{"library":"spdx-whitelisted","title":"SPDX License Whitelist Checker","type":"library","description":"spdx-whitelisted is a JavaScript library designed to evaluate whether a given SPDX license expression satisfies a provided whitelist of allowed SPDX licenses. It operates on structured SPDX expression objects, typically generated by parsers like `spdx-expression-parse`, and a list of structured license objects representing the whitelist. This package, currently at version 1.0.0, was forked from version 5.0.0 of `spdx-satisfies`. Its primary function is to return a boolean indicating satisfaction. The library is intended for legal and compliance checks within software projects, helping to ensure that declared licenses conform to organizational policies. It is a stable release with no explicit rapid release cadence mentioned, suggesting a focus on correctness for its specific utility.","language":"javascript","status":"active","last_verified":"Tue Apr 21","install":{"commands":["npm install spdx-whitelisted"],"cli":null},"imports":["const whitelisted = require('spdx-whitelisted');"],"auth":{"required":false,"env_vars":[]},"links":{"homepage":null,"github":"https://github.com/jslicense/spdx-whitelisted.js","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/spdx-whitelisted","openapi_spec":null,"status_page":null,"smithery":null},"quickstart":{"code":"const assert = require('assert');\nconst whitelisted = require('spdx-whitelisted');\nconst parse = require('spdx-expression-parse'); // Required to generate valid SPDX expression objects\n\n// Define a sample license expression object (parsed from 'MIT')\nconst expressionMIT = parse('MIT');\n\n// Define a sample whitelist\nconst whitelist = [\n  parse('ISC'),\n  parse('MIT'),\n  parse('Apache-2.0')\n];\n\n// Example 1: Simple MIT license against a whitelist including MIT\nassert(\n  whitelisted(\n    expressionMIT,\n    whitelist\n  )\n);\nconsole.log('MIT is whitelisted (expected true)');\n\n// Example 2: GPL-3.0 is NOT in the whitelist\nconst expressionGPL = parse('GPL-3.0');\nassert(\n  !whitelisted(\n    expressionGPL,\n    whitelist\n  )\n);\nconsole.log('GPL-3.0 is not whitelisted (expected false)');\n\n// Example 3: Complex expression (MIT OR Apache-2.0) AND (ISC OR GPL-2.0) against a partial whitelist\nconst complexExpression = parse('(MIT OR Apache-2.0) AND (ISC OR GPL-2.0)');\nconst partialWhitelist = [\n  parse('Apache-2.0'),\n  parse('ISC')\n];\n\nassert(\n  whitelisted(\n    complexExpression,\n    partialWhitelist\n  )\n);\nconsole.log('Complex expression is whitelisted (expected true)');\n\n// Example 4: Demonstrating the 'plus' logic for license versions\nassert(whitelisted(\n  parse('GPL-3.0'),\n  [parse('GPL-2.0', { plus: true })]\n));\nconsole.log('GPL-3.0 is satisfied by GPL-2.0+ (expected true)');","lang":"javascript","description":"Demonstrates how to use `spdx-whitelisted` to check if various SPDX license expressions satisfy a defined whitelist, including complex expressions and 'plus' version logic.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}