPackages)
+          this.warn("invalidLicense")
+      }
     }
@@ -303,0 +307,0 @@ }

lib/warning_messages.json

@@ -28,5 +28,5 @@ {
   ,"nonUrlHomepage": "homepage field must be a string url. Deleted."
-  ,"nonSPDXLicense": "license should be a valid SPDX license expression"
+  ,"invalidLicense": "license should be a valid SPDX license expression"
   ,"missingProtocolHomepage": "homepage field must start with a protocol."
   ,"typo": "%s should probably be %s."
 }

package.json

 {
   "name": "normalize-package-data",
-  "version": "2.2.1",
+  "version": "2.3.0",
   "author": "Meryn Stol <merynstol@gmail.com>",
@@ -18,3 +18,3 @@ "description": "Normalizes data that can be found in package.json files.",
     "semver": "2 || 3 || 4",
-    "spdx": "^0.4.0"
+    "validate-npm-package-license": "^2.0.0"
   },
@@ -21,0 +21,0 @@ "devDependencies": {

README.md

@@ -98,3 +98,3 @@ # normalize-package-data [![Build Status](https://travis-ci.org/npm/normalize-package-data.png?branch=master)](https://travis-ci.org/npm/normalize-package-data)
 
-The `license` field should be a valid *SDPDX license expression* string, as determined by the `spdx.valid` method. See [documentation for the spdx module](https://github.com/kemitchell/spdx.js).
+The `license` field should be a valid *SDPDX license expression* or one of the special values allowed by [validate-npm-package-license](https://npmjs.com/packages/validate-npm-package-license). See [documentation for the license field in package.json](https://docs.npmjs.com/files/package.json#license).
 
@@ -101,0 +101,0 @@ ## Credits

test/normalize.js

@@ -163,3 +163,3 @@ var tap = require("tap")
       warningMessages.missingReadme,
-      warningMessages.nonSPDXLicense]
+      warningMessages.invalidLicense]
   t.same(warnings, expect)
@@ -166,0 +166,0 @@ t.end()

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

58560

increased by0.47%

Lines of code

1594

increased by0.25%

Dependency changes

• + Addedvalidate-npm-package-license@^2.0.0

• + Addedspdx-correct@1.0.2(transitive)

• + Addedvalidate-npm-package-license@2.0.0(transitive)

• - Removedspdx@^0.4.0