From f196690e988ab71856897d9d5934ce8387ddc1b3 Mon Sep 17 00:00:00 2001 From: Michael Garvin Date: Thu, 19 Feb 2026 11:42:52 -0800 Subject: [PATCH] deps: init-package-json@8.2.5 --- DEPENDENCIES.md | 5 - node_modules/.gitignore | 8 - .../init-package-json/lib/default-input.js | 8 +- node_modules/init-package-json/package.json | 7 +- node_modules/spdx-correct/LICENSE | 202 --------- node_modules/spdx-correct/index.js | 386 ------------------ .../spdx-expression-parse/AUTHORS | 4 - .../spdx-expression-parse/LICENSE | 22 - .../spdx-expression-parse/index.js | 8 - .../spdx-expression-parse/package.json | 39 -- .../spdx-expression-parse/parse.js | 138 ------- .../spdx-expression-parse/scan.js | 131 ------ node_modules/spdx-correct/package.json | 32 -- .../validate-npm-package-license/LICENSE | 202 --------- .../validate-npm-package-license/index.js | 86 ---- .../spdx-expression-parse/AUTHORS | 4 - .../spdx-expression-parse/LICENSE | 22 - .../spdx-expression-parse/index.js | 8 - .../spdx-expression-parse/package.json | 39 -- .../spdx-expression-parse/parse.js | 138 ------- .../spdx-expression-parse/scan.js | 131 ------ .../validate-npm-package-license/package.json | 28 -- package-lock.json | 17 +- package.json | 2 +- 24 files changed, 15 insertions(+), 1652 deletions(-) delete mode 100644 node_modules/spdx-correct/LICENSE delete mode 100644 node_modules/spdx-correct/index.js delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/AUTHORS delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/LICENSE delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/index.js delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/parse.js delete mode 100644 node_modules/spdx-correct/node_modules/spdx-expression-parse/scan.js delete mode 100644 node_modules/spdx-correct/package.json delete mode 100644 node_modules/validate-npm-package-license/LICENSE delete mode 100644 node_modules/validate-npm-package-license/index.js delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/AUTHORS delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/LICENSE delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/index.js delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/parse.js delete mode 100644 node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/scan.js delete mode 100644 node_modules/validate-npm-package-license/package.json diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index 44659b306a727..9430108979245 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -289,7 +289,6 @@ graph LR; init-package-json-->promzard; init-package-json-->read; init-package-json-->semver; - init-package-json-->validate-npm-package-license; init-package-json-->validate-npm-package-name; is-cidr-->cidr-regex; isaacs-fs-minipass-->minipass; @@ -703,8 +702,6 @@ graph LR; socks-proxy-agent-->agent-base; socks-proxy-agent-->debug; socks-proxy-agent-->socks; - spdx-correct-->spdx-expression-parse; - spdx-correct-->spdx-license-ids; spdx-expression-parse-->spdx-exceptions; spdx-expression-parse-->spdx-license-ids; ssri-->minipass; @@ -722,8 +719,6 @@ graph LR; tufjs-models-->tufjs-canonical-json["@tufjs/canonical-json"]; unique-filename-->unique-slug; unique-slug-->imurmurhash; - validate-npm-package-license-->spdx-correct; - validate-npm-package-license-->spdx-expression-parse; which-->isexe; write-file-atomic-->imurmurhash; write-file-atomic-->signal-exit; diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 43ebee7707625..8971f57cdafcb 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -132,10 +132,6 @@ !/smart-buffer !/socks-proxy-agent !/socks -!/spdx-correct -!/spdx-correct/node_modules/ -/spdx-correct/node_modules/* -!/spdx-correct/node_modules/spdx-expression-parse !/spdx-exceptions !/spdx-expression-parse !/spdx-license-ids @@ -154,10 +150,6 @@ !/unique-filename !/unique-slug !/util-deprecate -!/validate-npm-package-license -!/validate-npm-package-license/node_modules/ -/validate-npm-package-license/node_modules/* -!/validate-npm-package-license/node_modules/spdx-expression-parse !/validate-npm-package-name !/walk-up-path !/which diff --git a/node_modules/init-package-json/lib/default-input.js b/node_modules/init-package-json/lib/default-input.js index d72feee7f44d3..7b9c8f440e0de 100644 --- a/node_modules/init-package-json/lib/default-input.js +++ b/node_modules/init-package-json/lib/default-input.js @@ -2,7 +2,7 @@ const fs = require('fs/promises') const path = require('path') -const validateLicense = require('validate-npm-package-license') +const validateLicense = require('@npmcli/package-json/lib/license') const validateName = require('validate-npm-package-name') const npa = require('npm-package-arg') const semver = require('semver') @@ -264,12 +264,10 @@ if (!package.author) { const license = package.license || getConfig('license') || 'ISC' exports.license = yes ? license : prompt('license', license, (data) => { - const its = validateLicense(data) - if (its.validForNewPackages) { + if (validateLicense(data)) { return data } - const errors = (its.errors || []).concat(its.warnings || []) - return invalid(`Sorry, ${errors.join(' and ')}.