spdx-expression-parse - npm Package Compare versions

spdx-expression-parse

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.0.0 to 2.0.1

package.json

		{
		"name": "spdx-expression-parse",
		"description": "parse SPDX license expressions",
		"version": "2.0.0",
		"version": "2.0.1",
		"author": "Kyle E. Mitchell <kyle@kemitchell.com> (http://kemitchell.com)",
		@@ -32,3 +32,3 @@ "files": [
		],
		"license": "(MIT AND CC-BY-3.0)",
		"license": "MIT",
		"repository": "jslicense/spdx-expression-parse.js",
		@@ -35,0 +35,0 @@ "scripts": {

parser.js

		@@ -78,3 +78,3 @@ /* parser generated by jison 0.4.17 */
		yy: {},
		symbols_: {"error":2,"start":3,"expression":4,"EOS":5,"simpleExpression":6,"LICENSE":7,"PLUS":8,"LICENSEREF":9,"DOCUMENTREF":10,"COLON":11,"WITH":12,"EXCEPTION":13,"AND":14,"OR":15,"OPEN":16,"CLOSE":17,"$accept":0,"$end":1},
		symbols_: {"error":2,"start":3,"expression":4,"EOS":5,"license":6,"LICENSE":7,"PLUS":8,"LICENSEREF":9,"DOCUMENTREF":10,"COLON":11,"WITH":12,"EXCEPTION":13,"AND":14,"OR":15,"OPEN":16,"CLOSE":17,"$accept":0,"$end":1},
		terminals_: {2:"error",5:"EOS",7:"LICENSE",8:"PLUS",9:"LICENSEREF",10:"DOCUMENTREF",11:"COLON",12:"WITH",13:"EXCEPTION",14:"AND",15:"OR",16:"OPEN",17:"CLOSE"},
		@@ -100,7 +100,3 @@ productions_: [0,[3,2],[6,1],[6,2],[6,1],[6,3],[4,1],[4,3],[4,3],[4,3],[4,3]],
		case 7:
		this.$ = {exception: $$[$0]}
		this.$.license = $$[$0-2].license
		if ($$[$0-2].hasOwnProperty('plus')) {
		this.$.plus = $$[$0-2].plus
		}
		this.$ = {exception: $$[$0]}; this.$.license = $$[$0-2].license; if ($$[$0-2].hasOwnProperty('plus')) { this.$.plus = $$[$0-2].plus }
		break;
		@@ -107,0 +103,0 @@ case 8:

README.md

		@@ -22,4 +22,5 @@ This package parses SPDX license expression strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.
		assert.deepEqual(
		// Dual licensed under LGPL 2.1 or a combination of the Three-Clause
		// BSD License and the MIT License.
		// Dual licensed under either:
		// - LGPL 2.1
		// - a combination of Three-Clause BSD and MIT
		parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
		@@ -42,3 +43,3 @@ {

		1. The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions. The [spdx-license-ids](https://www.npmjs.com/package/spdx-exceptions) and [spdx-exceptions](https://www.npmjs.com/package/spdx-license-ids) packages implement the license list. They are dependencies of this package.
		1. The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions. The [spdx-license-ids](https://www.npmjs.com/package/spdx-exceptions) and [spdx-exceptions](https://www.npmjs.com/package/spdx-license-ids) packages implement the license list. `spdx-expression-parse` depends on and `require()`s them.

		@@ -66,8 +67,11 @@ Any license identifier from the license list is a valid license expression:

		2. The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0. This package implements the license expression language.
		2. The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0. `spdx-expression-parse` itself implements license expression language, exporting a parser.

		```javascript
		assert.deepEqual(
		// Licensed under a combination of the MIT License and a combination
		// of LGPL 2.1 (or a later version) and the Three-Clause BSD License.
		// Licensed under a combination of:
		// - the MIT License AND
		// - a combination of:
		// - LGPL 2.1 (or a later version) AND
		// - Three-Clause BSD
		parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
		@@ -74,0 +78,0 @@ {

scanner.js

		@@ -44,5 +44,6 @@ var ids = require('spdx-license-ids')
		// non-space characters and building tokens.
		var characterBuffer
		var startedBuffering
		resetBuffer()
		var tokens = []
		var characterBuffer = ''
		var startedBuffering = null
		var length = argument.length
		@@ -78,2 +79,7 @@ for (var offset = 0; offset < length; offset++) {

		function resetBuffer () {
		characterBuffer = ''
		startedBuffering = null
		}

		function pushBuffered () {
		@@ -88,5 +94,3 @@ if (characterBuffer) {
		})
		// Reset the buffer.
		characterBuffer = ''
		startedBuffering = null
		resetBuffer()
		}
		@@ -100,7 +104,7 @@ }
		} else if (string === 'AND') {
		return string
		return 'AND'
		} else if (string === 'OR') {
		return string
		return 'OR'
		} else if (string === 'WITH') {
		return string
		return 'WITH'
		} else if (exceptions.indexOf(string) !== -1) {
		@@ -116,6 +120,6 @@ return 'EXCEPTION'
		return 'CLOSE'
		} else if (string === '+') {
		return 'PLUS'
		} else if (string === ':') {
		return 'COLON'
		} else if (string === '+') {
		return 'PLUS'
		} else {
		@@ -122,0 +126,0 @@ throw new Error('Invalid input at offset ' + start)

Fixed alerts

Improved metrics

Worsened metrics