Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Mar 16, 2024 via pnpm

spdx-correct 3.2.0

correct invalid SPDX expressions
Package summary
Share
3
issues
1
high severity
license
1
2
low severity
license
2
4
licenses
1
Apache-2.0
1
CC-BY-3.0
1
MIT
1
CC0-1.0
Package created
29 Apr 2015
Version published
7 Mar 2023
Maintainers
2
Total deps
4
Direct deps
2
License
Apache-2.0

Issues

3

1 high severity issue

high
Recommendation: Read and validate the license terms
via: spdx-expression-parse@3.0.1
Collapse
Expand

2 low severity issues

low
Recommendation: Read and validate the license terms
via: spdx-expression-parse@3.0.1
Recommendation: Read and validate the license terms
via: spdx-expression-parse@3.0.1 & others
Collapse
Expand

Licenses

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
1 Packages, Including:
spdx-correct@3.2.0

Creative Commons Attribution 3.0 Unported

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-exceptions@2.5.0

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
spdx-expression-parse@3.0.1

Creative Commons Zero v1.0 Universal

Public Domain
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-license-ids@3.0.17
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

2
All Dependencies CSV
β“˜ This is a list of spdx-correct 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
spdx-expression-parse3.0.14.32 kBMIT
prod
1
2
spdx-license-ids3.0.1712.33 kBCC0-1.0
prod
1

Visualizations

Frequently Asked Questions

What does spdx-correct do?

The npm package "spdx-correct" provides functionality to correct invalid SPDX (Software Package Data Exchange) expressions. In essence, it helps standardize the syntax of SPDX licenses identifiers. SPDX is a way to standardize the way in which software components are identified and their associated licenses. SPDX-correct provides an efficient way for developers to ensure that the license identifiers they use follow the SPDX standard. By adhering to this standard, developers are improving the accuracy and consistency of their license information, which can be essential for legal compliance.

How do you use spdx-correct?

To use "spdx-correct" in your JavaScript application, you first need to install the package, using npm install command:

npm install spdx-correct

Next, require the spdx-correct module in your code:

var correct = require('spdx-correct');

Now, you can call the function to correct SPDX expressions. Here's how it can be used:

var correct = require('spdx-correct');
var assert = require('assert');

assert.strictEqual(correct('mit'), 'MIT');
assert.strictEqual(correct('Apache 2'), 'Apache-2.0');
assert(correct('No idea what license') === null);

The arguments of the correct function are the original invalid SPDX expression and an optional options object. If the SPDX identifier is unknown, it'll return null. If an upgrade option is passed as false, the function won't attempt to upgrade deprecated identifiers.

// disable upgrade option
assert(correct('GPL-3.0'), 'GPL-3.0-or-later');
assert(correct('GPL-3.0', { upgrade: false }), 'GPL-3.0');

Where are the spdx-correct docs?

The documentation for the "spdx-correct" npm package is not separate, but rather available in the README file on the package's GitHub repository. This resource provides a comprehensive overview of the functionality of the package, instructions on how to install and use it in your application, and showcases a few examples of correcting different SPDX expressions.