validate-npm-package-license
Give me a string and I'll tell you if it's a valid npm package license string
Last updated 9 years ago by kemitchell .
Apache-2.0 · Repository · Bugs · Original npm · Tarball · package.json
$ gnpm install validate-npm-package-license 
SYNC missed versions from official npm registry.

validate-npm-package-license

Give me a string and I'll tell you if it's a valid npm package license string.

var valid = require('validate-npm-package-license');

SPDX license identifiers are valid license strings:


var assert = require('assert');
var validSPDXExpression = {
  validForNewPackages: true,
  validForOldPackages: true,
  spdx: true
};

assert.deepEqual(valid('MIT'), validSPDXExpression);
assert.deepEqual(valid('BSD-2-Clause'), validSPDXExpression);
assert.deepEqual(valid('Apache-2.0'), validSPDXExpression);
assert.deepEqual(valid('ISC'), validSPDXExpression);

The function will return a warning and suggestion for nearly-correct license identifiers:

assert.deepEqual(
  valid('Apache 2.0'),
  {
    validForOldPackages: false,
    validForNewPackages: false,
    warnings: [
      'license should be ' +
      'a valid SPDX license expression (without "LicenseRef"), ' +
      '"UNLICENSED", or ' +
      '"SEE LICENSE IN <filename>"',
      'license is similar to the valid expression "Apache-2.0"'
    ]
  }
);

SPDX expressions are valid, too ...

// Simple SPDX license expression for dual licensing
assert.deepEqual(
  valid('(GPL-3.0-only OR BSD-2-Clause)'),
  validSPDXExpression
);

... except if they contain LicenseRef:

var warningAboutLicenseRef = {
  validForOldPackages: false,
  validForNewPackages: false,
  spdx: true,
  warnings: [
    'license should be ' +
    'a valid SPDX license expression (without "LicenseRef"), ' +
    '"UNLICENSED", or ' +
    '"SEE LICENSE IN <filename>"',
  ]
};

assert.deepEqual(
  valid('LicenseRef-Made-Up'),
  warningAboutLicenseRef
);

assert.deepEqual(
  valid('(MIT OR LicenseRef-Made-Up)'),
  warningAboutLicenseRef
);

If you can't describe your licensing terms with standardized SPDX identifiers, put the terms in a file in the package and point users there:

assert.deepEqual(
  valid('SEE LICENSE IN LICENSE.txt'),
  {
    validForNewPackages: true,
    validForOldPackages: true,
    inFile: 'LICENSE.txt'
  }
);

assert.deepEqual(
  valid('SEE LICENSE IN license.md'),
  {
    validForNewPackages: true,
    validForOldPackages: true,
    inFile: 'license.md'
  }
);

If there aren't any licensing terms, use UNLICENSED:

var unlicensed = {
  validForNewPackages: true,
  validForOldPackages: true,
  unlicensed: true
};
assert.deepEqual(valid('UNLICENSED'), unlicensed);
assert.deepEqual(valid('UNLICENCED'), unlicensed);

Current Tags

  • 3.0.4                                ...           latest (6 years ago)

10 Versions

  • 3.0.4                                ...           6 years ago
  • 3.0.3                                ...           7 years ago
  • 3.0.2                                ...           7 years ago
  • 3.0.1                                ...           9 years ago
  • 3.0.0                                ...           9 years ago
  • 2.0.0                                ...           9 years ago
  • 1.0.0                                ...           9 years ago
  • 1.0.0-prerelease-3                                ...           9 years ago
  • 1.0.0-prerelease-2                                ...           10 years ago
  • 1.0.0-prerelease-1                                ...           10 years ago
Maintainers (1)
Downloads
Today 1
This Week 1
This Month 1
Last Day 0
Last Week 0
Last Month 0
Dependencies (2)
Dev Dependencies (2)

Copyright 2013 - present © cnpmjs.org | Home |