Parsing the license data from LICENSE not working
pathmapper opened this issue · 3 comments
Hi,
first of all, thank you very much for this great plugin. I've tried a lot of webpack/npm license tools and this one is my favorite one so far.
From the README:
the license listed in package.json. If it's not available or not a valid spdx license expression, additional files such as LICENSE or README are being looked at in order to parse the license data from them. (this will be shown with a * next to the name of the license and may require further manual verification)
Looks like this isn't working as expected.
Here is an example where the spdx short identifier for the license in package.json is not correct (a "-" is missing) but in the LICENSE file the license is mentioned (BSD 2-Clause):
https://spdx.org/licenses/BSD-2-Clause.html
@mapbox/fusspot@0.4.0
https://github.com/mapbox/fusspot/blob/0.4.0/package.json#L25
https://github.com/mapbox/fusspot/blob/0.4.0/LICENSE
The build fails with the following error:
ERROR in WebpackLicensePlugin: License "BSD 2-Clause" for @mapbox/fusspot@0.4.0 is not a valid SPDX expression!
Maybe the parsing of the LICENSE fails because there is only BSD 2-Clause license in there and not the spdx short identifier?
All in all, this is not a big deal because it's possible to use the licenseOverrides option:
licenseOverrides: {
'@mapbox/fusspot@0.4.0': 'BSD-2-Clause'
}
@pathmapper Thanks for informing me about this. The quoted passage from the Readme is indeed misleading. It's from a time where this plugin was based on davglass/license-checker, which does exactly what's described, but then
As of now, this plugin requires valid SPDX identifiers in the license field and checks for the license text in a licen[cs]e file. I will update the documentation to reflect this!
It might be an interesting addition to parse potential license texts from README files and/or try to compare the license text contents with known license texts from SPDX in order to still come up with a valid license in an example like yours.
However, i have decided against this because a lot of license texts are not exact copies of the official texts, there's copyright placeholder in a lot of them and finding out one or more license related terms or text snippets from a README sounds like a nightmare.
Using the licenseOverrides option in your example is your best bet - along with informing the maintainers of their wrong SPDX identifier and maybe opening a PR to their repository to fix this.
@codepunkt thanks for clarification and the background!
i have decided against this because a lot of license texts are not exact copies of the official texts, there's copyright placeholder in a lot of them and finding out one or more license related terms or text snippets from a README sounds like a nightmare.
Makes sense.
Using the licenseOverrides option in your example is your best bet - along with informing the maintainers of their wrong SPDX identifier and maybe opening a PR to their repository to fix this.
Yep, see mapbox/fusspot#46
Updated documentation on master, released as 4.1.2 with an additional minor bugfix.