{"library":"spdx-satisfies","title":"SPDX License Expression Satisfier","type":"library","description":"The `spdx-satisfies` library provides a robust utility for programmatically validating whether a given SPDX license expression is satisfied by a predefined list of approved licenses. Currently at version 6.0.0, this package is a direct successor to the deprecated `spdx.js` and focuses specifically on accurate satisfaction checks against the SPDX specification. It supports complex license expressions involving `OR` and `WITH` operators for the license expression being checked, but strictly requires that the 'approved licenses' list contains only simple identifiers, plus-ranges (e.g., `GPL-2.0+`), or licenses with exceptions (e.g., `Apache-2.0 WITH LLVM`), prohibiting compound expressions in the approved list. This strictness makes it a critical tool for open-source license compliance, software supply chain security, and automated dependency scanning, offering precise and machine-readable license verification.","language":"javascript","status":"active","last_verified":"Sun Apr 19","install":{"commands":["npm install spdx-satisfies"],"cli":{"name":"spdx-satisfies","version":null}},"imports":["import satisfies from 'spdx-satisfies';","const satisfies = require('spdx-satisfies');"],"auth":{"required":false,"env_vars":[]},"links":{"homepage":null,"github":"https://github.com/kemitchell/spdx-satisfies.js","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/spdx-satisfies","openapi_spec":null,"status_page":null,"smithery":null},"quickstart":{"code":"import satisfies from 'spdx-satisfies';\nimport assert from 'assert';\n\nconst approvedLicenses = ['MIT', 'ISC', 'BSD-2-Clause', 'Apache-2.0', 'GPL-2.0+'];\n\n// Basic satisfaction\nassert.ok(satisfies('MIT', approvedLicenses), 'MIT should satisfy');\nassert.ok(satisfies('ISC', approvedLicenses), 'ISC should satisfy');\n\n// Complex expressions with OR\nassert.ok(satisfies('GPL-2.0 OR MIT', approvedLicenses), 'GPL-2.0 OR MIT should satisfy if MIT is approved');\nassert.ok(satisfies('BSD-3-Clause OR Apache-2.0', approvedLicenses), 'BSD-3-Clause OR Apache-2.0 should satisfy if Apache-2.0 is approved');\n\n// Complex expressions with AND (requires both to be approved)\nassert.ok(!satisfies('GPL-2.0 AND MIT', approvedLicenses), 'GPL-2.0 AND MIT should NOT satisfy if GPL-2.0 is not exact');\n\n// Plus-ranges\nassert.ok(satisfies('GPL-3.0', approvedLicenses), 'GPL-3.0 should satisfy GPL-2.0+');\nassert.ok(!satisfies('GPL-1.0', approvedLicenses), 'GPL-1.0 should NOT satisfy GPL-2.0+');\n\n// License with exception\nassert.ok(satisfies('Apache-2.0 WITH LLVM-exception', approvedLicenses), 'Apache-2.0 WITH LLVM-exception should satisfy if Apache-2.0 is approved');\n\nconsole.log('All satisfaction checks passed!');","lang":"typescript","description":"Demonstrates how to use the `satisfies` function with various SPDX expressions and an array of approved licenses, including basic, OR, AND, plus-ranges, and WITH clauses.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}