kemitchell

motet-a

spdx-expression-parse

  "description": "parse SPDX license expressions",

  "author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com)",

  "repository": "jslicense/spdx-expression-parse.js",

    "test:readme": "defence -i javascript README.md | replace-require-self | node",

    "test": "npm run test:suite && npm run test:readme"

This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects.  The npm command-line interface depends on this package, as do many automatic license-audit tools.

var parse = require('spdx-expression-parse')

  // Licensed under the terms of the Two-Clause BSD License.

  // - a combination of Three-Clause BSD and MIT

  parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),

The syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms.  SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.

The bulk of the SPDX standard describes syntax and semantics of XML metadata files.  This package implements two lightweight, plain-text components of that larger standard:

1.  The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions.  The [spdx-license-ids](https://www.npmjs.com/package/spdx-license-ids) and [spdx-exceptions](https://www.npmjs.com/package/spdx-exceptions) packages implement the license list.  `spdx-expression-parse` depends on and `require()`s them.

    Any license identifier from the license list is a valid license expression:

      .concat(require('spdx-license-ids'))

      .concat(require('spdx-license-ids/deprecated'))

      .filter(function (id) { return id[id.length - 1] !== '+' })

      assert.deepEqual(parse(id), {license: id})

    So is any license identifier `WITH` a standardized license exception:

      require('spdx-exceptions').forEach(function (e) {

2.  The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0.  `spdx-expression-parse` itself implements license expression language, exporting a parser.

      // Licensed under a combination of:

      //   - LGPL 2.1 (or a later version) AND

      parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),

          left: {license: 'LGPL-2.1', plus: true},

          right: {license: 'BSD-3-Clause'}

This package differs slightly from the SPDX standard in allowing lower- and mixed-case `AND`, `OR`, and `WITH` operators:

  { left: { license: 'MIT' }, conjunction: 'or', right: { license: 'BSD-2-Clause' } }

  parse('GPL-2.0 with GCC-exception-2.0'),

  { license: 'GPL-2.0', exception: 'GCC-exception-2.0' }

The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0).  "SPDX" is a United States federally registered trademark of the Linux Foundation.  The authors of this package license their work under the terms of the MIT License.

  .concat(require('spdx-license-ids/deprecated'))

var exceptions = require('spdx-exceptions')

  // `value` can be a regexp or a string.

  // If it is recognized, the matching source string is returned and

  // the index is incremented. Otherwise `undefined` is returned.

      if (source.indexOf(value, index) === index) {

    var possibilities = ['WITH', 'AND', 'OR', '(', ')', ':', '+']

    var possibilities = [/^WITH/i, /^AND/i, /^OR/i, '(', ')', ':', '+']

    for (var i = 0; i < possibilities.length; i++) {

    if (string === '+' && index > 1 && source[index - 2] === ' ') {

      throw new Error('Space before `+`')

      throw new Error('Expected idstring at offset ' + index)

      return { type: 'DOCUMENTREF', string: string }

      return { type: 'LICENSEREF', string: string }

    if (licenses.indexOf(string) !== -1) {

    } else if (exceptions.indexOf(string) !== -1) {

  // Tries to read the next token. Returns `undefined` if no token is

      throw new Error('Unexpected `' + source[index] +

                      '` at offset ' + index)

		{
		"name": "spdx-expression-parse",
		"description": "parse SPDX license expressions",
		"version": "3.0.1",
		"version": "4.0.0",
		"author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com)",
		@@ -6,0 +6,0 @@ "files": [

		@@ -40,3 +40,3 @@ 'use strict'
		var string
		var possibilities = ['WITH', 'AND', 'OR', '(', ')', ':', '+']
		var possibilities = [/^WITH/i, /^AND/i, /^OR/i, '(', ')', ':', '+']
		for (var i = 0; i < possibilities.length; i++) {
		@@ -55,3 +55,3 @@ string = read(possibilities[i])
		type: 'OPERATOR',
		string: string
		string: string.toUpperCase()
		}
		@@ -58,0 +58,0 @@ }

		@@ -50,2 +50,3 @@ This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.
		.concat(require('spdx-license-ids/deprecated'))
		.filter(function (id) { return id[id.length - 1] !== '+' })

		@@ -92,2 +93,15 @@ identifiers.forEach(function (id) {

		This package differs slightly from the SPDX standard in allowing lower- and mixed-case `AND`, `OR`, and `WITH` operators:

		```javascript
		assert.deepEqual(
		parse('MIT or BSD-2-Clause'),
		{ left: { license: 'MIT' }, conjunction: 'or', right: { license: 'BSD-2-Clause' } }
		)
		assert.deepEqual(
		parse('GPL-2.0 with GCC-exception-2.0'),
		{ license: 'GPL-2.0', exception: 'GCC-exception-2.0' }
		)
		```

		The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.

Improved metrics