`) + return invalid('Sorry, license should be a valid SPDX license expression') }) const type = package.type || getConfig('type') || 'commonjs' diff --git a/node_modules/init-package-json/package.json b/node_modules/init-package-json/package.json index f41bb69f756ff..a6c8213cf5379 100644 --- a/node_modules/init-package-json/package.json +++ b/node_modules/init-package-json/package.json @@ -1,6 +1,6 @@ { "name": "init-package-json", - "version": "8.2.4", + "version": "8.2.5", "main": "lib/init-package-json.js", "scripts": { "test": "tap", @@ -25,13 +25,12 @@ "promzard": "^3.0.1", "read": "^5.0.1", "semver": "^7.7.2", - "validate-npm-package-license": "^3.0.4", "validate-npm-package-name": "^7.0.0" }, "devDependencies": { "@npmcli/config": "^10.0.0", "@npmcli/eslint-config": "^6.0.1", - "@npmcli/template-oss": "4.23.4", + "@npmcli/template-oss": "4.29.0", "tap": "^16.0.1" }, "engines": { @@ -61,7 +60,7 @@ ], "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.4", + "version": "4.29.0", "publish": true } } diff --git a/node_modules/spdx-correct/LICENSE b/node_modules/spdx-correct/LICENSE deleted file mode 100644 index d645695673349..0000000000000 --- a/node_modules/spdx-correct/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/node_modules/spdx-correct/index.js b/node_modules/spdx-correct/index.js deleted file mode 100644 index 4d9037e0cc435..0000000000000 --- a/node_modules/spdx-correct/index.js +++ /dev/null @@ -1,386 +0,0 @@ -/* -Copyright spdx-correct.js contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -var parse = require('spdx-expression-parse') -var spdxLicenseIds = require('spdx-license-ids') - -function valid (string) { - try { - parse(string) - return true - } catch (error) { - return false - } -} - -// Sorting function that orders the given array of transpositions such -// that a transposition with the longer pattern comes before a transposition -// with a shorter pattern. This is to prevent e.g. the transposition -// ["General Public License", "GPL"] from matching to "Lesser General Public License" -// before a longer and more accurate transposition ["Lesser General Public License", "LGPL"] -// has a chance to be recognized. -function sortTranspositions(a, b) { - var length = b[0].length - a[0].length - if (length !== 0) return length - return a[0].toUpperCase().localeCompare(b[0].toUpperCase()) -} - -// Common transpositions of license identifier acronyms -var transpositions = [ - ['APGL', 'AGPL'], - ['Gpl', 'GPL'], - ['GLP', 'GPL'], - ['APL', 'Apache'], - ['ISD', 'ISC'], - ['GLP', 'GPL'], - ['IST', 'ISC'], - ['Claude', 'Clause'], - [' or later', '+'], - [' International', ''], - ['GNU', 'GPL'], - ['GUN', 'GPL'], - ['+', ''], - ['GNU GPL', 'GPL'], - ['GNU LGPL', 'LGPL'], - ['GNU/GPL', 'GPL'], - ['GNU GLP', 'GPL'], - ['GNU LESSER GENERAL PUBLIC LICENSE', 'LGPL'], - ['GNU Lesser General Public License', 'LGPL'], - ['GNU LESSER GENERAL PUBLIC LICENSE', 'LGPL-2.1'], - ['GNU Lesser General Public License', 'LGPL-2.1'], - ['LESSER GENERAL PUBLIC LICENSE', 'LGPL'], - ['Lesser General Public License', 'LGPL'], - ['LESSER GENERAL PUBLIC LICENSE', 'LGPL-2.1'], - ['Lesser General Public License', 'LGPL-2.1'], - ['GNU General Public License', 'GPL'], - ['Gnu public license', 'GPL'], - ['GNU Public License', 'GPL'], - ['GNU GENERAL PUBLIC LICENSE', 'GPL'], - ['MTI', 'MIT'], - ['Mozilla Public License', 'MPL'], - ['Universal Permissive License', 'UPL'], - ['WTH', 'WTF'], - ['WTFGPL', 'WTFPL'], - ['-License', ''] -].sort(sortTranspositions) - -var TRANSPOSED = 0 -var CORRECT = 1 - -// Simple corrections to nearly valid identifiers. -var transforms = [ - // e.g. 'mit' - function (argument) { - return argument.toUpperCase() - }, - // e.g. 'MIT ' - function (argument) { - return argument.trim() - }, - // e.g. 'M.I.T.' - function (argument) { - return argument.replace(/\./g, '') - }, - // e.g. 'Apache- 2.0' - function (argument) { - return argument.replace(/\s+/g, '') - }, - // e.g. 'CC BY 4.0'' - function (argument) { - return argument.replace(/\s+/g, '-') - }, - // e.g. 'LGPLv2.1' - function (argument) { - return argument.replace('v', '-') - }, - // e.g. 'Apache 2.0' - function (argument) { - return argument.replace(/,?\s*(\d)/, '-$1') - }, - // e.g. 'GPL 2' - function (argument) { - return argument.replace(/,?\s*(\d)/, '-$1.0') - }, - // e.g. 'Apache Version 2.0' - function (argument) { - return argument - .replace(/,?\s*(V\.|v\.|V|v|Version|version)\s*(\d)/, '-$2') - }, - // e.g. 'Apache Version 2' - function (argument) { - return argument - .replace(/,?\s*(V\.|v\.|V|v|Version|version)\s*(\d)/, '-$2.0') - }, - // e.g. 