1 This package parses SPDX license expression strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.
6 var parse = require('spdx-expression-parse')
7 var assert = require('assert')
10 // Licensed under the terms of the Two-Clause BSD License.
11 parse('BSD-2-Clause'),
12 {license: 'BSD-2-Clause'}
15 assert.throws(function () {
16 // An invalid SPDX license expression.
17 // Should be `Apache-2.0`.
22 // Dual licensed under LGPL 2.1 or a combination of the Three-Clause
23 // BSD License and the MIT License.
24 parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
26 left: {license: 'LGPL-2.1'},
29 left: {license: 'BSD-3-Clause'},
31 right: {license: 'MIT'}
37 The syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms. SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.
39 The bulk of the SPDX standard describes syntax and semantics of XML metadata files. This package implements two lightweight, plain-text components of that larger standard:
41 1. The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions. The [spdx-license-ids](https://www.npmjs.com/package/spdx-exceptions) and [spdx-exceptions](https://www.npmjs.com/package/spdx-license-ids) packages implement the license list. They are development dependencies of this package.
43 Any license identifier from the license list is a valid license expression:
46 require('spdx-license-ids').forEach(function (id) {
47 assert.deepEqual(parse(id), {license: id})
51 So is any license identifier `WITH` a standardized license exception:
54 require('spdx-license-ids').forEach(function (id) {
55 require('spdx-exceptions').forEach(function (e) {
57 parse(id + ' WITH ' + e),
58 {license: id, exception: e}
64 2. The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0. This package implements the license expression language.
68 // Licensed under a combination of the MIT License and a combination
69 // of LGPL 2.1 (or a later version) and the Three-Clause BSD License.
70 parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
72 left: {license: 'MIT'},
75 left: {license: 'LGPL-2.1', plus: true},
77 right: {license: 'BSD-3-Clause'}
83 The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.