Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    spdxpublic

    Use Other Packages

    Development on spdx.js has moved to separate, smaller packages.

    spdx-expression-parse and spdx-satisfies are direct successors to spdx.js.

    You may also be interested in spdx-compare, spdx-correct, and other packages on the npm public registry. kemitchell writes a lot of them.


    var spdx = require('spdx')

    Simple License Expressions

    var assert = require('assert')
    assert(spdx.valid('Invalid-Identifier') === null)
    assert(spdx.valid('GPL-2.0'))
    assert(spdx.valid('GPL-2.0+'))
    assert(spdx.valid('LicenseRef-23'))
    assert(spdx.valid('LicenseRef-MIT-Style-1'))
    assert(spdx.valid('DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2'))

    Composite License Expressions

    Disjunctive OR Operator

    assert(spdx.valid('(LGPL-2.1 OR MIT)'))
    assert(spdx.valid('(LGPL-2.1 OR MIT OR BSD-3-Clause)'))

    Conjunctive AND Operator

    assert(spdx.valid('(LGPL-2.1 AND MIT)'))
    assert(spdx.valid('(LGPL-2.1 AND MIT AND BSD-2-Clause)'))

    Exception WITH Operator

    assert(spdx.valid('(GPL-2.0+ WITH Bison-exception-2.2)'))

    Order of Precedence and Parentheses

    assert.deepEqual(
      spdx.parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
      { left: { license: 'LGPL-2.1' },
        conjunction: 'or',
        right: {
          left: { license: 'BSD-3-Clause' },
          conjunction: 'and',
          right: { license: 'MIT' } } })
     
    assert.deepEqual(
      spdx.parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
      { left: { license: 'MIT' },
        conjunction: 'and',
        right: {
          left: {
            license: 'LGPL-2.1',
            plus: true },
          conjunction: 'and',
          right: { license: 'BSD-3-Clause' } } })

    Strict Whitespace Rules

    assert(!spdx.valid('MIT '))
    assert(!spdx.valid(' MIT'))
    assert(!spdx.valid('MIT  AND  BSD-3-Clause'))

    Identifier Lists

    assert(Array.isArray(spdx.licenses))
    assert(spdx.licenses.indexOf('ISC') > -1)
    assert(spdx.licenses.indexOf('Apache-1.7') < 0)
    assert(spdx.licenses.every(function(element) {
      return typeof element === 'string' }))
     
    assert(Array.isArray(spdx.exceptions))
    assert(spdx.exceptions.indexOf('GCC-exception-3.1') > -1)
    assert(spdx.exceptions.every(function(element) {
      return typeof element === 'string' }))

    The Specification

    assert.equal(spdx.specificationVersion, '2.0')

    The Software Package Data Exchange (SPDX) specification is the work of the Linux Foundation and its contributors, and is licensed under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation.

    install

    npm i spdx

    Downloadsweekly downloads

    18,318

    version

    0.5.1

    license

    MIT

    repository

    githubgithub

    last publish

    collaborators

    • avatar
    • avatar