Nascent Plasticine Materialist
    Have ideas to improve npm?Join in the discussion! »

    spdx-expression-parse
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/spdx-expression-parse package

    3.0.1 • Public • Published

    This package parses SPDX license expression strings describing license terms, like package.json license strings, into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.

    In a nutshell:

    var parse = require('spdx-expression-parse')
    var assert = require('assert')
     
    assert.deepEqual(
      // Licensed under the terms of the Two-Clause BSD License.
      parse('BSD-2-Clause'),
      {license: 'BSD-2-Clause'}
    )
     
    assert.throws(function () {
      // An invalid SPDX license expression.
      // Should be `Apache-2.0`.
      parse('Apache 2')
    })
     
    assert.deepEqual(
      // Dual licensed under either:
      // - LGPL 2.1
      // - a combination of Three-Clause BSD and MIT
      parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
      {
        left: {license: 'LGPL-2.1'},
        conjunction: 'or',
        right: {
          left: {license: 'BSD-3-Clause'},
          conjunction: 'and',
          right: {license: 'MIT'}
        }
      }
    )

    The syntax comes from the Software Package Data eXchange (SPDX), a standard from the Linux Foundation for shareable data about software package license terms. SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.

    The bulk of the SPDX standard describes syntax and semantics of XML metadata files. This package implements two lightweight, plain-text components of that larger standard:

    1. The license list, a mapping from specific string identifiers, like Apache-2.0, to standard form license texts and bolt-on license exceptions. The spdx-license-ids and spdx-exceptions packages implement the license list. spdx-expression-parse depends on and require()s them.

      Any license identifier from the license list is a valid license expression:

      var identifiers = []
        .concat(require('spdx-license-ids'))
        .concat(require('spdx-license-ids/deprecated'))
       
      identifiers.forEach(function (id) {
        assert.deepEqual(parse(id), {license: id})
      })

      So is any license identifier WITH a standardized license exception:

      identifiers.forEach(function (id) {
        require('spdx-exceptions').forEach(function (e) {
          assert.deepEqual(
            parse(id + ' WITH ' + e),
            {license: id, exception: e}
          )
        })
      })
    2. The license expression language, for describing simple and complex license terms, like MIT for MIT-licensed and (GPL-2.0 OR Apache-2.0) for dual-licensing under GPL 2.0 and Apache 2.0. spdx-expression-parse itself implements license expression language, exporting a parser.

      assert.deepEqual(
        // Licensed under a combination of:
        // - the MIT License AND
        // - a combination of:
        //   - LGPL 2.1 (or a later version) AND
        //   - Three-Clause BSD
        parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
        {
          left: {license: 'MIT'},
          conjunction: 'and',
          right: {
            left: {license: 'LGPL-2.1', plus: true},
            conjunction: 'and',
            right: {license: 'BSD-3-Clause'}
          }
        }
      )

    The Linux Foundation and its contributors license the SPDX standard under the terms of the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0"). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.

    Install

    npm i spdx-expression-parse

    DownloadsWeekly Downloads

    14,951,780

    Version

    3.0.1

    License

    MIT

    Unpacked Size

    11.8 kB

    Total Files

    7

    Last publish

    Collaborators

    • avatar
    • avatar