{"analyzedAt":"2022-06-26T22:41:37.177Z","collected":{"metadata":{"name":"spdx-expression-parse","scope":"unscoped","version":"3.0.1","description":"parse SPDX license expressions","keywords":["SPDX","law","legal","license","metadata","package","package.json","standards"],"date":"2020-05-13T16:12:46.317Z","author":{"name":"Kyle E. Mitchell","email":"kyle@kemitchell.com","url":"https://kemitchell.com","username":"kemitchell"},"publisher":{"username":"kemitchell","email":"kyle@kemitchell.com"},"maintainers":[{"username":"kemitchell","email":"kyle@kemitchell.com"},{"username":"motet-a","email":"antoine.motet@gmail.com"}],"contributors":[{"name":"C. Scott Ananian","email":"cscott@cscott.net","url":"http://cscott.net"},{"name":"Kyle E. Mitchell","email":"kyle@kemitchell.com","url":"https://kemitchell.com"},{"name":"Shinnosuke Watanabe","email":"snnskwtnb@gmail.com"},{"name":"Antoine Motet","email":"antoine.motet@gmail.com"}],"repository":{"type":"git","url":"git+https://github.com/jslicense/spdx-expression-parse.js.git"},"links":{"npm":"https://www.npmjs.com/package/spdx-expression-parse","homepage":"https://github.com/jslicense/spdx-expression-parse.js#readme","repository":"https://github.com/jslicense/spdx-expression-parse.js","bugs":"https://github.com/jslicense/spdx-expression-parse.js/issues"},"license":"MIT","dependencies":{"spdx-exceptions":"^2.1.0","spdx-license-ids":"^3.0.0"},"devDependencies":{"defence-cli":"^3.0.1","replace-require-self":"^1.0.0","standard":"^14.1.0"},"releases":[{"from":"2022-05-27T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2022-03-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2021-12-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2021-06-26T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2020-06-26T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0}],"hasTestScript":true,"hasSelectiveFiles":true,"readme":"This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects.  The npm command-line interface depends on this package, as do many automatic license-audit tools.\n\nIn a nutshell:\n\n```javascript\nvar parse = require('spdx-expression-parse')\nvar assert = require('assert')\n\nassert.deepEqual(\n  // Licensed under the terms of the Two-Clause BSD License.\n  parse('BSD-2-Clause'),\n  {license: 'BSD-2-Clause'}\n)\n\nassert.throws(function () {\n  // An invalid SPDX license expression.\n  // Should be `Apache-2.0`.\n  parse('Apache 2')\n})\n\nassert.deepEqual(\n  // Dual licensed under either:\n  // - LGPL 2.1\n  // - a combination of Three-Clause BSD and MIT\n  parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),\n  {\n    left: {license: 'LGPL-2.1'},\n    conjunction: 'or',\n    right: {\n      left: {license: 'BSD-3-Clause'},\n      conjunction: 'and',\n      right: {license: 'MIT'}\n    }\n  }\n)\n```\n\nThe syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms.  SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.\n\nThe bulk of the SPDX standard describes syntax and semantics of XML metadata files.  This package implements two lightweight, plain-text components of that larger standard:\n\n1.  The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions.  The [spdx-license-ids](https://www.npmjs.com/package/spdx-license-ids) and [spdx-exceptions](https://www.npmjs.com/package/spdx-exceptions) packages implement the license list.  `spdx-expression-parse` depends on and `require()`s them.\n\n    Any license identifier from the license list is a valid license expression:\n\n    ```javascript\n    var identifiers = []\n      .concat(require('spdx-license-ids'))\n      .concat(require('spdx-license-ids/deprecated'))\n\n    identifiers.forEach(function (id) {\n      assert.deepEqual(parse(id), {license: id})\n    })\n    ```\n\n    So is any license identifier `WITH` a standardized license exception:\n\n    ```javascript\n    identifiers.forEach(function (id) {\n      require('spdx-exceptions').forEach(function (e) {\n        assert.deepEqual(\n          parse(id + ' WITH ' + e),\n          {license: id, exception: e}\n        )\n      })\n    })\n    ```\n\n2.  The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0.  `spdx-expression-parse` itself implements license expression language, exporting a parser.\n\n    ```javascript\n    assert.deepEqual(\n      // Licensed under a combination of:\n      // - the MIT License AND\n      // - a combination of:\n      //   - LGPL 2.1 (or a later version) AND\n      //   - Three-Clause BSD\n      parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),\n      {\n        left: {license: 'MIT'},\n        conjunction: 'and',\n        right: {\n          left: {license: 'LGPL-2.1', plus: true},\n          conjunction: 'and',\n          right: {license: 'BSD-3-Clause'}\n        }\n      }\n    )\n    ```\n\nThe Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: \"CC-BY-3.0\")](http://spdx.org/licenses/CC-BY-3.0).  \"SPDX\" is a United States federally registered trademark of the Linux Foundation.  The authors of this package license their work under the terms of the MIT License."},"npm":{"downloads":[{"from":"2022-06-25T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":904088},{"from":"2022-06-19T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":20018777},{"from":"2022-05-27T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":84856361},{"from":"2022-03-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":261402693},{"from":"2021-12-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":511521525},{"from":"2021-06-26T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":1011029091}],"starsCount":1},"github":{"homepage":"https://npmjs.com/packages/spdx-expression-parse","starsCount":35,"forksCount":22,"subscribersCount":11,"issues":{"count":29,"openCount":7,"distribution":{"3600":5,"10800":3,"32400":3,"97200":6,"291600":0,"874800":0,"2624400":1,"7873200":2,"23619600":2,"70858800":0,"212576400":7},"isDisabled":false},"contributors":[{"username":"kemitchell","commitsCount":148},{"username":"shinnn","commitsCount":1},{"username":"cscott","commitsCount":2},{"username":"mvandervliet","commitsCount":1},{"username":"motet-a","commitsCount":3}],"commits":[{"from":"2022-06-19T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2022-05-27T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2022-03-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2021-12-28T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0},{"from":"2021-06-26T00:00:00.000Z","to":"2022-06-26T00:00:00.000Z","count":0}],"statuses":[{"context":"continuous-integration/travis-ci/push","state":"success"}]},"source":{"files":{"readmeSize":3826,"testsSize":1964},"linters":["standard"]}},"evaluation":{"quality":{"carefulness":0.9199999999999999,"tests":0.85,"health":1,"branding":0},"popularity":{"communityInterest":74,"downloadsCount":87134231,"downloadsAcceleration":32611.546632420155,"dependentsCount":0},"maintenance":{"releasesFrequency":0.9,"commitsFrequency":0.9,"openIssues":0.9310344827586207,"issuesDistribution":0.9}},"score":{"final":0.8132735530395409,"detail":{"quality":0.870565292027313,"popularity":0.5775414768612711,"maintenance":0.9998984243711488}}}