A module that helps you get insight into licenses included in the SPDX license list.
If you just want to see if a specific license ID or license string is conformant:
const conformance = require('conformance')
conformance('MIT')
conformance('ISC OR GPL-2.0-with-GCC-exception')This module will spit out an object at you with a suite of information about an SPDX license expression you pass in. In general, it will look something like this:
{
"uniqueLicenseIds": [
"MIT"
],
"spdxLicenseLinks": [
"https://spdx.org/licenses/MIT.html#licenseText"
],
"spdx": {
"osi": true,
"fsf": true,
"fsfAndOsi": true,
"deprecated": false
}
}Current usage looks like this:
const conformance = require('conformance')
conformance(<spdx expression>, [options])Where:
<spdx expression> is a required string.- Can be any valid SPDX license expression, which will be parsed by spdx-expression-parse.
[options]is an optional object that contains the following properties:throwOnError: aBooleanthat indicates whether or not you want to throw on errors.
This is something I've wanted to see for a long time. I've personally seen how high of a barrier licensing can be for larger teams. By increasing insight into license structure across applications, we can hopefully lower the barrier for further adoption across industries ❤️
- License expression depth is currently limited to three licenses. For example,
MIT AND (CC0-1.0 OR ISC)is the current maximum depth. This will return 3 licenses, as you'd expect. This isn't a hard limit, it's just the depth that's been written in the context of licenses on npm. To date, I've not seen a license expression that goes further than this. If this ends up being rewritten, it should just be a recursive function that continues to check regardless of depth.