'ZLIB' - function (argument) { - return argument[0].toUpperCase() + argument.slice(1) - }, - // e.g. 'MPL/2.0' - function (argument) { - return argument.replace('/', '-') - }, - // e.g. 'Apache 2' - function (argument) { - return argument - .replace(/\s*V\s*(\d)/, '-$1') - .replace(/(\d)$/, '$1.0') - }, - // e.g. 'GPL-2.0', 'GPL-3.0' - function (argument) { - if (argument.indexOf('3.0') !== -1) { - return argument + '-or-later' - } else { - return argument + '-only' - } - }, - // e.g. 'GPL-2.0-' - function (argument) { - return argument + 'only' - }, - // e.g. 'GPL2' - function (argument) { - return argument.replace(/(\d)$/, '-$1.0') - }, - // e.g. 'BSD 3' - function (argument) { - return argument.replace(/(-| )?(\d)$/, '-$2-Clause') - }, - // e.g. 'BSD clause 3' - function (argument) { - return argument.replace(/(-| )clause(-| )(\d)/, '-$3-Clause') - }, - // e.g. 'New BSD license' - function (argument) { - return argument.replace(/\b(Modified|New|Revised)(-| )?BSD((-| )License)?/i, 'BSD-3-Clause') - }, - // e.g. 'Simplified BSD license' - function (argument) { - return argument.replace(/\bSimplified(-| )?BSD((-| )License)?/i, 'BSD-2-Clause') - }, - // e.g. 'Free BSD license' - function (argument) { - return argument.replace(/\b(Free|Net)(-| )?BSD((-| )License)?/i, 'BSD-2-Clause-$1BSD') - }, - // e.g. 'Clear BSD license' - function (argument) { - return argument.replace(/\bClear(-| )?BSD((-| )License)?/i, 'BSD-3-Clause-Clear') - }, - // e.g. 'Old BSD License' - function (argument) { - return argument.replace(/\b(Old|Original)(-| )?BSD((-| )License)?/i, 'BSD-4-Clause') - }, - // e.g. 'BY-NC-4.0' - function (argument) { - return 'CC-' + argument - }, - // e.g. 'BY-NC' - function (argument) { - return 'CC-' + argument + '-4.0' - }, - // e.g. 'Attribution-NonCommercial' - function (argument) { - return argument - .replace('Attribution', 'BY') - .replace('NonCommercial', 'NC') - .replace('NoDerivatives', 'ND') - .replace(/ (\d)/, '-$1') - .replace(/ ?International/, '') - }, - // e.g. 'Attribution-NonCommercial' - function (argument) { - return 'CC-' + - argument - .replace('Attribution', 'BY') - .replace('NonCommercial', 'NC') - .replace('NoDerivatives', 'ND') - .replace(/ (\d)/, '-$1') - .replace(/ ?International/, '') + - '-4.0' - } -] - -var licensesWithVersions = spdxLicenseIds - .map(function (id) { - var match = /^(.*)-\d+\.\d+$/.exec(id) - return match - ? [match[0], match[1]] - : [id, null] - }) - .reduce(function (objectMap, item) { - var key = item[1] - objectMap[key] = objectMap[key] || [] - objectMap[key].push(item[0]) - return objectMap - }, {}) - -var licensesWithOneVersion = Object.keys(licensesWithVersions) - .map(function makeEntries (key) { - return [key, licensesWithVersions[key]] - }) - .filter(function identifySoleVersions (item) { - return ( - // Licenses has just one valid version suffix. - item[1].length === 1 && - item[0] !== null && - // APL will be considered Apache, rather than APL-1.0 - item[0] !== 'APL' - ) - }) - .map(function createLastResorts (item) { - return [item[0], item[1][0]] - }) - -licensesWithVersions = undefined - -// If all else fails, guess that strings containing certain substrings -// meant to identify certain licenses. -var lastResorts = [ - ['UNLI', 'Unlicense'], - ['WTF', 'WTFPL'], - ['2 CLAUSE', 'BSD-2-Clause'], - ['2-CLAUSE', 'BSD-2-Clause'], - ['3 CLAUSE', 'BSD-3-Clause'], - ['3-CLAUSE', 'BSD-3-Clause'], - ['AFFERO', 'AGPL-3.0-or-later'], - ['AGPL', 'AGPL-3.0-or-later'], - ['APACHE', 'Apache-2.0'], - ['ARTISTIC', 'Artistic-2.0'], - ['Affero', 'AGPL-3.0-or-later'], - ['BEER', 'Beerware'], - ['BOOST', 'BSL-1.0'], - ['BSD', 'BSD-2-Clause'], - ['CDDL', 'CDDL-1.1'], - ['ECLIPSE', 'EPL-1.0'], - ['FUCK', 'WTFPL'], - ['GNU', 'GPL-3.0-or-later'], - ['LGPL', 'LGPL-3.0-or-later'], - ['GPLV1', 'GPL-1.0-only'], - ['GPL-1', 'GPL-1.0-only'], - ['GPLV2', 'GPL-2.0-only'], - ['GPL-2', 'GPL-2.0-only'], - ['GPL', 'GPL-3.0-or-later'], - ['MIT +NO-FALSE-ATTRIBS', 'MITNFA'], - ['MIT', 'MIT'], - ['MPL', 'MPL-2.0'], - ['X11', 'X11'], - ['ZLIB', 'Zlib'] -].concat(licensesWithOneVersion).sort(sortTranspositions) - -var SUBSTRING = 0 -var IDENTIFIER = 1 - -var validTransformation = function (identifier) { - for (var i = 0; i < transforms.length; i++) { - var transformed = transforms[i](identifier).trim() - if (transformed !== identifier && valid(transformed)) { - return transformed - } - } - return null -} - -var validLastResort = function (identifier) { - var upperCased = identifier.toUpperCase() - for (var i = 0; i < lastResorts.length; i++) { - var lastResort = lastResorts[i] - if (upperCased.indexOf(lastResort[SUBSTRING]) > -1) { - return lastResort[IDENTIFIER] - } - } - return null -} - -var anyCorrection = function (identifier, check) { - for (var i = 0; i < transpositions.length; i++) { - var transposition = transpositions[i] - var transposed = transposition[TRANSPOSED] - if (identifier.indexOf(transposed) > -1) { - var corrected = identifier.replace( - transposed, - transposition[CORRECT] - ) - var checked = check(corrected) - if (checked !== null) { - return checked - } - } - } - return null -} - -module.exports = function (identifier, options) { - options = options || {} - var upgrade = options.upgrade === undefined ? true : !!options.upgrade - function postprocess (value) { - return upgrade ? upgradeGPLs(value) : value - } - var validArugment = ( - typeof identifier === 'string' && - identifier.trim().length !== 0 - ) - if (!validArugment) { - throw Error('Invalid argument. Expected non-empty string.') - } - identifier = identifier.trim() - if (valid(identifier)) { - return postprocess(identifier) - } - var noPlus = identifier.replace(/\+$/, '').trim() - if (valid(noPlus)) { - return postprocess(noPlus) - } - var transformed = validTransformation(identifier) - if (transformed !== null) { - return postprocess(transformed) - } - transformed = anyCorrection(identifier, function (argument) { - if (valid(argument)) { - return argument - } - return validTransformation(argument) - }) - if (transformed !== null) { - return postprocess(transformed) - } - transformed = validLastResort(identifier) - if (transformed !== null) { - return postprocess(transformed) - } - transformed = anyCorrection(identifier, validLastResort) - if (transformed !== null) { - return postprocess(transformed) - } - return null -} - -function upgradeGPLs (value) { - if ([ - 'GPL-1.0', 'LGPL-1.0', 'AGPL-1.0', - 'GPL-2.0', 'LGPL-2.0', 'AGPL-2.0', - 'LGPL-2.1' - ].indexOf(value) !== -1) { - return value + '-only' - } else if ([ - 'GPL-1.0+', 'GPL-2.0+', 'GPL-3.0+', - 'LGPL-2.0+', 'LGPL-2.1+', 'LGPL-3.0+', - 'AGPL-1.0+', 'AGPL-3.0+' - ].indexOf(value) !== -1) { - return value.replace(/\+$/, '-or-later') - } else if (['GPL-3.0', 'LGPL-3.0', 'AGPL-3.0'].indexOf(value) !== -1) { - return value + '-or-later' - } else { - return value - } -} diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/AUTHORS b/node_modules/spdx-correct/node_modules/spdx-expression-parse/AUTHORS deleted file mode 100644 index 257a76b9484c1..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/AUTHORS +++ /dev/null @@ -1,4 +0,0 @@ -C. Scott Ananian (http://cscott.net) -Kyle E. Mitchell (https://kemitchell.com) -Shinnosuke Watanabe -Antoine Motet diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/LICENSE b/node_modules/spdx-correct/node_modules/spdx-expression-parse/LICENSE deleted file mode 100644 index 831618eaba6c8..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License - -Copyright (c) 2015 Kyle E. Mitchell & other authors listed in AUTHORS - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/index.js b/node_modules/spdx-correct/node_modules/spdx-expression-parse/index.js deleted file mode 100644 index 52fab560aea70..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/index.js +++ /dev/null @@ -1,8 +0,0 @@ -'use strict' - -var scan = require('./scan') -var parse = require('./parse') - -module.exports = function (source) { - return parse(scan(source)) -} diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json b/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json deleted file mode 100644 index c9edc9f939cdf..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "name": "spdx-expression-parse", - "description": "parse SPDX license expressions", - "version": "3.0.1", - "author": "Kyle E. Mitchell (https://kemitchell.com)", - "files": [ - "AUTHORS", - "index.js", - "parse.js", - "scan.js" - ], - "dependencies": { - "spdx-exceptions": "^2.1.0", - "spdx-license-ids": "^3.0.0" - }, - "devDependencies": { - "defence-cli": "^3.0.1", - "replace-require-self": "^1.0.0", - "standard": "^14.1.0" - }, - "keywords": [ - "SPDX", - "law", - "legal", - "license", - "metadata", - "package", - "package.json", - "standards" - ], - "license": "MIT", - "repository": "jslicense/spdx-expression-parse.js", - "scripts": { - "lint": "standard", - "test:readme": "defence -i javascript README.md | replace-require-self | node", - "test:suite": "node test.js", - "test": "npm run test:suite && npm run test:readme" - } -} diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/parse.js b/node_modules/spdx-correct/node_modules/spdx-expression-parse/parse.js deleted file mode 100644 index 5a00b45c5799c..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/parse.js +++ /dev/null @@ -1,138 +0,0 @@ -'use strict' - -// The ABNF grammar in the spec is totally ambiguous. -// -// This parser follows the operator precedence defined in the -// `Order of Precedence and Parentheses` section. - -module.exports = function (tokens) { - var index = 0 - - function hasMore () { - return index < tokens.length - } - - function token () { - return hasMore() ? tokens[index] : null - } - - function next () { - if (!hasMore()) { - throw new Error() - } - index++ - } - - function parseOperator (operator) { - var t = token() - if (t && t.type === 'OPERATOR' && operator === t.string) { - next() - return t.string - } - } - - function parseWith () { - if (parseOperator('WITH')) { - var t = token() - if (t && t.type === 'EXCEPTION') { - next() - return t.string - } - throw new Error('Expected exception after `WITH`') - } - } - - function parseLicenseRef () { - // TODO: Actually, everything is concatenated into one string - // for backward-compatibility but it could be better to return - // a nice structure. - var begin = index - var string = '' - var t = token() - if (t.type === 'DOCUMENTREF') { - next() - string += 'DocumentRef-' + t.string + ':' - if (!parseOperator(':')) { - throw new Error('Expected `:` after `DocumentRef-...`') - } - } - t = token() - if (t.type === 'LICENSEREF') { - next() - string += 'LicenseRef-' + t.string - return { license: string } - } - index = begin - } - - function parseLicense () { - var t = token() - if (t && t.type === 'LICENSE') { - next() - var node = { license: t.string } - if (parseOperator('+')) { - node.plus = true - } - var exception = parseWith() - if (exception) { - node.exception = exception - } - return node - } - } - - function parseParenthesizedExpression () { - var left = parseOperator('(') - if (!left) { - return - } - - var expr = parseExpression() - - if (!parseOperator(')')) { - throw new Error('Expected `)`') - } - - return expr - } - - function parseAtom () { - return ( - parseParenthesizedExpression() || - parseLicenseRef() || - parseLicense() - ) - } - - function makeBinaryOpParser (operator, nextParser) { - return function parseBinaryOp () { - var left = nextParser() - if (!left) { - return - } - - if (!parseOperator(operator)) { - return left - } - - var right = parseBinaryOp() - if (!right) { - throw new Error('Expected expression') - } - return { - left: left, - conjunction: operator.toLowerCase(), - right: right - } - } - } - - var parseAnd = makeBinaryOpParser('AND', parseAtom) - var parseExpression = makeBinaryOpParser('OR', parseAnd) - - var node = parseExpression() - if (!node || hasMore()) { - throw new Error('Syntax error') - } - return node -} diff --git a/node_modules/spdx-correct/node_modules/spdx-expression-parse/scan.js b/node_modules/spdx-correct/node_modules/spdx-expression-parse/scan.js deleted file mode 100644 index b74fce2e2c663..0000000000000 --- a/node_modules/spdx-correct/node_modules/spdx-expression-parse/scan.js +++ /dev/null @@ -1,131 +0,0 @@ -'use strict' - -var licenses = [] - .concat(require('spdx-license-ids')) - .concat(require('spdx-license-ids/deprecated')) -var exceptions = require('spdx-exceptions') - -module.exports = function (source) { - var index = 0 - - function hasMore () { - return index < source.length - } - - // `value` can be a regexp or a string. - // If it is recognized, the matching source string is returned and - // the index is incremented. Otherwise `undefined` is returned. - function read (value) { - if (value instanceof RegExp) { - var chars = source.slice(index) - var match = chars.match(value) - if (match) { - index += match[0].length - return match[0] - } - } else { - if (source.indexOf(value, index) === index) { - index += value.length - return value - } - } - } - - function skipWhitespace () { - read(/[ ]*/) - } - - function operator () { - var string - var possibilities = ['WITH', 'AND', 'OR', '(', ')', ':', '+'] - for (var i = 0; i < possibilities.length; i++) { - string = read(possibilities[i]) - if (string) { - break - } - } - - if (string === '+' && index > 1 && source[index - 2] === ' ') { - throw new Error('Space before `+`') - } - - return string && { - type: 'OPERATOR', - string: string - } - } - - function idstring () { - return read(/[A-Za-z0-9-.]+/) - } - - function expectIdstring () { - var string = idstring() - if (!string) { - throw new Error('Expected idstring at offset ' + index) - } - return string - } - - function documentRef () { - if (read('DocumentRef-')) { - var string = expectIdstring() - return { type: 'DOCUMENTREF', string: string } - } - } - - function licenseRef () { - if (read('LicenseRef-')) { - var string = expectIdstring() - return { type: 'LICENSEREF', string: string } - } - } - - function identifier () { - var begin = index - var string = idstring() - - if (licenses.indexOf(string) !== -1) { - return { - type: 'LICENSE', - string: string - } - } else if (exceptions.indexOf(string) !== -1) { - return { - type: 'EXCEPTION', - string: string - } - } - - index = begin - } - - // Tries to read the next token. Returns `undefined` if no token is - // recognized. - function parseToken () { - // Ordering matters - return ( - operator() || - documentRef() || - licenseRef() || - identifier() - ) - } - - var tokens = [] - while (hasMore()) { - skipWhitespace() - if (!hasMore()) { - break - } - - var token = parseToken() - if (!token) { - throw new Error('Unexpected `' + source[index] + - '` at offset ' + index) - } - - tokens.push(token) - } - return tokens -} diff --git a/node_modules/spdx-correct/package.json b/node_modules/spdx-correct/package.json deleted file mode 100644 index d77615638be66..0000000000000 --- a/node_modules/spdx-correct/package.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "name": "spdx-correct", - "description": "correct invalid SPDX expressions", - "version": "3.2.0", - "dependencies": { - "spdx-expression-parse": "^3.0.0", - "spdx-license-ids": "^3.0.0" - }, - "devDependencies": { - "defence-cli": "^3.0.1", - "replace-require-self": "^1.0.0", - "standard": "^14.3.4", - "standard-markdown": "^6.0.0", - "tape": "^5.0.1" - }, - "files": [ - "index.js" - ], - "keywords": [ - "SPDX", - "law", - "legal", - "license", - "metadata" - ], - "license": "Apache-2.0", - "repository": "jslicense/spdx-correct.js", - "scripts": { - "lint": "standard && standard-markdown README.md", - "test": "defence README.md | replace-require-self | node && node test.js" - } -} diff --git a/node_modules/validate-npm-package-license/LICENSE b/node_modules/validate-npm-package-license/LICENSE deleted file mode 100644 index d645695673349..0000000000000 --- a/node_modules/validate-npm-package-license/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/node_modules/validate-npm-package-license/index.js b/node_modules/validate-npm-package-license/index.js deleted file mode 100644 index 35eaa732559ce..0000000000000 --- a/node_modules/validate-npm-package-license/index.js +++ /dev/null @@ -1,86 +0,0 @@ -var parse = require('spdx-expression-parse'); -var correct = require('spdx-correct'); - -var genericWarning = ( - 'license should be ' + - 'a valid SPDX license expression (without "LicenseRef"), ' + - '"UNLICENSED", or ' + - '"SEE LICENSE IN "' -); - -var fileReferenceRE = /^SEE LICEN[CS]E IN (.+)$/; - -function startsWith(prefix, string) { - return string.slice(0, prefix.length) === prefix; -} - -function usesLicenseRef(ast) { - if (ast.hasOwnProperty('license')) { - var license = ast.license; - return ( - startsWith('LicenseRef', license) || - startsWith('DocumentRef', license) - ); - } else { - return ( - usesLicenseRef(ast.left) || - usesLicenseRef(ast.right) - ); - } -} - -module.exports = function(argument) { - var ast; - - try { - ast = parse(argument); - } catch (e) { - var match - if ( - argument === 'UNLICENSED' || - argument === 'UNLICENCED' - ) { - return { - validForOldPackages: true, - validForNewPackages: true, - unlicensed: true - }; - } else if (match = fileReferenceRE.exec(argument)) { - return { - validForOldPackages: true, - validForNewPackages: true, - inFile: match[1] - }; - } else { - var result = { - validForOldPackages: false, - validForNewPackages: false, - warnings: [genericWarning] - }; - if (argument.trim().length !== 0) { - var corrected = correct(argument); - if (corrected) { - result.warnings.push( - 'license is similar to the valid expression "' + corrected + '"' - ); - } - } - return result; - } - } - - if (usesLicenseRef(ast)) { - return { - validForNewPackages: false, - validForOldPackages: false, - spdx: true, - warnings: [genericWarning] - }; - } else { - return { - validForNewPackages: true, - validForOldPackages: true, - spdx: true - }; - } -}; diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/AUTHORS b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/AUTHORS deleted file mode 100644 index 257a76b9484c1..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/AUTHORS +++ /dev/null @@ -1,4 +0,0 @@ -C. Scott Ananian (http://cscott.net) -Kyle E. Mitchell (https://kemitchell.com) -Shinnosuke Watanabe -Antoine Motet diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/LICENSE b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/LICENSE deleted file mode 100644 index 831618eaba6c8..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License - -Copyright (c) 2015 Kyle E. Mitchell & other authors listed in AUTHORS - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/index.js b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/index.js deleted file mode 100644 index 52fab560aea70..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/index.js +++ /dev/null @@ -1,8 +0,0 @@ -'use strict' - -var scan = require('./scan') -var parse = require('./parse') - -module.exports = function (source) { - return parse(scan(source)) -} diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json deleted file mode 100644 index c9edc9f939cdf..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "name": "spdx-expression-parse", - "description": "parse SPDX license expressions", - "version": "3.0.1", - "author": "Kyle E. Mitchell (https://kemitchell.com)", - "files": [ - "AUTHORS", - "index.js", - "parse.js", - "scan.js" - ], - "dependencies": { - "spdx-exceptions": "^2.1.0", - "spdx-license-ids": "^3.0.0" - }, - "devDependencies": { - "defence-cli": "^3.0.1", - "replace-require-self": "^1.0.0", - "standard": "^14.1.0" - }, - "keywords": [ - "SPDX", - "law", - "legal", - "license", - "metadata", - "package", - "package.json", - "standards" - ], - "license": "MIT", - "repository": "jslicense/spdx-expression-parse.js", - "scripts": { - "lint": "standard", - "test:readme": "defence -i javascript README.md | replace-require-self | node", - "test:suite": "node test.js", - "test": "npm run test:suite && npm run test:readme" - } -} diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/parse.js b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/parse.js deleted file mode 100644 index 5a00b45c5799c..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/parse.js +++ /dev/null @@ -1,138 +0,0 @@ -'use strict' - -// The ABNF grammar in the spec is totally ambiguous. -// -// This parser follows the operator precedence defined in the -// `Order of Precedence and Parentheses` section. - -module.exports = function (tokens) { - var index = 0 - - function hasMore () { - return index < tokens.length - } - - function token () { - return hasMore() ? tokens[index] : null - } - - function next () { - if (!hasMore()) { - throw new Error() - } - index++ - } - - function parseOperator (operator) { - var t = token() - if (t && t.type === 'OPERATOR' && operator === t.string) { - next() - return t.string - } - } - - function parseWith () { - if (parseOperator('WITH')) { - var t = token() - if (t && t.type === 'EXCEPTION') { - next() - return t.string - } - throw new Error('Expected exception after `WITH`') - } - } - - function parseLicenseRef () { - // TODO: Actually, everything is concatenated into one string - // for backward-compatibility but it could be better to return - // a nice structure. - var begin = index - var string = '' - var t = token() - if (t.type === 'DOCUMENTREF') { - next() - string += 'DocumentRef-' + t.string + ':' - if (!parseOperator(':')) { - throw new Error('Expected `:` after `DocumentRef-...`') - } - } - t = token() - if (t.type === 'LICENSEREF') { - next() - string += 'LicenseRef-' + t.string - return { license: string } - } - index = begin - } - - function parseLicense () { - var t = token() - if (t && t.type === 'LICENSE') { - next() - var node = { license: t.string } - if (parseOperator('+')) { - node.plus = true - } - var exception = parseWith() - if (exception) { - node.exception = exception - } - return node - } - } - - function parseParenthesizedExpression () { - var left = parseOperator('(') - if (!left) { - return - } - - var expr = parseExpression() - - if (!parseOperator(')')) { - throw new Error('Expected `)`') - } - - return expr - } - - function parseAtom () { - return ( - parseParenthesizedExpression() || - parseLicenseRef() || - parseLicense() - ) - } - - function makeBinaryOpParser (operator, nextParser) { - return function parseBinaryOp () { - var left = nextParser() - if (!left) { - return - } - - if (!parseOperator(operator)) { - return left - } - - var right = parseBinaryOp() - if (!right) { - throw new Error('Expected expression') - } - return { - left: left, - conjunction: operator.toLowerCase(), - right: right - } - } - } - - var parseAnd = makeBinaryOpParser('AND', parseAtom) - var parseExpression = makeBinaryOpParser('OR', parseAnd) - - var node = parseExpression() - if (!node || hasMore()) { - throw new Error('Syntax error') - } - return node -} diff --git a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/scan.js b/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/scan.js deleted file mode 100644 index b74fce2e2c663..0000000000000 --- a/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/scan.js +++ /dev/null @@ -1,131 +0,0 @@ -'use strict' - -var licenses = [] - .concat(require('spdx-license-ids')) - .concat(require('spdx-license-ids/deprecated')) -var exceptions = require('spdx-exceptions') - -module.exports = function (source) { - var index = 0 - - function hasMore () { - return index < source.length - } - - // `value` can be a regexp or a string. - // If it is recognized, the matching source string is returned and - // the index is incremented. Otherwise `undefined` is returned. - function read (value) { - if (value instanceof RegExp) { - var chars = source.slice(index) - var match = chars.match(value) - if (match) { - index += match[0].length - return match[0] - } - } else { - if (source.indexOf(value, index) === index) { - index += value.length - return value - } - } - } - - function skipWhitespace () { - read(/[ ]*/) - } - - function operator () { - var string - var possibilities = ['WITH', 'AND', 'OR', '(', ')', ':', '+'] - for (var i = 0; i < possibilities.length; i++) { - string = read(possibilities[i]) - if (string) { - break - } - } - - if (string === '+' && index > 1 && source[index - 2] === ' ') { - throw new Error('Space before `+`') - } - - return string && { - type: 'OPERATOR', - string: string - } - } - - function idstring () { - return read(/[A-Za-z0-9-.]+/) - } - - function expectIdstring () { - var string = idstring() - if (!string) { - throw new Error('Expected idstring at offset ' + index) - } - return string - } - - function documentRef () { - if (read('DocumentRef-')) { - var string = expectIdstring() - return { type: 'DOCUMENTREF', string: string } - } - } - - function licenseRef () { - if (read('LicenseRef-')) { - var string = expectIdstring() - return { type: 'LICENSEREF', string: string } - } - } - - function identifier () { - var begin = index - var string = idstring() - - if (licenses.indexOf(string) !== -1) { - return { - type: 'LICENSE', - string: string - } - } else if (exceptions.indexOf(string) !== -1) { - return { - type: 'EXCEPTION', - string: string - } - } - - index = begin - } - - // Tries to read the next token. Returns `undefined` if no token is - // recognized. - function parseToken () { - // Ordering matters - return ( - operator() || - documentRef() || - licenseRef() || - identifier() - ) - } - - var tokens = [] - while (hasMore()) { - skipWhitespace() - if (!hasMore()) { - break - } - - var token = parseToken() - if (!token) { - throw new Error('Unexpected `' + source[index] + - '` at offset ' + index) - } - - tokens.push(token) - } - return tokens -} diff --git a/node_modules/validate-npm-package-license/package.json b/node_modules/validate-npm-package-license/package.json deleted file mode 100644 index 9e92af4f44656..0000000000000 --- a/node_modules/validate-npm-package-license/package.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "name": "validate-npm-package-license", - "description": "Give me a string and I'll tell you if it's a valid npm package license string", - "version": "3.0.4", - "author": "Kyle E. Mitchell (https://kemitchell.com)", - "contributors": [ - "Mark Stacey " - ], - "dependencies": { - "spdx-correct": "^3.0.0", - "spdx-expression-parse": "^3.0.0" - }, - "devDependencies": { - "defence-cli": "^2.0.1", - "replace-require-self": "^1.0.0" - }, - "keywords": [ - "license", - "npm", - "package", - "validation" - ], - "license": "Apache-2.0", - "repository": "kemitchell/validate-npm-package-license.js", - "scripts": { - "test": "defence README.md | replace-require-self | node" - } -} diff --git a/package-lock.json b/package-lock.json index 1b650fcaf1974..eb57e44ef01f2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -105,7 +105,7 @@ "graceful-fs": "^4.2.11", "hosted-git-info": "^9.0.2", "ini": "^6.0.0", - "init-package-json": "^8.2.4", + "init-package-json": "^8.2.5", "is-cidr": "^6.0.3", "json-parse-even-better-errors": "^5.0.0", "libnpmaccess": "^10.0.3", @@ -6117,9 +6117,9 @@ } }, "node_modules/init-package-json": { - "version": "8.2.4", - "resolved": "https://registry.npmjs.org/init-package-json/-/init-package-json-8.2.4.tgz", - "integrity": "sha512-SqX/+tPl3sZD+IY0EuMiM1kK1B45h+P6JQPo3Q9zlqNINX2XiX3x/WSbYGFqS6YCkODNbGb3L5RawMrYE/cfKw==", + "version": "8.2.5", + "resolved": "https://registry.npmjs.org/init-package-json/-/init-package-json-8.2.5.tgz", + "integrity": "sha512-IknQ+upLuJU6t3p0uo9wS3GjFD/1GtxIwcIGYOWR8zL2HxQeJwvxYTgZr9brJ8pyZ4kvpkebM8ZKcyqOeLOHSg==", "inBundle": true, "license": "ISC", "dependencies": { @@ -6128,7 +6128,6 @@ "promzard": "^3.0.1", "read": "^5.0.1", "semver": "^7.7.2", - "validate-npm-package-license": "^3.0.4", "validate-npm-package-name": "^7.0.0" }, "engines": { @@ -10803,7 +10802,7 @@ }, "node_modules/spdx-correct": { "version": "3.2.0", - "inBundle": true, + "dev": true, "license": "Apache-2.0", "dependencies": { "spdx-expression-parse": "^3.0.0", @@ -10812,7 +10811,7 @@ }, "node_modules/spdx-correct/node_modules/spdx-expression-parse": { "version": "3.0.1", - "inBundle": true, + "dev": true, "license": "MIT", "dependencies": { "spdx-exceptions": "^2.1.0", @@ -14014,7 +14013,7 @@ }, "node_modules/validate-npm-package-license": { "version": "3.0.4", - "inBundle": true, + "dev": true, "license": "Apache-2.0", "dependencies": { "spdx-correct": "^3.0.0", @@ -14023,7 +14022,7 @@ }, "node_modules/validate-npm-package-license/node_modules/spdx-expression-parse": { "version": "3.0.1", - "inBundle": true, + "dev": true, "license": "MIT", "dependencies": { "spdx-exceptions": "^2.1.0", diff --git a/package.json b/package.json index 1dd48ef4775fa..4e9b607cf8174 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ "graceful-fs": "^4.2.11", "hosted-git-info": "^9.0.2", "ini": "^6.0.0", - "init-package-json": "^8.2.4", + "init-package-json": "^8.2.5", "is-cidr": "^6.0.3", "json-parse-even-better-errors": "^5.0.0", "libnpmaccess": "^10.0.3",