This PR works the license-whitelist functionality of licensee around spdx-whitelisted, a fork of spdx-satisfies that takes a new, promising approach.
Using spdx-whitelisted made it much simpler to implement more flexible license whitelisting. Configuration is now additive. Users can configure specific SPDX IDs, Blue Oak ratings, and an OSI flag to add licenses to the whitelist.
I am going to go ahead and merge this, since it's objectively better than what we have now, and addresses a few common requests, including #44. Will go out as v7.0.0, a semver-major bump.
This PR works the license-whitelist functionality of
licenseearoundspdx-whitelisted, a fork ofspdx-satisfiesthat takes a new, promising approach.Using
spdx-whitelistedmade it much simpler to implement more flexible license whitelisting. Configuration is now additive. Users can configure specific SPDX IDs, Blue Oak ratings, and an OSI flag to add licenses to the whitelist.I am going to go ahead and merge this, since it's objectively better than what we have now, and addresses a few common requests, including #44. Will go out as v7.0.0, a semver-major bump.