spdx-compare
Advanced tools
The spdx-compare npm package is used to compare SPDX license identifiers. It helps in determining if two SPDX license identifiers are equivalent or if one is a subset of the other. This is particularly useful in license compliance and management scenarios.
Compare two SPDX license identifiers for equality
This feature allows you to compare two SPDX license identifiers to check if they are exactly the same. In this example, it compares 'MIT' with 'MIT' and returns true.
const spdxCompare = require('spdx-compare');
const license1 = 'MIT';
const license2 = 'MIT';
const areEqual = spdxCompare(license1, license2);
console.log(`Are the licenses equal? ${areEqual}`);Compare two SPDX license identifiers for subset relationship
This feature allows you to check if one SPDX license identifier is a subset of another. In this example, it checks if 'MIT' is a subset of 'MIT OR Apache-2.0' and returns true.
const spdxCompare = require('spdx-compare');
const license1 = 'MIT';
const license2 = 'MIT OR Apache-2.0';
const isSubset = spdxCompare.subset(license1, license2);
console.log(`Is the first license a subset of the second? ${isSubset}`);The spdx-satisfies package is used to check if a given license satisfies a given SPDX expression. It is similar to spdx-compare in that it deals with SPDX license identifiers, but it focuses more on checking if a license meets the criteria of an SPDX expression rather than direct comparison.
The spdx-correct package is used to correct common misspellings and variations of SPDX license identifiers. While spdx-compare focuses on comparing licenses, spdx-correct helps in normalizing and correcting license identifiers to their standard SPDX forms.
var assert = require('assert')
var compare = require('spdx-compare')
assert(compare.gt('GPL-3.0', 'GPL-2.0'))
assert(compare.gt('GPL-3.0-only', 'GPL-2.0-only'))
assert(compare.gt('GPL-2.0-or-later', 'GPL-2.0-only'))
assert(compare.eq('GPL-3.0-or-later', 'GPL-3.0-only'))
assert(compare.lt('MPL-1.0', 'MPL-2.0'))
assert(compare.gt('LPPL-1.3a', 'LPPL-1.0'))
assert(compare.gt('LPPL-1.3c', 'LPPL-1.3a'))
assert(!compare.gt('MIT', 'ISC'))
assert(!compare.gt('OSL-1.0', 'OPL-1.0'))
assert(compare.gt('AGPL-3.0', 'AGPL-1.0'))
assert.throws(function () {
compare.gt('(MIT OR ISC)', 'GPL-3.0')
}, '"(MIT OR ISC)" is not a simple license identifier')
FAQs
compare SPDX license expressions
We found that spdx-compare demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
Security News
Cloudflare is expanding Node.js compatibility for Workers and Pages, enabling developers to use more npm packages through a hybrid approach that combines native code and polyfills for Node.js APIs.
Security News
The Python Software Foundation has expanded its CNA scope to include the Pallets Projects, enabling faster, more reliable CVE tracking for critical frameworks used in Python applications.