python-license-check icon indicating copy to clipboard operation
python-license-check copied to clipboard

Published 20 hours ago verified publisher icon dhatim

Support SPDX identifiers

Open joshfriend opened this issue 3 years ago • 4 comments

I'd like to be able to only allowlist/blocklist specific licenses by their SPDX identifiers (e.g. Apache-2.0), as opposed to the various forms that pop up in packages:

apache 2.0
apache software 2.0
apache license 2.0
apache software license 2.0
the idkapache software license 2.0

Full list of SPDX identifiers is at: https://spdx.org/licenses/

This project has a similar mapping of frequently used identifiers to their proper SPDX identifier:

https://github.com/NFJones/pipoe/blob/master/pipoe/licenses.py

Of course, this only gets you so far as some projects have ambiguous metadata that doesn't explicitly specify the license version (like dateutil for example). Perhaps this could be part of the normal/cautious/paranoid checking levels where "normal" might map "apache" to any version, but "paranoid" would not match unless it included a version number.

joshfriend avatar Apr 02 '21 18:04 joshfriend

I believe this would eliminate the need for #53 as well?

joshfriend avatar Apr 02 '21 18:04 joshfriend

I did not know about SPDX identifiers, and this looks like a great idea!

ochedru avatar Apr 03 '21 10:04 ochedru

I believe this would eliminate the need for #53 as well?

Indeed

ochedru avatar Apr 03 '21 10:04 ochedru

This request seems even more valuable now that SPDX is the de-facto standard for licensing information.

thehale avatar Dec 28 '22 20:12 thehale