Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

spdx

Package Overview
Dependencies
Maintainers
2
Versions
13
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

spdx

SPDX License Expression Syntax parser

  • 0.5.2
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
2
Created
Source

Use Other Packages

Development on spdx.js has moved to separate, smaller packages.

spdx-expression-parse and spdx-satisfies are direct successors to spdx.js.

You may also be interested in spdx-compare, spdx-correct, and other packages on the npm public registry. kemitchell writes a lot of them.


var spdx = require('spdx')

Simple License Expressions

var assert = require('assert')
assert(spdx.valid('Invalid-Identifier') === null)
assert(spdx.valid('GPL-2.0'))
assert(spdx.valid('GPL-2.0+'))
assert(spdx.valid('LicenseRef-23'))
assert(spdx.valid('LicenseRef-MIT-Style-1'))
assert(spdx.valid('DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2'))

Composite License Expressions

Disjunctive OR Operator

assert(spdx.valid('(LGPL-2.1 OR MIT)'))
assert(spdx.valid('(LGPL-2.1 OR MIT OR BSD-3-Clause)'))

Conjunctive AND Operator

assert(spdx.valid('(LGPL-2.1 AND MIT)'))
assert(spdx.valid('(LGPL-2.1 AND MIT AND BSD-2-Clause)'))

Exception WITH Operator

assert(spdx.valid('(GPL-2.0+ WITH Bison-exception-2.2)'))

Order of Precedence and Parentheses

assert.deepEqual(
  spdx.parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
  { left: { license: 'LGPL-2.1' },
    conjunction: 'or',
    right: {
      left: { license: 'BSD-3-Clause' },
      conjunction: 'and',
      right: { license: 'MIT' } } })

assert.deepEqual(
  spdx.parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
  { left: { license: 'MIT' },
    conjunction: 'and',
    right: {
      left: {
        license: 'LGPL-2.1',
        plus: true },
      conjunction: 'and',
      right: { license: 'BSD-3-Clause' } } })

Strict Whitespace Rules

assert(!spdx.valid('MIT '))
assert(!spdx.valid(' MIT'))
assert(!spdx.valid('MIT  AND  BSD-3-Clause'))

Identifier Lists

assert(Array.isArray(spdx.licenses))
assert(spdx.licenses.indexOf('ISC') > -1)
assert(spdx.licenses.indexOf('Apache-1.7') < 0)
assert(spdx.licenses.every(function(element) {
  return typeof element === 'string' }))

assert(Array.isArray(spdx.exceptions))
assert(spdx.exceptions.indexOf('GCC-exception-3.1') > -1)
assert(spdx.exceptions.every(function(element) {
  return typeof element === 'string' }))

The Specification

assert.equal(spdx.specificationVersion, '2.0')

The Software Package Data Exchange (SPDX) specification is the work of the Linux Foundation and its contributors, and is licensed under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation.

Keywords

FAQs

Package last updated on 06 Aug 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc