Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Mar 13, 2024 via pnpm

spdx-expression-parse 3.0.1

parse SPDX license expressions
Package summary
Share
3
issues
1
high severity
license
1
2
low severity
license
2
3
licenses
1
CC-BY-3.0
1
MIT
1
CC0-1.0
Package created
2 Aug 2015
Version published
13 May 2020
Maintainers
2
Total deps
3
Direct deps
2
License
MIT

Issues

3

1 high severity issue

high
Recommendation: Read and validate the license terms
via: spdx-exceptions@2.5.0
Collapse
Expand

2 low severity issues

low
Recommendation: Read and validate the license terms
via: spdx-exceptions@2.5.0
Recommendation: Read and validate the license terms
via: spdx-license-ids@3.0.17
Collapse
Expand

Licenses

Creative Commons Attribution 3.0 Unported

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-exceptions@2.5.0

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
spdx-expression-parse@3.0.1

Creative Commons Zero v1.0 Universal

Public Domain
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-license-ids@3.0.17
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

2
All Dependencies CSV
β“˜ This is a list of spdx-expression-parse 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
spdx-exceptions2.5.03.39 kBCC-BY-3.0
prod
1
1
spdx-license-ids3.0.1712.33 kBCC0-1.0
prod
1

Visualizations

Frequently Asked Questions

What does spdx-expression-parse do?

The "spdx-expression-parse" is a JavaScript package that parses SPDX license expression strings, such as the ones seen in package.json license strings, into structured ECMAScript objects. The npm command-line interface depends on it, as do many license-audit tools. This makes it crucial for managing and auditing license data, especially for users of open-source software.

How do you use spdx-expression-parse?

To use spdx-expression-parse, first include it in your project with require('spdx-expression-parse'). Then, employ the parse method to convert a license string into an ECMAScript object. Here's a basic usage example:

var parse = require('spdx-expression-parse')
var assert = require('assert')

assert.deepEqual(
  parse('BSD-2-Clause'),
  {license: 'BSD-2-Clause'}
)

You can also parse complex license terms, like so:

assert.deepEqual(
  parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
  {
    left: {license: 'MIT'},
    conjunction: 'and',
    right: {
      left: {license: 'LGPL-2.1', plus: true},
      conjunction: 'and',
      right: {license: 'BSD-3-Clause'}
    }
  }
)

Please, note that invalid SPDX license expressions will throw errors.

Where are the spdx-expression-parse docs?

For comprehensive documentation on the spdx-expression-parse package, direct your attention to its GitHub page: spdx-expression-parse GitHub. It will elaborate on more advanced parts of the package and give user-friendly guides for you to work with.