license file glob question

[bbarry]

I'm following angular/angular-cli#16291 with respect to angular/angular-cli#14095 (comment) and note that the https://github.com/iconic/open-iconic package utilizes a pair of licenses with files ./FONT-LICENSE and ./ICON-LICENSE which are not picked up by this tool because the file glob https://github.com/microsoft/license-checker-webpack-plugin/blob/master/src/licenseUtils.js#L12 is for files starting with LICENSE and doesn't match those.

Is there any available standard for how license files should be named, and if so is there a bug in this glob or over in open-iconic?

[unindented]

I don't think there's a proper standard, more of a de-facto standard, which is to name your license files with LICENSE. Other popular license checking libraries like license-checker also search for files starting with LICENSE: https://github.com/davglass/license-checker/blob/de6e9a42513aa38a58efc6b202ee5281ed61f486/lib/license-files.js#L3-L10

[bbarry]

Closest thing I can find to something that looks like an attempt to fit a machine usable pattern is https://softwareengineering.stackexchange.com/questions/304874/declaring-multiple-licences-in-a-github-project/371435#371435

Which suggests that this project should be processing a README* file in the package root for a SPDX-License-Identifier line and accompanying LICENSE file as well as (in this case) LICENSE.MIT and LICENSE.OFL-1.1 files.

[bbarry]

Similarly https://docs.npmjs.com/files/package.json#license says that the license property should be a SPDX expression and that the array format is deprecated. It further suggests that license files may have any extension:

Some special files and directories are also included or excluded regardless of whether they exist in the files array (see below).

...

• package.json
• README
• CHANGES / CHANGELOG / HISTORY
• LICENSE / LICENCE
• NOTICE
• The file in the “main” field

README, CHANGES, LICENSE & NOTICE can have any case and extension.

It is not immediately clear to me that this indicates multiple licenses will be included in the package by default when they each meet that requirement (either "LICENSE" or "LICENCE" or "LICENSE.*" or "LICENCE.*") but judging from various stack exchange posts this seems reasonable.

[bbarry]

Perhaps there should be changes made to this project in light of the above:

1. should look for glob patterns LICENSE, and LICENCE or those with an extension
2. in the event of an array license member in package.json, produce some sort of notice about an ambiguity
3. in the event of a failure to process an SPDX id from the license member (either from the string member or the type member of the object version), attempt to get an id from the README
4. if that fails look for a single line version of a LICENSE file and parse that as an SPDX id.

[unindented]

1. The project already looks for LICENSE*, which would include files with an extension:

   license-checker-webpack-plugin/src/licenseUtils.js

   Line 12 in 1b607b0

   const licenseGlob = "LICENSE*";

2. The project handles arrays by turning them into a valid SPDX expression:

   license-checker-webpack-plugin/src/licenseUtils.js

   Lines 32 to 36 in 1b607b0

   	if (pkg.licenses && Array.isArray(pkg.licenses)) {
   	const licenseName = pkg.licenses.map(license => license.type).join(" OR ");
   	// Return the list of licenses as a composite license expression
   	return pkg.licenses.length > 1 ? `(${licenseName})` : licenseName;
   	}

3. We'd welcome a PR
4. We'd welcome a PR

[rickysullivan-gallagher]

A PR for point 1. #32