validate-npm-package-license
Advanced tools
Comparing version 1.0.0 to 2.0.0
80
index.js
var spdx = require('spdx'); | ||
var correct = require('spdx-correct'); | ||
var validResult = { | ||
validForNewPackages: true, | ||
validForOldPackages: true | ||
}; | ||
var genericWarning = ( | ||
'license should be ' + | ||
'a valid SPDX license expression without "LicenseRef", ' + | ||
'"UNLICENSED", or ' + | ||
'"SEE LICENSE IN <filename>"' | ||
); | ||
var fileReferenceRE = /^SEE LICEN[CS]E IN (.+)$/; | ||
function startsWith(prefix, string) { | ||
return string.slice(0, prefix.length) === prefix; | ||
} | ||
function usesLicenseRef(ast) { | ||
if (ast.hasOwnProperty('license')) { | ||
var license = ast.license; | ||
return ( | ||
startsWith('LicenseRef', license) || | ||
startsWith('DocumentRef', license) | ||
); | ||
} else { | ||
return ( | ||
usesLicenseRef(ast.left) || | ||
usesLicenseRef(ast.right) | ||
); | ||
} | ||
} | ||
module.exports = function(argument) { | ||
if (spdx.valid(argument)) { | ||
return { | ||
validForNewPackages: true, | ||
validForOldPackages: true | ||
}; | ||
} else { | ||
var warnings = [ | ||
'license should be a valid SPDX license expression' | ||
]; | ||
var corrected = correct(argument); | ||
if (corrected) { | ||
warnings.push( | ||
'license is similar to the valid expression "' + corrected + '"' | ||
); | ||
var ast; | ||
try { | ||
ast = spdx.parse(argument); | ||
} catch (e) { | ||
if ( | ||
argument === 'UNLICENSED' || | ||
argument === 'UNLICENCED' || | ||
fileReferenceRE.test(argument) | ||
) { | ||
return validResult; | ||
} else { | ||
var result = { | ||
validForOldPackages: false, | ||
validForNewPackages: false, | ||
warnings: [genericWarning] | ||
}; | ||
var corrected = correct(argument); | ||
if (corrected) { | ||
result.warnings.push( | ||
'license is similar to the valid expression "' + corrected + '"' | ||
); | ||
} | ||
return result; | ||
} | ||
} | ||
if (usesLicenseRef(ast)) { | ||
return { | ||
validForNewPackages: false, | ||
validForOldPackages: false, | ||
validForNewPackages: false, | ||
warnings: warnings | ||
warnings: [genericWarning] | ||
}; | ||
} else { | ||
return validResult; | ||
} | ||
}; |
{ | ||
"name": "validate-npm-package-license", | ||
"description": "Give me a string and I'll tell you if it's a valid npm package license string", | ||
"version": "1.0.0", | ||
"version": "2.0.0", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "Kyle E. Mitchell", |
@@ -9,3 +9,3 @@ validate-npm-package-license | ||
```js | ||
var validResult = { | ||
var noWarnings = { | ||
validForNewPackages: true, | ||
@@ -15,15 +15,49 @@ validForOldPackages: true | ||
valid('Apache-2.0'); // => validResult | ||
valid('(GPL-3.0 OR BSD-2-Clause)'); // => validResult | ||
// SPDX license identifier for common open-source licenses | ||
valid('MIT'); // => noWarnings | ||
valid('BSD-2-Clause'); // => noWarnings | ||
valid('Apache-2.0'); // => noWarnings | ||
valid('ISC'); // => noWarnings | ||
var invalidResult = { | ||
// Simple SPDX license expression for dual licensing | ||
valid('(GPL-3.0 OR BSD-2-Clause)'); // => noWarnings | ||
// Refer to a non-standard license found in the package | ||
valid('SEE LICENSE IN LICENSE.txt'); // => noWarnings | ||
valid('SEE LICENSE IN license.md'); // => noWarnings | ||
// No license | ||
valid('UNLICENSED'); // => noWarnings | ||
valid('UNLICENCED'); // => noWarnings | ||
var warningsWithSuggestion = { | ||
validForOldPackages: false, | ||
validForNewPackages: false, | ||
warnings: [ | ||
'license should be a valid SPDX license expression', | ||
'license is similar to the valid expression "Apache-2.0"' | ||
'license should be ' + | ||
'a valid SPDX license expression without "LicenseRef", ' + | ||
'"UNLICENSED", or ' + | ||
'"SEE LICENSE IN <filename>"', | ||
'license is similar to the valid expression "Apache-2.0"' | ||
] | ||
}; | ||
valid('Apache 2.0'); // => invalidResult | ||
// Almost a valid SPDX license identifier | ||
valid('Apache 2.0'); // => warningsWithSuggestion | ||
var warningAboutLicenseRef = { | ||
validForOldPackages: false, | ||
validForNewPackages: false, | ||
warnings: [ | ||
'license should be ' + | ||
'a valid SPDX license expression without "LicenseRef", ' + | ||
'"UNLICENSED", or ' + | ||
'"SEE LICENSE IN <filename>"', | ||
] | ||
}; | ||
// LicenseRef-* identifiers are valid SPDX expressions, | ||
// but not valid in package.json | ||
valid('LicenseRef-Made-Up'); // => warningAboutLicenseRef | ||
valid('(MIT OR LicenseRef-Made-Up)'); // => warningAboutLicenseRef | ||
``` |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
13504
66
62