spdx-expression-parse
Advanced tools
Package description
The spdx-expression-parse npm package is designed to parse SPDX license expressions. SPDX (Software Package Data Exchange) is a standard format for communicating the licensing information of software packages. This package helps in parsing and validating the syntax of SPDX expressions, making it easier to handle complex licensing scenarios programmatically.
Parsing SPDX expressions
This feature allows the parsing of SPDX license expressions into a structured format. The code sample demonstrates how to parse a simple SPDX expression that includes an OR operator, indicating dual licensing options.
const parse = require('spdx-expression-parse');
const expression = 'MIT OR Apache-2.0';
const parsedExpression = parse(expression);
console.log(parsedExpression);Handling complex SPDX expressions
This feature supports the parsing of more complex SPDX expressions, including nested groups and exceptions. The code sample shows how to parse an expression that combines multiple licenses with logical AND and an exception clause.
const parse = require('spdx-expression-parse');
const complexExpression = '(MIT OR Apache-2.0) AND (GPL-2.0+ WITH Classpath-exception-2.0)';
const parsedComplexExpression = parse(complexExpression);
console.log(parsedComplexExpression);The spdx-correct package is designed to help correct invalid SPDX license identifiers to their nearest valid SPDX license ID. While spdx-expression-parse focuses on parsing expressions, spdx-correct focuses on correcting individual license identifiers, making them complementary in handling SPDX data.
This package provides a list of all valid SPDX license identifiers. Unlike spdx-expression-parse, which parses complex expressions, spdx-license-ids is useful for validation or enumeration of SPDX licenses without parsing capabilities.
Readme
var parse = require('spdx-expression-parse')
var assert = require('assert')
assert.deepEqual(
parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
{
left: {license: 'LGPL-2.1'},
conjunction: 'or',
right: {
left: {license: 'BSD-3-Clause'},
conjunction: 'and',
right: {license: 'MIT'}
}
}
)
assert.deepEqual(
parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
{
left: {license: 'MIT'},
conjunction: 'and',
right: {
left: {license: 'LGPL-2.1', plus: true},
conjunction: 'and',
right: {license: 'BSD-3-Clause'}
}
}
)
// We handle all the bare SPDX license and exception ids as well.
require('spdx-license-ids').forEach(function (id) {
assert.deepEqual(parse(id), {license: id})
require('spdx-exceptions').forEach(function (e) {
assert.deepEqual(
parse(id + ' WITH ' + e),
{license: id, exception: e}
)
})
})
The Software Package Data Exchange (SPDX) specification is the work of the Linux Foundation and its contributors, and is licensed under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation.
FAQs
parse SPDX license expressions
We found that spdx-expression-parse demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.