spdx-satisfies
Advanced tools
The spdx-satisfies npm package is used to determine if a given SPDX license expression satisfies another SPDX license expression. This is particularly useful for license compliance checks in software projects.
Check if a license satisfies another license
This feature allows you to check if one license satisfies another license. In this example, the MIT license satisfies the 'MIT OR Apache-2.0' license expression.
const spdxSatisfies = require('spdx-satisfies');
const license1 = 'MIT';
const license2 = 'MIT OR Apache-2.0';
const result = spdxSatisfies(license1, license2);
console.log(result); // trueCheck if a complex license expression satisfies another
This feature allows you to check if a complex license expression satisfies another complex license expression. In this example, the '(MIT AND Apache-2.0)' license expression satisfies the '(MIT AND Apache-2.0) OR GPL-3.0' license expression.
const spdxSatisfies = require('spdx-satisfies');
const license1 = '(MIT AND Apache-2.0)';
const license2 = '(MIT AND Apache-2.0) OR GPL-3.0';
const result = spdxSatisfies(license1, license2);
console.log(result); // trueThe spdx-expression-validate package is used to validate SPDX license expressions. While it does not check if one license satisfies another, it ensures that the license expressions are valid according to the SPDX specification.
The spdx-correct package is used to correct common mistakes in SPDX license expressions. It helps in ensuring that the license expressions are correctly formatted but does not provide functionality to check if one license satisfies another.
The spdx-license-ids package provides a list of all valid SPDX license identifiers. It is useful for validating and listing license identifiers but does not offer the functionality to check if one license satisfies another.
Test whether SPDX expressions satisfy given licensing criteria
FAQs
test whether SPDX expressions satisfy licensing criteria
The npm package spdx-satisfies receives a total of 306,287 weekly downloads. As such, spdx-satisfies popularity was classified as popular.
We found that spdx-satisfies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.