forked from npm/cli
-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Document current license SPDX behaviour
As a step towards resolving npm#6966, we should document how SPDX SBOM generation works with a single string license or license expression.
- Loading branch information
1 parent
e91d5c6
commit 002be85
Showing
2 changed files
with
106 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -504,3 +504,93 @@ exports[`test/lib/utils/sbom-spdx.js TAP single node - with integrity > must mat | |
| ] | ||
| } | ||
| ` | ||
|
|
||
| exports[`test/lib/utils/sbom-spdx.js TAP single node - with license expression > must match snapshot 1`] = ` | ||
| { | ||
| "spdxVersion": "SPDX-2.3", | ||
| "dataLicense": "CC0-1.0", | ||
| "SPDXID": "SPDXRef-DOCUMENT", | ||
| "name": "[email protected]", | ||
| "documentNamespace": "docns", | ||
| "creationInfo": { | ||
| "created": "2020-01-01T00:00:00.000Z", | ||
| "creators": [ | ||
| "Tool: npm/cli-10.0.0 " | ||
| ] | ||
| }, | ||
| "documentDescribes": [ | ||
| "SPDXRef-Package-root-1.0.0" | ||
| ], | ||
| "packages": [ | ||
| { | ||
| "name": "root", | ||
| "SPDXID": "SPDXRef-Package-root-1.0.0", | ||
| "versionInfo": "1.0.0", | ||
| "packageFileName": "", | ||
| "downloadLocation": "NOASSERTION", | ||
| "filesAnalyzed": false, | ||
| "homepage": "NOASSERTION", | ||
| "licenseDeclared": "(MIT OR Apache-2.0)", | ||
| "externalRefs": [ | ||
| { | ||
| "referenceCategory": "PACKAGE-MANAGER", | ||
| "referenceType": "purl", | ||
| "referenceLocator": "pkg:npm/[email protected]" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "relationships": [ | ||
| { | ||
| "spdxElementId": "SPDXRef-DOCUMENT", | ||
| "relatedSpdxElement": "SPDXRef-Package-root-1.0.0", | ||
| "relationshipType": "DESCRIBES" | ||
| } | ||
| ] | ||
| } | ||
| ` | ||
|
|
||
| exports[`test/lib/utils/sbom-spdx.js TAP single node - with single license > must match snapshot 1`] = ` | ||
| { | ||
| "spdxVersion": "SPDX-2.3", | ||
| "dataLicense": "CC0-1.0", | ||
| "SPDXID": "SPDXRef-DOCUMENT", | ||
| "name": "[email protected]", | ||
| "documentNamespace": "docns", | ||
| "creationInfo": { | ||
| "created": "2020-01-01T00:00:00.000Z", | ||
| "creators": [ | ||
| "Tool: npm/cli-10.0.0 " | ||
| ] | ||
| }, | ||
| "documentDescribes": [ | ||
| "SPDXRef-Package-root-1.0.0" | ||
| ], | ||
| "packages": [ | ||
| { | ||
| "name": "root", | ||
| "SPDXID": "SPDXRef-Package-root-1.0.0", | ||
| "versionInfo": "1.0.0", | ||
| "packageFileName": "", | ||
| "downloadLocation": "NOASSERTION", | ||
| "filesAnalyzed": false, | ||
| "homepage": "NOASSERTION", | ||
| "licenseDeclared": "ISC", | ||
| "externalRefs": [ | ||
| { | ||
| "referenceCategory": "PACKAGE-MANAGER", | ||
| "referenceType": "purl", | ||
| "referenceLocator": "pkg:npm/[email protected]" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "relationships": [ | ||
| { | ||
| "spdxElementId": "SPDXRef-DOCUMENT", | ||
| "relatedSpdxElement": "SPDXRef-Package-root-1.0.0", | ||
| "relationshipType": "DESCRIBES" | ||
| } | ||
| ] | ||
| } | ||
| ` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters