validate-npm-package-license
Advanced tools
Weekly downloads
Readme
Give me a string and I'll tell you if it's a valid npm package license string.
var valid = require('validate-npm-package-license');
SPDX license identifiers are valid license strings:
var assert = require('assert');
var validSPDXExpression = {
validForNewPackages: true,
validForOldPackages: true,
spdx: true
};
assert.deepEqual(valid('MIT'), validSPDXExpression);
assert.deepEqual(valid('BSD-2-Clause'), validSPDXExpression);
assert.deepEqual(valid('Apache-2.0'), validSPDXExpression);
assert.deepEqual(valid('ISC'), validSPDXExpression);
The function will return a warning and suggestion for nearly-correct license identifiers:
assert.deepEqual(
valid('Apache 2.0'),
{
validForOldPackages: false,
validForNewPackages: false,
warnings: [
'license should be ' +
'a valid SPDX license expression (without "LicenseRef"), ' +
'"UNLICENSED", or ' +
'"SEE LICENSE IN <filename>"',
'license is similar to the valid expression "Apache-2.0"'
]
}
);
SPDX expressions are valid, too ...
// Simple SPDX license expression for dual licensing
assert.deepEqual(
valid('(GPL-3.0-only OR BSD-2-Clause)'),
validSPDXExpression
);
... except if they contain LicenseRef
:
var warningAboutLicenseRef = {
validForOldPackages: false,
validForNewPackages: false,
spdx: true,
warnings: [
'license should be ' +
'a valid SPDX license expression (without "LicenseRef"), ' +
'"UNLICENSED", or ' +
'"SEE LICENSE IN <filename>"',
]
};
assert.deepEqual(
valid('LicenseRef-Made-Up'),
warningAboutLicenseRef
);
assert.deepEqual(
valid('(MIT OR LicenseRef-Made-Up)'),
warningAboutLicenseRef
);
If you can't describe your licensing terms with standardized SPDX identifiers, put the terms in a file in the package and point users there:
assert.deepEqual(
valid('SEE LICENSE IN LICENSE.txt'),
{
validForNewPackages: true,
validForOldPackages: true,
inFile: 'LICENSE.txt'
}
);
assert.deepEqual(
valid('SEE LICENSE IN license.md'),
{
validForNewPackages: true,
validForOldPackages: true,
inFile: 'license.md'
}
);
If there aren't any licensing terms, use UNLICENSED
:
var unlicensed = {
validForNewPackages: true,
validForOldPackages: true,
unlicensed: true
};
assert.deepEqual(valid('UNLICENSED'), unlicensed);
assert.deepEqual(valid('UNLICENCED'), unlicensed);
FAQs
Give me a string and I'll tell you if it's a valid npm package license string
The npm package validate-npm-package-license receives a total of 17,240,982 weekly downloads. As such, validate-npm-package-license popularity was classified as popular.
We found that validate-npm-package-license demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.