onefetch icon indicating copy to clipboard operation
onefetch copied to clipboard

Published 20 hours ago verified publisher icon o2sh

Wrong license detected: `GPL-3.0-only`

Open NatoBoram opened this issue 1 year ago • 3 comments

Duplicates

  • [X] I have searched the existing issues

Current behavior 😯

License: GPL-3.0-only

Expected behavior 🤔

License: GPL-3.0-or-later

Steps to reproduce 🕹

  1. npm init
  2. Set license to GPL-3.0-or-later
  3. onefetch

NatoBoram avatar Sep 16 '22 17:09 NatoBoram

Seems related to https://github.com/jpeddicord/askalono/issues/45

In this case we may want to display the aliases using store.aliases(license.name) 🤔

image

o2sh avatar Sep 17 '22 21:09 o2sh

Hm, that doesn't feel right. "Aliases" seem like a property of a specific license rather than being a property of the repository. If we want to display the repository's properties, then we should only see the specific license used in the repository. Otherwise, we still have to open up the repo and manually search for this information.

NatoBoram avatar Sep 20 '22 18:09 NatoBoram

It will complicate the code, but we could possibly try to get a license value from the package manifest (package.json, Cargo.toml, and setup.cfg have this value off the top of my head), and fall back to askalono only if no manifests were found. However, that raises the question of what to do with multiple manifests that may have license values.

Other than that, looking at -or-later vs -only, the standard license header between the two do differ. I wonder if that can be used to determine which SPDX identifier should be used? The GPLv3 license itself does suggest adding the header to the start of each source file. Interestingly, both -or-later and -only suggest this in the "How to Apply These Terms to Your New Programs" section:

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

(note the "or any later version")

This implies to me that -or-later should be the default if it can't be decided which to use, since the license's own suggested header falls under the "or later" category.

The above ideas would probably be complex enough that they should be their own libraries IMO.

spenserblack avatar Sep 20 '22 19:09 spenserblack