Open jayvdb opened 2 weeks ago
Could you provide a sample .licensee.json
and clarify what you mean by lower-case-l-zlib packages not being allowed to be approved? Zlib is both a project name and the name of that project's license. The SPDX identifier for the license is Zlib
with a capital Z.
To reproduce this create a .licensee.json
that contains an entry ZLib
(upper case L) in licenses.spdx
and a package.json
dependencies
that contains "pako": "2.1.0"
.
Running licensee
will show
pako@2.1.0
NOT APPROVED
Terms: (MIT AND Zlib)
Corrected: correct-license-metadata
Repository: nodeca/pako
Homepage: None listed
Author: None listed
Contributors:
Andrei Tuputcyn (https://github.com/andr83)
Vitaly Puzrin (https://github.com/puzrin)
Friedel Ziegelmayer (https://github.com/dignifiedquire)
Kirill Efimov (https://github.com/Kirill89)
Jean-loup Gailly
Mark Adler
This is because the matching of Zlib
in the pako metadata is case-sensitive, and the values in licenses.spdx
are not checked to be valid case-sensitive spdx identifiers.
IMO the expected behaviour in this scenario is to emit an error something like
error: .licensee.json: "ZLib" is not a valid SPDX identifider
@kemitchell i stumbled on this too, but i think the issue is that there's NO error with ZLib
, because it's indeed supposed to be Zlib
.
Ah, I see. ZlLib.
When I add "ZLib" to
licenses.spdx
list, there is no error, but it does not allow "Zlib" (lower case l) packages to be approved