validate-npm-package-license
Advanced tools
validate-npm-package-license - npm Package Compare versions
Comparing version 1.0.0 to 2.0.0
80
index.js
| var spdx = require('spdx'); | ||
| var correct = require('spdx-correct'); | ||
| var validResult = { | ||
| validForNewPackages: true, | ||
| validForOldPackages: true | ||
| }; | ||
| var genericWarning = ( | ||
| 'license should be ' + | ||
| 'a valid SPDX license expression without "LicenseRef", ' + | ||
| '"UNLICENSED", or ' + | ||
| '"SEE LICENSE IN <filename>"' | ||
| ); | ||
| var fileReferenceRE = /^SEE LICEN[CS]E IN (.+)$/; | ||
| function startsWith(prefix, string) { | ||
| return string.slice(0, prefix.length) === prefix; | ||
| } | ||
| function usesLicenseRef(ast) { | ||
| if (ast.hasOwnProperty('license')) { | ||
| var license = ast.license; | ||
| return ( | ||
| startsWith('LicenseRef', license) || | ||
| startsWith('DocumentRef', license) | ||
| ); | ||
| } else { | ||
| return ( | ||
| usesLicenseRef(ast.left) || | ||
| usesLicenseRef(ast.right) | ||
| ); | ||
| } | ||
| } | ||
| module.exports = function(argument) { | ||
| if (spdx.valid(argument)) { | ||
| return { | ||
| validForNewPackages: true, | ||
| validForOldPackages: true | ||
| }; | ||
| } else { | ||
| var warnings = [ | ||
| 'license should be a valid SPDX license expression' | ||
| ]; | ||
| var corrected = correct(argument); | ||
| if (corrected) { | ||
| warnings.push( | ||
| 'license is similar to the valid expression "' + corrected + '"' | ||
| ); | ||
| var ast; | ||
| try { | ||
| ast = spdx.parse(argument); | ||
| } catch (e) { | ||
| if ( | ||
| argument === 'UNLICENSED' || | ||
| argument === 'UNLICENCED' || | ||
| fileReferenceRE.test(argument) | ||
| ) { | ||
| return validResult; | ||
| } else { | ||
| var result = { | ||
| validForOldPackages: false, | ||
| validForNewPackages: false, | ||
| warnings: [genericWarning] | ||
| }; | ||
| var corrected = correct(argument); | ||
| if (corrected) { | ||
| result.warnings.push( | ||
| 'license is similar to the valid expression "' + corrected + '"' | ||
| ); | ||
| } | ||
| return result; | ||
| } | ||
| } | ||
| if (usesLicenseRef(ast)) { | ||
| return { | ||
| validForNewPackages: false, | ||
| validForOldPackages: false, | ||
| validForNewPackages: false, | ||
| warnings: warnings | ||
| warnings: [genericWarning] | ||
| }; | ||
| } else { | ||
| return validResult; | ||
| } | ||
| }; |
| { | ||
| "name": "validate-npm-package-license", | ||
| "description": "Give me a string and I'll tell you if it's a valid npm package license string", | ||
| "version": "1.0.0", | ||
| "version": "2.0.0", | ||
| "author": { | ||
@@ -6,0 +6,0 @@ "name": "Kyle E. Mitchell", |
@@ -9,3 +9,3 @@ validate-npm-package-license | ||
| ```js | ||
| var validResult = { | ||
| var noWarnings = { | ||
| validForNewPackages: true, | ||
@@ -15,15 +15,49 @@ validForOldPackages: true | ||
| valid('Apache-2.0'); // => validResult | ||
| valid('(GPL-3.0 OR BSD-2-Clause)'); // => validResult | ||
| // SPDX license identifier for common open-source licenses | ||
| valid('MIT'); // => noWarnings | ||
| valid('BSD-2-Clause'); // => noWarnings | ||
| valid('Apache-2.0'); // => noWarnings | ||
| valid('ISC'); // => noWarnings | ||
| var invalidResult = { | ||
| // Simple SPDX license expression for dual licensing | ||
| valid('(GPL-3.0 OR BSD-2-Clause)'); // => noWarnings | ||
| // Refer to a non-standard license found in the package | ||
| valid('SEE LICENSE IN LICENSE.txt'); // => noWarnings | ||
| valid('SEE LICENSE IN license.md'); // => noWarnings | ||
| // No license | ||
| valid('UNLICENSED'); // => noWarnings | ||
| valid('UNLICENCED'); // => noWarnings | ||
| var warningsWithSuggestion = { | ||
| validForOldPackages: false, | ||
| validForNewPackages: false, | ||
| warnings: [ | ||
| 'license should be a valid SPDX license expression', | ||
| 'license is similar to the valid expression "Apache-2.0"' | ||
| 'license should be ' + | ||
| 'a valid SPDX license expression without "LicenseRef", ' + | ||
| '"UNLICENSED", or ' + | ||
| '"SEE LICENSE IN <filename>"', | ||
| 'license is similar to the valid expression "Apache-2.0"' | ||
| ] | ||
| }; | ||
| valid('Apache 2.0'); // => invalidResult | ||
| // Almost a valid SPDX license identifier | ||
| valid('Apache 2.0'); // => warningsWithSuggestion | ||
| var warningAboutLicenseRef = { | ||
| validForOldPackages: false, | ||
| validForNewPackages: false, | ||
| warnings: [ | ||
| 'license should be ' + | ||
| 'a valid SPDX license expression without "LicenseRef", ' + | ||
| '"UNLICENSED", or ' + | ||
| '"SEE LICENSE IN <filename>"', | ||
| ] | ||
| }; | ||
| // LicenseRef-* identifiers are valid SPDX expressions, | ||
| // but not valid in package.json | ||
| valid('LicenseRef-Made-Up'); // => warningAboutLicenseRef | ||
| valid('(MIT OR LicenseRef-Made-Up)'); // => warningAboutLicenseRef | ||
| ``` |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by18.29%
13504
- Lines of code
- increased by164%
66
- Number of lines in readme file
- increased by121.43%
62
No dependency changes