Socket
Socket
Sign inDemoInstall

spdx

Package Overview
Dependencies
0
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    spdx

SPDX License Expression Syntax parser

Version published
Maintainers
1
Install size
48.3 kB
Created

Readme

Source

spdx.js

npm version SPDX License Expression Syntax version license build status

SPDX License Expression Syntax parser

Simple License Expressions

spdx.valid('Invalid-Identifier'); // => null
spdx.valid('GPL-2.0'); // => true
spdx.valid('GPL-2.0+'); // => true
spdx.valid('LicenseRef-23'); // => true
spdx.valid('LicenseRef-MIT-Style-1'); // => true

Composite License Expressions

Disjunctive OR Operator

spdx.valid('(LGPL-2.1 OR MIT)'); // => true
spdx.valid('(LGPL-2.1 OR MIT OR BSD-3-Clause)'); // => true

Conjunctive AND Operator

spdx.valid('(LGPL-2.1 AND MIT)'); // => true
spdx.valid('(LGPL-2.1 AND MIT AND BSD-2-Clause)'); // => true

Exception WITH Clause

spdx.valid('GPL-2.0+ WITH Bison-exception-2.2'); // => true
spdx.valid('(GPL-2.0+ WITH Bison-exception-2.2)'); // => true

Order of Precedence and Parentheses

spdx.valid('(LGPL-2.1 OR BSD-3-Clause AND MIT)'); // => true
spdx.valid('((LGPL-2.1+ OR BSD-3-Clause) AND MIT)'); // => true

Identifier Lists

Array.isArray(spdx.licenses); // => true
spdx.licenses.indexOf('ISC') > -1; // => true
spdx.licenses.indexOf('Apache-1.7') > -1; // => false
spdx.licenses.every(function(element) {
  return typeof element === 'string';
}); // => true

Array.isArray(spdx.exceptions); // => true
spdx.exceptions.indexOf('GCC-exception-3.1') > -1; // => true
spdx.exceptions.every(function(element) {
  return typeof element === 'string';
}); // => true

Version Metadata

typeof spdx.licenseListVersion === 'string'; // => true
typeof spdx.specificationVersion === 'string'; // => true
typeof spdx.version === 'string'; // => true

Abstract Syntax Tree

var exampleAST = {
  left: {
    left: {
      expression: {
        license: 'MIT'
      },
      exception: 'Autoconf-exception-2.0'
    },
    conjunction: 'and',
    right: {
      license: 'Apache-2.0'
    }
  },
  conjunction: 'or',
  right: {
    left: {
      license: 'LGPL-2.1'
    },
    conjunction: 'or',
    right: {
      license: 'GPL-3.0',
      plus: true
    }
  }
};

spdx.parse(
  '(' +
    '(MIT WITH Autoconf-exception-2.0 AND Apache-2.0)' +
    ' OR '+
    '(LGPL-2.1 OR GPL-3.0+)'+
  ')'
); // => exampleAST

Keywords

FAQs

Last updated on 01 May 2015

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

ESLint Approves RFC to Add Support for TypeScript Config Files

Security News

ESLint Approves RFC to Add Support for TypeScript Config Files

ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.

By Sarah Gooding  -  May 25, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc