UNPKG

npm/node_modules/spdx-expression-parse/README.md

Version:

3.83 kBMarkdownView Raw

1This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects.  The npm command-line interface depends on this package, as do many automatic license-audit tools.
2
3In a nutshell:
4
5```javascript
6var parse = require('spdx-expression-parse')
7var assert = require('assert')
8
9assert.deepEqual(
10  // Licensed under the terms of the Two-Clause BSD License.
11  parse('BSD-2-Clause'),
12  {license: 'BSD-2-Clause'}
13)
14
15assert.throws(function () {
16  // An invalid SPDX license expression.
17  // Should be `Apache-2.0`.
18  parse('Apache 2')
19})
20
21assert.deepEqual(
22  // Dual licensed under either:
23  // - LGPL 2.1
24  // - a combination of Three-Clause BSD and MIT
25  parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
26  {
27    left: {license: 'LGPL-2.1'},
28    conjunction: 'or',
29    right: {
30      left: {license: 'BSD-3-Clause'},
31      conjunction: 'and',
32      right: {license: 'MIT'}
33    }
34  }
35)
36```
37
38The syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms.  SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.
39
40The bulk of the SPDX standard describes syntax and semantics of XML metadata files.  This package implements two lightweight, plain-text components of that larger standard:
41
421.  The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions.  The [spdx-license-ids](https://www.npmjs.com/package/spdx-exceptions) and [spdx-exceptions](https://www.npmjs.com/package/spdx-license-ids) packages implement the license list.  `spdx-expression-parse` depends on and `require()`s them.
43
44    Any license identifier from the license list is a valid license expression:
45
46    ```javascript
47    var identifiers = []
48      .concat(require('spdx-license-ids'))
49      .concat(require('spdx-license-ids/deprecated'))
50
51    identifiers.forEach(function (id) {
52      assert.deepEqual(parse(id), {license: id})
53    })
54    ```
55
56    So is any license identifier `WITH` a standardized license exception:
57
58    ```javascript
59    identifiers.forEach(function (id) {
60      require('spdx-exceptions').forEach(function (e) {
61        assert.deepEqual(
62          parse(id + ' WITH ' + e),
63          {license: id, exception: e}
64        )
65      })
66    })
67    ```
68
692.  The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0.  `spdx-expression-parse` itself implements license expression language, exporting a parser.
70
71    ```javascript
72    assert.deepEqual(
73      // Licensed under a combination of:
74      // - the MIT License AND
75      // - a combination of:
76      //   - LGPL 2.1 (or a later version) AND
77      //   - Three-Clause BSD
78      parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
79      {
80        left: {license: 'MIT'},
81        conjunction: 'and',
82        right: {
83          left: {license: 'LGPL-2.1', plus: true},
84          conjunction: 'and',
85          right: {license: 'BSD-3-Clause'}
86        }
87      }
88    )
89    ```
90
91The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0).  "SPDX" is a United States federally registered trademark of the Linux Foundation.  The authors of this package license their work under the terms of the MIT License.

1	`This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.`
2
3	`In a nutshell:`
4
5	```javascript
6	`var parse = require('spdx-expression-parse')`
7	`var assert = require('assert')`
8
9	`assert.deepEqual(`
10	`// Licensed under the terms of the Two-Clause BSD License.`
11	`parse('BSD-2-Clause'),`
12	`{license: 'BSD-2-Clause'}`
13	`)`
14
15	`assert.throws(function () {`
16	`// An invalid SPDX license expression.`
17	// Should be `Apache-2.0`.
18	`parse('Apache 2')`
19	`})`
20
21	`assert.deepEqual(`
22	`// Dual licensed under either:`
23	`// - LGPL 2.1`
24	`// - a combination of Three-Clause BSD and MIT`
25	`parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),`
26	`{`
27	`left: {license: 'LGPL-2.1'},`
28	`conjunction: 'or',`
29	`right: {`
30	`left: {license: 'BSD-3-Clause'},`
31	`conjunction: 'and',`
32	`right: {license: 'MIT'}`
33	`}`
34	`}`
35	`)`
36	```
37
38	`The syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms. SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.`
39
40	`The bulk of the SPDX standard describes syntax and semantics of XML metadata files. This package implements two lightweight, plain-text components of that larger standard:`
41
42	1. The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions. The [spdx-license-ids](https://www.npmjs.com/package/spdx-exceptions) and [spdx-exceptions](https://www.npmjs.com/package/spdx-license-ids) packages implement the license list. `spdx-expression-parse` depends on and `require()`s them.
43
44	`Any license identifier from the license list is a valid license expression:`
45
46	```javascript
47	`var identifiers = []`
48	`.concat(require('spdx-license-ids'))`
49	`.concat(require('spdx-license-ids/deprecated'))`
50
51	`identifiers.forEach(function (id) {`
52	`assert.deepEqual(parse(id), {license: id})`
53	`})`
54	```
55
56	So is any license identifier `WITH` a standardized license exception:
57
58	```javascript
59	`identifiers.forEach(function (id) {`
60	`require('spdx-exceptions').forEach(function (e) {`
61	`assert.deepEqual(`
62	`parse(id + ' WITH ' + e),`
63	`{license: id, exception: e}`
64	`)`
65	`})`
66	`})`
67	```
68
69	2. The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0. `spdx-expression-parse` itself implements license expression language, exporting a parser.
70
71	```javascript
72	`assert.deepEqual(`
73	`// Licensed under a combination of:`
74	`// - the MIT License AND`
75	`// - a combination of:`
76	`// - LGPL 2.1 (or a later version) AND`
77	`// - Three-Clause BSD`
78	`parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),`
79	`{`
80	`left: {license: 'MIT'},`
81	`conjunction: 'and',`
82	`right: {`
83	`left: {license: 'LGPL-2.1', plus: true},`
84	`conjunction: 'and',`
85	`right: {license: 'BSD-3-Clause'}`
86	`}`
87	`}`
88	`)`
89	```
90
91	`The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.`