composer / spdx-licenses Goto Github PK

View Code? Open in Web Editor NEW

1.4K 9.0 22.0 173 KB

Tools for working with the SPDX license list and validating licenses.

License: MIT License

PHP 100.00%

spdx-licenses's Introduction

composer/spdx-licenses

SPDX (Software Package Data Exchange) licenses list and validation library.

Originally written as part of composer/composer, now extracted and made available as a stand-alone library.

Installation

Install the latest version with:

$ composer require composer/spdx-licenses

Basic Usage

<?php

use Composer\Spdx\SpdxLicenses;

$licenses = new SpdxLicenses();

// get a license by identifier
$licenses->getLicenseByIdentifier('MIT');

// get a license exception by identifier
$licenses->getExceptionByIdentifier('Autoconf-exception-3.0');

// get a license identifier by name
$licenses->getIdentifierByName('MIT License');

// check if a license is OSI approved by identifier
$licenses->isOsiApprovedByIdentifier('MIT');

// check if a license identifier is deprecated
$licenses->isDeprecatedByIdentifier('MIT');

// check if input is a valid SPDX license expression
$licenses->validate($input);

Read the specifications to find out more about valid license expressions.

Requirements

PHP 5.3.2 is required but using the latest version of PHP is highly recommended.

License

composer/spdx-licenses is licensed under the MIT License, see the LICENSE file for details.

Source

License information is curated by SPDX. The data is pulled from the License List Data repository.

spdx-licenses's People

Contributors

Stargazers

Watchers

spdx-licenses's Issues

Why dep on justinrainbow/json-schema ?

I don't see any usage of JsonSchema namespace in the code.

See "phpcompatinfo ananyser:run src" report

Classes Analysis
Class                             Matches REF  EXT min/Max PHP min/Max PHP all 
Composer\Spdx\SpdxLicenses        2       user             5.3.0               
Composer\Spdx\SpdxLicensesUpdater         user             5.3.0               
DOMDocument                       2       dom  5.0.0       5.0.0               
DOMXPath                          2       dom  5.0.0       5.0.0               
InvalidArgumentException          2       spl  5.1.0       5.1.0               
RuntimeException                  1       spl  5.1.0       5.1.0               
self                              2       Core 5.0.0       5.0.0               
Total [7]                                                  5.3.0

TODOs

Update namespaces to Composer\Spdx or something
Add README
Add LICENSE with MIT
Add composer.json
Add phpunit.xml.dist, .travis.yml, and make sure tests run

Not sure if I am missing anything but I probably am :)

Removed: FLTK-exception-2.0

Has been removed from https://spdx.org/licenses/index.html

Use SPDX data files instead of screen-scraping

They're published in different formats (including JSON) at https://github.com/spdx/license-list-data

It's probably going to be more reliable in the long-term to parse these files instead of screen-scraping the HTML.

Oh crap, sorry that's what happens when you release late on Friday heh.. Good thing I saw this before heading to bed ;) Fixed now.

Originally posted by @Seldaek in composer/getcomposer.org#209 (comment)

Please, make test available in github archive

Please consider removing tests from .gitattributes.
This make downstream CI easier.
(really small)

See http://blog.remirepo.net/post/2014/08/12/Koschei-continuous-integration-of-PHP-stack-in-Fedora

[RFC] add API to check license compatibility

Ensuring that deps in vendor/ have a license compatible with the root project is a tough task.

Other projects exist in js/Rust/Ruby/etc. I computed the following list of interest:

Later on, we could build a composer plugin like this on top:

https://github.com/codepunkt/webpack-license-plugin/

This could be a great contribution if anyone is up to learn about the topic and contribute a PR here, if the maintainers agree?

Help wanted.

Is there a way to set a package licensing as "private" or "all rights reserved". We use this on a project that has a mix of public and private packages to validate the licenses but on the private packages, we would like to be able to specify that the package is unlicensed and cannot be distributed.

NPM as added a similar option to their system and it would be really nice here.

Thanks

Update for SPDX License List 3.0

The SPDX License List 3.0 was released last week: