Support dual licensing in detection and expose it in the report.

[isoos]

[isoos]

Reddit discussion: https://www.reddit.com/r/dartlang/comments/rgfhg8/duallicensed_dart_package/

[bharat-biradar]

@isoos The current license detector already supports multiple license detection. It's just that while displaying it on pub,dev we only take the license with the highest confidence and ignore the others. For example, if we see the output generated by the license_detector_bin.dart for some of the plugins on the pub.dev that have more than one license we can see both of them are being detected. I have attached a screenshot below. Plugins in screenshot"

• mvc_pattern
• allnotification
• pikaday_datepicker

Another example with a file having 4 licenses

But here while displaying it, we are just considering the first match. Maybe we can return a list here and also add a condition like the percentage of tokens claimed by all matches is greater than 0.8 or 0.9 to ensure it's not spam.

[JKRhb]

How about being able to use an SPDX identifier in the pubspec.yaml file (like MIT OR Apache-2.0) and then check if the license(s) are provided in the LICENSE file (or somewhere else)? This could also deal with the problem that the automatic detection sometimes can't determine the correct license when multiple ones (e. g. from third party software) are contained in the LICENSE file.

[sigurdm]

We would be happy to have volunteers help with this.

[isoos]

With the new licenses field in the Summary the first two package has been identified correctly (mvc_pattern, allnotification).