Big update!Introducing GitHub Bot Commands. Learn more
Socket
Log inBook a demo

validate-npm-package-license

Package Overview
Dependencies
2
Maintainers
1
Versions
10
Issues
File Explorer

Advanced tools

validate-npm-package-license

Give me a string and I'll tell you if it's a valid npm package license string

    3.0.4latest

Version published
Maintainers
1
Weekly downloads
20,165,651
increased by1.46%

Weekly downloads

Readme

Source

validate-npm-package-license

Give me a string and I'll tell you if it's a valid npm package license string.

var valid = require('validate-npm-package-license');

SPDX license identifiers are valid license strings:

var assert = require('assert'); var validSPDXExpression = { validForNewPackages: true, validForOldPackages: true, spdx: true }; assert.deepEqual(valid('MIT'), validSPDXExpression); assert.deepEqual(valid('BSD-2-Clause'), validSPDXExpression); assert.deepEqual(valid('Apache-2.0'), validSPDXExpression); assert.deepEqual(valid('ISC'), validSPDXExpression);

The function will return a warning and suggestion for nearly-correct license identifiers:

assert.deepEqual( valid('Apache 2.0'), { validForOldPackages: false, validForNewPackages: false, warnings: [ 'license should be ' + 'a valid SPDX license expression (without "LicenseRef"), ' + '"UNLICENSED", or ' + '"SEE LICENSE IN <filename>"', 'license is similar to the valid expression "Apache-2.0"' ] } );

SPDX expressions are valid, too ...

// Simple SPDX license expression for dual licensing assert.deepEqual( valid('(GPL-3.0-only OR BSD-2-Clause)'), validSPDXExpression );

... except if they contain LicenseRef:

var warningAboutLicenseRef = { validForOldPackages: false, validForNewPackages: false, spdx: true, warnings: [ 'license should be ' + 'a valid SPDX license expression (without "LicenseRef"), ' + '"UNLICENSED", or ' + '"SEE LICENSE IN <filename>"', ] }; assert.deepEqual( valid('LicenseRef-Made-Up'), warningAboutLicenseRef ); assert.deepEqual( valid('(MIT OR LicenseRef-Made-Up)'), warningAboutLicenseRef );

If you can't describe your licensing terms with standardized SPDX identifiers, put the terms in a file in the package and point users there:

assert.deepEqual( valid('SEE LICENSE IN LICENSE.txt'), { validForNewPackages: true, validForOldPackages: true, inFile: 'LICENSE.txt' } ); assert.deepEqual( valid('SEE LICENSE IN license.md'), { validForNewPackages: true, validForOldPackages: true, inFile: 'license.md' } );

If there aren't any licensing terms, use UNLICENSED:

var unlicensed = { validForNewPackages: true, validForOldPackages: true, unlicensed: true }; assert.deepEqual(valid('UNLICENSED'), unlicensed); assert.deepEqual(valid('UNLICENCED'), unlicensed);

Keywords

FAQs

What is validate-npm-package-license?

Give me a string and I'll tell you if it's a valid npm package license string

Is validate-npm-package-license popular?

The npm package validate-npm-package-license receives a total of 17,502,286 weekly downloads. As such, validate-npm-package-license popularity was classified as popular.

Is validate-npm-package-license well maintained?

We found that validate-npm-package-license demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.It has 1 open source maintainer collaborating on the project.

Last updated on 05 Aug 2018

Did you know?

Socket installs a Github app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.

Install Socket
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc