Parse license object(s)

[brettz9]

As well as licenses, license has allowed an albeit now deprecated object per https://docs.npmjs.com/files/package.json#license

{ "license" :
  { "type" : "ISC"
  , "url" : "https://opensource.org/licenses/ISC"
  }
}

(While a comment states, "Not valid metadata", it goes on to say "Those styles are now deprecated", i.e., they are not entirely rejected yet.)

Some packages still use this format, so weren't being found for approval. I think this format, and the array format, should be supported.

Thanks!

[kemitchell]

@brettz9 I wrote that package.json doc. If it's unclear, we should fix it. Don't use an object. Use a string.

A number of old packages with license objects have corrections in npm-license-corrections.

[brettz9]

I think the npm docs are clear that one should not use objects, but the term "deprecated" suggests to me that it is still technically permitted, at least until such time as a later version of npm prohibits its use, at which time it will no longer be "deprecated" but "obsolete". This is at least the way I have seen browser specs using the term and though new items are encouraged from using it, the current system will still support them.

Re: npm-license-corrections, I see--good to know; perhaps I'll file the ones I discover there, at least if the project owners do not respond to update. Thanks!

[kemitchell]

@brettz9 npm will not reject npm publish commands or tarballs with arbitrary data in package.json's license property. But only one kind of data are valid, SPDX expressions or SEE LICENSE IN $place magic strings.

[brettz9]

Closing since corrections satisfies. Thanks!