Giter Club home page Giter Club logo

clj-spdx's Introduction

release CI Dependencies
dev CI Dependencies

Latest Version License Open Issues Vulnerabilities

clj-spdx

A Clojure wrapper around Spdx-Java-Library, plus some bespoke functionality (e.g. custom SPDX expression parsing).

Note that that library's functionality is being wrapped on-demand by the author based on their needs in other projects, so this wrapper library is not yet comprehensive. Contributions of any kind are warmly welcomed, especially wrapping additional parts of the Java library!

Note also that this project has no official relationship with the SPDX project (who maintain Spdx-Java-Library), and this work is in no way associated with, or endorsed by, them.

Installation

clj-spdx is available as a Maven artifact from Clojars.

Trying it Out

Clojure CLI

$ clj -Sdeps '{:deps {com.github.pmonks/clj-spdx {:mvn/version "RELEASE"}}}'

Leiningen

$ lein try com.github.pmonks/clj-spdx

deps-try

$ deps-try com.github.pmonks/clj-spdx

Demo

(require '[spdx.licenses :as sl])

; This is optional but can be time consuming, so we run it explicitly to force
; population of the local Spdx-Java-Library cache.
(sl/init!)

(sl/ids)
;=> #{"MulanPSL-1.0" "OPUBL-1.0" "CC-BY-SA-1.0" [and many more]

(require '[spdx.exceptions :as se])

(se/ids)
;=> #{"GCC-exception-2.0-note" "Qwt-exception-1.0" [and many more]

(require '[spdx.matching :as sm])

(def apache-20-text (slurp "https://www.apache.org/licenses/LICENSE-2.0.txt"))
(sm/licenses-within-text apache-20-text)
;=> #{"Apache-2.0"}

(require '[spdx.expressions :as sexp])

(sexp/parse "GPL-2.0+ WITH Classpath-exception-2.0 OR Apache-2.0")
;=> [:or
;=>   {:license-id "Apache-2.0"}
;=>   {:license-id "GPL-2.0-or-later" :license-exception-id "Classpath-exception-2.0"}]

API Documentation

API documentation is available here, or here on cljdoc.

Contributor Information

Contributing Guidelines

Bug Tracker

Code of Conduct

Developer Workflow

This project uses the git-flow branching strategy, and the permanent branches are called release and dev. Any changes to the release branch are considered a release and auto-deployed (JARs to Clojars, API docs to GitHub Pages, etc.).

For this reason, all development must occur either in branch dev, or (preferably) in temporary branches off of dev. All PRs from forked repos must also be submitted against dev; the release branch is only updated from dev via PRs created by the core development team. All other changes submitted to release will be rejected.

Build Tasks

clj-spdx uses tools.build. You can get a list of available tasks by running:

clojure -A:deps -T:build help/doc

Of particular interest are:

  • clojure -T:build test - run the unit tests
  • clojure -T:build lint - run the linters (clj-kondo and eastwood)
  • clojure -T:build ci - run the full CI suite (check for outdated dependencies, run the unit tests, run the linters)
  • clojure -T:build install - build the JAR and install it locally (e.g. so you can test it with downstream code)

Please note that the release and deploy tasks are restricted to the core development team (and will not function if you run them yourself).

License

Copyright © 2023 Peter Monks

Distributed under the Apache License, Version 2.0.

SPDX-License-Identifier: Apache-2.0

clj-spdx's People

Contributors

pmonks avatar

Stargazers

 avatar  avatar

Watchers

 avatar  avatar  avatar

Forkers

petit-perou

clj-spdx's Issues

Consider simplifying logically redundant clauses in expressions

Currently, when a valid but logically redundant expression such as:

"Apache-2.0 AND Apache-2.0"

is parsed, spdx.expressions/parse returns:

[:and {:license-id "Apache-2.0"} {:license-id "Apache-2.0"}]

which is logically equivalent to:

{:license-id "Apache-2.0"}

An implementation of this simplification should be considered, controllable via an option (e.g. :collapse-redundant-clauses?), and defaulting to true (enabled).

SPDX 3.0 support

SPDX v3.0 is currently in RC and a GA will likely be available soon, and while it mostly doesn't impact clj-spdx (being mostly model changes, which this library doesn't yet implement), there will be some changes necessary, including:

  • Waiting for spdx/Spdx-Java-Library#178 (note: technically optional, given we don't use the model classes from that library that are most affected by the new version of the spec)
  • Update the SPDX expression parser to support AdditionRefs (done in rev e75f9cd)

Represent SPDX operator precedence in parse trees

Currently the parse trees returned from spdx.expressions/parse don't represent the precedence order for AND and OR (as specified in Annex D of the SPDX specification). Rather than leaving this to users of clj-spdx, the library should explicitly represent operator precedence (i.e. by introducing grouping where it didn't exist in the original expression) to make it explicit.

For example, this SPDX expression:

GPL-3.0 OR MIT AND Apache-2.0

should be parsed to:

[{license-id "GPL-3.0-only"} :or [{license-id "MIT"} :and {license-id "Apache-2.0"}]]

Consider caching Spdx-Java-library state

The Spdx-Java-Library is exceptionally expensive to initialise with the basic reference data (license and exception lists, templates etc.). On my laptop it generally takes more than a minute to pull this information down, parse it, and load it into memory.

There may be a way to cache the library's state to disk (e.g. via serialisation, perhaps using nippy) and only incur the cost of initialisation when the lists have changes (which can be determined via an eTag request to the two list URLs).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.