Skip to content

Release v0.1.0
Compare
Choose a tag to compare
@elrayle elrayle released this 14 Sep 17:01
· 119 commits to main since this release
v0.1.0
96f5a7c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Overview

This is the first release of spdx-expression repository defining the spdxexp go package. The package defines a single function in the public API to check compatibility of an SPDX expression (e.g. Apache-2.0 AND MIT) with an allowed list of licenses (e.g. Apache-2.0, ISC, MIT). A common use case is checking the license requirements for a repository against a policy list of allowed licenses.

Public API

Satisfies

Function definition:

func Satisfies( testExpression string, allowedList []string)

where,

  • testExpression string is a valid SPDX license expression (e.g. "MIT", "Apache-1.0+", "MIT AND Apache-2.0", "MIT OR Apache-2.0")
  • allowedList []string is an array of SPDX license identifiers (e.g. ["MIT" "Apache-1.0+"]). Licenses in the allowedList are generally single license identifiers (e.g. "MIT", "Apache-1.0", "Apache-2.0"). There is support for a subset of SPDX license expressions. The supported subset is limited to specifying multi-versions (e.g. "Apache-1.0+", "GPL-2.0-or-later") and exceptions (e.g. "Apache-2.0 with Bison-exception-2.2").

Limitations

In this release, there is limited support for LicenseRef and DocumentRef. Expressions and licensing using these may not resolve as expected.

Assets 2
Loading