spdx-satisfies - npm Package Compare versions

Comparing version 4.0.1 to 5.0.0

index.js

@@ -61,34 +61,2 @@ var compare = require('spdx-compare')
 
-var recurseLeftAndRight = function (first, second) {
-  var firstConjunction = first.conjunction
-  var secondConjunction = second.conjunction
-
-  if (firstConjunction === 'and' && secondConjunction === 'and') {
-    return (
-      (recurse(first.left, second.left) && recurse(first.right, second.right)) ||
-      (recurse(first.left, second.right) && recurse(first.right, second.left))
-    )
-  } else if (firstConjunction === 'and') {
-    return (
-      recurse(first.left, second) &&
-      recurse(first.right, second)
-    )
-  } else if (firstConjunction === 'or') {
-    return (
-      recurse(first.left, second) ||
-      recurse(first.right, second)
-    )
-  }
-}
-
-var recurse = function (first, second) {
-  if (first.hasOwnProperty('conjunction')) {
-    return recurseLeftAndRight(first, second)
-  } else if (second.hasOwnProperty('conjunction')) {
-    return recurseLeftAndRight(second, first)
-  } else {
-    return licensesAreCompatible(first, second)
-  }
-}
-
 function normalizeGPLIdentifiers (argument) {
@@ -104,3 +72,3 @@ var license = argument.license
     }
-  } else {
+  } else if (argument.left && argument.right) {
     argument.left = normalizeGPLIdentifiers(argument.left)
@@ -116,7 +84,58 @@ argument.right = normalizeGPLIdentifiers(argument.right)
 
-module.exports = function (first, second) {
-  return recurse(
-    normalizeGPLIdentifiers(parse(first)),
-    normalizeGPLIdentifiers(parse(second))
-  )
+function licenseString (e) {
+  if (e.hasOwnProperty('noassertion')) return 'NOASSERTION'
+  if (e.license) return `${e.license}${e.plus ? '+' : ''}${e.exception ? ` WITH ${e.exception}` : ''}`
 }
+
+// Expand the given expression into an equivalent array where each member is an array of licenses AND'd
+// together and the members are OR'd together. For example, `(MIT OR ISC) AND GPL-3.0` expands to
+// `[[GPL-3.0 AND MIT], [ISC AND MIT]]`. Note that within each array of licenses, the entries are
+// normalized (sorted) by license name.
+function expand (expression) {
+  return sort(Array.from(expandInner(expression)))
+}
+
+// Flatten the given expression into an array of all licenses mentioned in the expression.
+function flatten (expression) {
+  const expanded = Array.from(expandInner(expression))
+  const flattened = expanded.reduce(function (result, clause) {
+    return Object.assign(result, clause)
+  }, {})
+  return sort([flattened])[0]
+}
+
+function expandInner (expression) {
+  if (!expression.conjunction) return [{ [licenseString(expression)]: expression }]
+  if (expression.conjunction === 'or') return expandInner(expression.left).concat(expandInner(expression.right))
+  if (expression.conjunction === 'and') {
+    var left = expandInner(expression.left)
+    var right = expandInner(expression.right)
+    return left.reduce(function (result, l) {
+      right.forEach(function (r) { result.push(Object.assign({}, l, r)) })
+      return result
+    }, [])
+  }
+}
+
+function sort (licenseList) {
+  var sortedLicenseLists = licenseList
+    .filter(function (e) { return Object.keys(e).length })
+    .map(function (e) { return Object.keys(e).sort() })
+  return sortedLicenseLists.map(function (list, i) {
+    return list.map(function (license) { return licenseList[i][license] })
+  })
+}
+
+function isANDCompatible (one, two) {
+  return one.every(function (o) {
+    return two.some(function (t) { return licensesAreCompatible(o, t) })
+  })
+}
+
+function satisfies (first, second) {
+  var one = expand(normalizeGPLIdentifiers(parse(first)))
+  var two = flatten(normalizeGPLIdentifiers(parse(second)))
+  return one.some(function (o) { return isANDCompatible(o, two) })
+}
+
+module.exports = satisfies

package.json

 {
   "name": "spdx-satisfies",
   "description": "test whether SPDX expressions satisfy licensing criteria",
-  "version": "4.0.1",
+  "version": "5.0.0",
   "author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com)",
   "contributors": [
     "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com)",
-    "Dan Butvinik <butvinik@outlook.com>"
+    "Dan Butvinik <butvinik@outlook.com>",
+    "Jeff McAffer <jeffmcaffer@gmail.com>"
   ],
@@ -10,0 +11,0 @@ "dependencies": {

README.md

@@ -31,4 +31,6 @@ ```javascript
 assert(satisfies('MIT AND GPL-2.0 AND ISC', 'MIT AND GPL-2.0 AND ISC'))
+assert(satisfies('MIT AND GPL-2.0 AND ISC', 'ISC AND GPL-2.0 AND MIT'))
 assert(satisfies('(MIT OR GPL-2.0) AND ISC', 'MIT AND ISC'))
 assert(satisfies('MIT AND ISC', '(MIT OR GPL-2.0) AND ISC'))
+assert(satisfies('MIT AND ISC', '(MIT AND GPL-2.0) OR ISC'))
 assert(satisfies('(MIT OR Apache-2.0) AND (ISC OR GPL-2.0)', 'Apache-2.0 AND ISC'))
@@ -38,2 +40,4 @@ assert(satisfies('(MIT OR Apache-2.0) AND (ISC OR GPL-2.0)', 'Apache-2.0 OR ISC'))
 assert(satisfies('(MIT AND GPL-2.0)', '(GPL-2.0 AND MIT)'))
+assert(satisfies('MIT', '(GPL-2.0 OR MIT) AND (MIT OR ISC)'))
+assert(satisfies('MIT AND ICU', '(MIT AND GPL-2.0) OR (ISC AND (Apache-2.0 OR ICU))'))
 assert(!satisfies('(MIT AND GPL-2.0)', '(ISC OR GPL-2.0)'))
@@ -40,0 +44,0 @@ assert(!satisfies('MIT AND (GPL-2.0 OR ISC)', 'MIT'))

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

124

increased by13.76%

Number of lines in readme file

45

increased by9.76%

Worsened metrics

Total package byte prevSize

8163

decreased by-32.2%

Number of package files

4

decreased by-20%

No dependency changes