Skip to content
0347b72305
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
codeql-action/node_modules/validate-npm-package-license/
Go to file
codeql-action/node_modules/validate-npm-package-license/

Latest commit

Robert Brignull replace jest with ava
0347b72 May 13, 2020
replace jest with ava
0347b72

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
. .
LICENSE
replace jest with ava
May 13, 2020 11:13
README.md
replace jest with ava
May 13, 2020 11:13
index.js
replace jest with ava
May 13, 2020 11:13
package.json
replace jest with ava
May 13, 2020 11:13

README.md

validate-npm-package-license

Give me a string and I'll tell you if it's a valid npm package license string.

var valid = require('validate-npm-package-license');

SPDX license identifiers are valid license strings:

var assert = require('assert');
var validSPDXExpression = {
  validForNewPackages: true,
  validForOldPackages: true,
  spdx: true
};

assert.deepEqual(valid('MIT'), validSPDXExpression);
assert.deepEqual(valid('BSD-2-Clause'), validSPDXExpression);
assert.deepEqual(valid('Apache-2.0'), validSPDXExpression);
assert.deepEqual(valid('ISC'), validSPDXExpression);

The function will return a warning and suggestion for nearly-correct license identifiers:

assert.deepEqual(
  valid('Apache 2.0'),
  {
    validForOldPackages: false,
    validForNewPackages: false,
    warnings: [
      'license should be ' +
      'a valid SPDX license expression (without "LicenseRef"), ' +
      '"UNLICENSED", or ' +
      '"SEE LICENSE IN <filename>"',
      'license is similar to the valid expression "Apache-2.0"'
    ]
  }
);

SPDX expressions are valid, too ...

// Simple SPDX license expression for dual licensing
assert.deepEqual(
  valid('(GPL-3.0-only OR BSD-2-Clause)'),
  validSPDXExpression
);

... except if they contain LicenseRef:

var warningAboutLicenseRef = {
  validForOldPackages: false,
  validForNewPackages: false,
  spdx: true,
  warnings: [
    'license should be ' +
    'a valid SPDX license expression (without "LicenseRef"), ' +
    '"UNLICENSED", or ' +
    '"SEE LICENSE IN <filename>"',
  ]
};

assert.deepEqual(
  valid('LicenseRef-Made-Up'),
  warningAboutLicenseRef
);

assert.deepEqual(
  valid('(MIT OR LicenseRef-Made-Up)'),
  warningAboutLicenseRef
);

If you can't describe your licensing terms with standardized SPDX identifiers, put the terms in a file in the package and point users there:

assert.deepEqual(
  valid('SEE LICENSE IN LICENSE.txt'),
  {
    validForNewPackages: true,
    validForOldPackages: true,
    inFile: 'LICENSE.txt'
  }
);

assert.deepEqual(
  valid('SEE LICENSE IN license.md'),
  {
    validForNewPackages: true,
    validForOldPackages: true,
    inFile: 'license.md'
  }
);

If there aren't any licensing terms, use UNLICENSED:

var unlicensed = {
  validForNewPackages: true,
  validForOldPackages: true,
  unlicensed: true
};
assert.deepEqual(valid('UNLICENSED'), unlicensed);
assert.deepEqual(valid('UNLICENCED'), unlicensed);