Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

spdx-whitelisted

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

spdx-whitelisted

test whether SPDX expressions satisfy license whitelists

  • 1.0.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
22K
decreased by-23.09%
Maintainers
1
Weekly downloads
 
Created
Source

This package was forked from version 5.0.0 of spdx-satisfies.

var assert = require('assert')
var whitelisted = require('spdx-whitelisted')

This package exports a single function of two arguments:

  1. an Object representing an SPDX expression

  2. an Array of Objects, each in the form of a leaf in an SPDX expression data structure

assert(
  whitelisted(
    {license: 'MIT'},
    [{license: 'MIT'}]
  )
)

The schema for SPDX expression data structures is the same returned by spdx-expression-parse.

var parse = require('spdx-expression-parse')

assert(whitelisted(
  parse('MIT'),
  [parse('ISC'), parse('MIT')]
))

assert(whitelisted(
  {license: 'Zlib'},
  [
    {license: 'ISC'},
    {license: 'MIT'},
    {license: 'Zlib'}
  ]
))

assert(!whitelisted(
  {license: 'GPL-3.0'},
  [
    {license: 'ISC'},
    {license: 'MIT'}
  ]
))


assert(whitelisted(
  {license: 'GPL-2.0'},
  [{license: 'GPL-2.0', plus: true}]
))

assert(whitelisted(
  {license: 'GPL-3.0'},
  [{license: 'GPL-2.0', plus: true}]
))

assert(whitelisted(
  {license: 'GPL-1.0', plus: true},
  [{license: 'GPL-2.0', plus: true}]
))

assert(!whitelisted(
  {license: 'GPL-1.0'},
  [{license: 'GPL-2.0', plus: true}]
))

assert(whitelisted(
  {license: 'GPL-2.0-only'},
  [{license: 'GPL-2.0-only'}]
))

assert(whitelisted(
  {license: 'GPL-3.0-only'},
  [{license: 'GPL-2.0', plus: true}]
))

assert(!whitelisted(
  {license: 'GPL-2.0'},
  [
    {
      license: 'GPL-2.0',
      plus: true,
      exception: 'Bison-exception-2.2'
    }
  ]
))

assert(whitelisted(
  {
    license: 'GPL-3.0',
    exception: 'Bison-exception-2.2'
  },
  [
    {
      license: 'GPL-2.0',
      plus: true,
      exception: 'Bison-exception-2.2'
    }
  ]
))

assert(whitelisted(
  // (MIT OR GPL-2.0)
  {
    left: {license: 'MIT'},
    conjunction: 'or',
    right: {license: 'GPL-2.0'}
  },
  [
    {license: 'ISC'},
    {license: 'MIT'}
  ]
))

assert(whitelisted(
  // ((MIT OR Apache-2.0) AND (ISC OR GPL-2.0))
  {
    left: {
      left: {license: 'MIT'},
      conjunction: 'or',
      right: {license: 'Apache-2.0'}
    },
    conjunction: 'and',
    right: {
      left: {license: 'ISC'},
      conjunction: 'or',
      right: {license: 'GPL-2.0'}
    }
  },
  [
    {license: 'Apache-2.0'},
    {license: 'ISC'}
  ]
))

assert(whitelisted(
  // (MIT AND GPL-2.0)
  {
    left: {license: 'MIT'},
    conjunction: 'and',
    right: {license: 'GPL-2.0'}
  },
  [
    {license: 'MIT'},
    {license: 'GPL-2.0'}
  ]
))

assert(!whitelisted(
  // (MIT AND GPL-2.0)
  {
    left: {license: 'MIT'},
    conjunction: 'and',
    right: {license: 'GPL-2.0'}
  },
  [
    {license: 'ISC'},
    {license: 'GPL-2.0'}
  ]
))

assert(!whitelisted(
  // (MIT AND (GPL-2.0 OR ISC))
  {
    left: {license: 'MIT'},
    conjunction: 'and',
    right: {
      left: {license: 'GPL-2.0'},
      conjunction: 'or',
      right: {license: 'ISC'}
    }
  },
  [{license: 'MIT'}]
))

assert(!whitelisted(
  // (MIT OR Apache-2.0) AND (ISC OR GPL-2.0)
  {
    left: {
      left: {license: 'MIT'},
      conjunction: 'or',
      right: {license: 'Apache-2.0'}
    },
    conjunction: 'and',
    right: {
      left: {license: 'ISC'},
      conjunction: 'or',
      right: {license: 'GPL-2.0'}
    }
  },
  [{license: 'MIT'}]
))

The exported function does a few naive type checks on arguments. Do not rely on it for rigorous validation.

assert.throws(function () {
  whitelisted('MIT', [parse('MIT')])
}, /first argument/)

assert.throws(function () {
  whitelisted({invalid: 'AST'}, [parse('MIT')])
}, /first argument/)

assert.throws(function () {
  whitelisted(parse('MIT'), parse('MIT'))
}, /second argument/)

assert.throws(function () {
  whitelisted(parse('MIT'), parse('MIT'))
}, /second argument/)

assert.throws(function () {
  whitelisted(parse('MIT'), [{invalid: 'leaf'}])
}, /second argument/)

Keywords

FAQs

Package last updated on 28 Mar 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

GitHub Removes Malicious Pull Requests Targeting Open Source Repositories

Security News

GitHub Removes Malicious Pull Requests Targeting Open Source Repositories

GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.

By Sarah Gooding  -  Nov 13, 2024
RubyGems.org Adds New Maintainer Role

Security News

RubyGems.org Adds New Maintainer Role

RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.

By Sarah Gooding  -  Nov 12, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc