Open
Description
For license strings containing logical operators as defined for SPDX (or similar to them):
https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
License checker currently produces incorrect and dangerous results during the flatten -> license calls:
Input:
name = "simpler-sidebar"
version = "1.4.5"
license = "(MIT and GPL-2.0)"
Output:
licenses = "MIT*"
This is because of this "sub - string" check:
var MIT = /\bMIT\b/;
...
} else if (MIT.test(str)) {
return 'MIT*';
Example of affected package.json files:
https://github.com/jqPlot/jqPlot/blob/1.0.9/package.json#L36
https://github.com/gitter-badger/simpler-sidebar/blob/v1.4.5/package.json#L11
https://github.com/maranomynet/formatchange/blob/v2.3.1/package.json#L28
Metadata
Metadata
Assignees
Labels
No labels