Give me a string and I'll tell you if it's a valid npm package license string
Package: validate-npm-package-license
Created by: kemitchell
Last modified: Tue, 28 Jun 2022 08:28:46 GMT
Version: 3.0.4
License: Apache-2.0
Downloads: 100,403,079
Repository: https://github.com/kemitchell/validate-npm-package-license.js
Install
npm install validate-npm-package-license
yarn add validate-npm-package-license
validate-npm-package-license
Give me a string and I'll tell you if it's a valid npm package license string.
var valid = require('validate-npm-package-license');
SPDX license identifiers are valid license strings:
var assert = require('assert');
var validSPDXExpression = {
validForNewPackages: true,
validForOldPackages: true,
spdx: true
};
assert.deepEqual(valid('MIT'), validSPDXExpression);
assert.deepEqual(valid('BSD-2-Clause'), validSPDXExpression);
assert.deepEqual(valid('Apache-2.0'), validSPDXExpression);
assert.deepEqual(valid('ISC'), validSPDXExpression);
The function will return a warning and suggestion for nearly-correct license identifiers:
assert.deepEqual(
valid('Apache 2.0'),
{
validForOldPackages: false,
validForNewPackages: false,
warnings: [
'license should be ' +
'a valid SPDX license expression (without "LicenseRef"), ' +
'"UNLICENSED", or ' +
'"SEE LICENSE IN <filename>"',
'license is similar to the valid expression "Apache-2.0"'
]
}
);
SPDX expressions are valid, too ...
// Simple SPDX license expression for dual licensing
assert.deepEqual(
valid('(GPL-3.0-only OR BSD-2-Clause)'),
validSPDXExpression
);
... except if they contain LicenseRef:
var warningAboutLicenseRef = {
validForOldPackages: false,
validForNewPackages: false,
spdx: true,
warnings: [
'license should be ' +
'a valid SPDX license expression (without "LicenseRef"), ' +
'"UNLICENSED", or ' +
'"SEE LICENSE IN <filename>"',
]
};
assert.deepEqual(
valid('LicenseRef-Made-Up'),
warningAboutLicenseRef
);
assert.deepEqual(
valid('(MIT OR LicenseRef-Made-Up)'),
warningAboutLicenseRef
);
If you can't describe your licensing terms with standardized SPDX identifiers, put the terms in a file in the package and point users there:
assert.deepEqual(
valid('SEE LICENSE IN LICENSE.txt'),
{
validForNewPackages: true,
validForOldPackages: true,
inFile: 'LICENSE.txt'
}
);
assert.deepEqual(
valid('SEE LICENSE IN license.md'),
{
validForNewPackages: true,
validForOldPackages: true,
inFile: 'license.md'
}
);
If there aren't any licensing terms, use UNLICENSED:
var unlicensed = {
validForNewPackages: true,
validForOldPackages: true,
unlicensed: true
};
assert.deepEqual(valid('UNLICENSED'), unlicensed);
assert.deepEqual(valid('UNLICENCED'), unlicensed);
