License checker currently produces incorrect and dangerous results during the flatten -> license calls:
Input:
name = "simpler-sidebar"
version = "1.4.5"
license = "(MIT and GPL-2.0)"
Output:
licenses = "MIT*"
This is because of this "sub - string" check:
var MIT = /\bMIT\b/;
...
} else if (MIT.test(str)) {
return 'MIT*';
For license strings containing logical operators as defined for SPDX (or similar to them): https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
License checker currently produces incorrect and dangerous results during the flatten -> license calls: Input: name = "simpler-sidebar" version = "1.4.5" license = "(MIT and GPL-2.0)"
Output: licenses = "MIT*"
This is because of this "sub - string" check:
Example of affected
package.jsonfiles: https://github.com/jqPlot/jqPlot/blob/1.0.9/package.json#L36 https://github.com/gitter-badger/simpler-sidebar/blob/v1.4.5/package.json#L11 https://github.com/maranomynet/formatchange/blob/v2.3.1/package.json#L28