normalize-package-data@2.2.1

"license" now supports UNLICEN[SC]ED and "SEE LICEN[SC]E IN <filename>" courtesy @kemitchell PR-URL: https://github.com/npm/normalize-package-data/pull/65
author: Forrest L Norvell <forrest@npmjs.com> 2015-06-19 11:34:06 +0300
committer: Forrest L Norvell <forrest@npmjs.com> 2015-06-19 11:34:06 +0300
commit: 4827fc784117c17f35dd9b51b21d1eff6094f661 (patch)
tree: 091c344098a276117afee6c63772117bca565c40 /node_modules
parent: e6c61954aad42e20eec49745615c7640b2026a6c (diff)
13 files changed, 22 insertions, 18 deletions
diff --git a/node_modules/normalize-package-data/README.md b/node_modules/normalize-package-data/README.md
index 0b9d7b5b4..da4d9f651 100644
--- a/node_modules/normalize-package-data/README.md
+++ b/node_modules/normalize-package-data/README.md
@@ -95,7 +95,7 @@ If `version` field is given, the value of the version field must be a valid *sem
 
 ### Rules for license field
 
-The `license` field should be a valid *SDPDX license expression* string, as determined by the `spdx.valid` method. See [documentation for the spdx module](https://github.com/kemitchell/spdx.js).
+The `license` field should be a valid *SDPDX license expression* or one of the special values allowed by [validate-npm-package-license](https://npmjs.com/packages/validate-npm-package-license). See [documentation for the license field in package.json](https://docs.npmjs.com/files/package.json#license).
 
 ## Credits
 
diff --git a/node_modules/normalize-package-data/lib/fixer.js b/node_modules/normalize-package-data/lib/fixer.js
index 3d9380b6e..c96f0bcc4 100644
--- a/node_modules/normalize-package-data/lib/fixer.js
+++ b/node_modules/normalize-package-data/lib/fixer.js
@@ -1,5 +1,5 @@
 var semver = require("semver")
-var spdx = require('spdx');
+var validateLicense = require('validate-npm-package-license');
 var hostedGitInfo = require("hosted-git-info")
 var depTypes = ["dependencies","devDependencies","optionalDependencies"]
 var extractDescription = require("./extract_description")
@@ -292,12 +292,16 @@ var fixer = module.exports = {
 , fixLicenseField: function(data) {
     if (!data.license) {
       return this.warn("missingLicense")
-    } else if (
-      typeof(data.license) !== 'string' ||
-      data.license.length < 1 ||
-      !spdx.valid(data.license)
-    ) {
-      this.warn("nonSPDXLicense")
+    } else{
+      if (
+        typeof(data.license) !== 'string' ||
+        data.license.length < 1
+      ) {
+        this.warn("invalidLicense")
+      } else {
+        if (!validateLicense(data.license).validForNewPackages)
+          this.warn("invalidLicense")
+      }
     }
   }
 }
diff --git a/node_modules/normalize-package-data/lib/warning_messages.json b/node_modules/normalize-package-data/lib/warning_messages.json
index 3bfce72cd..5fd19f322 100644
--- a/node_modules/normalize-package-data/lib/warning_messages.json
+++ b/node_modules/normalize-package-data/lib/warning_messages.json
@@ -25,7 +25,7 @@
   ,"nonEmailBugsEmailField": "bugs.email field must be a string email. Deleted."
   ,"emptyNormalizedBugs": "Normalized value of bugs field is an empty object. Deleted."
   ,"nonUrlHomepage": "homepage field must be a string url. Deleted."
-  ,"nonSPDXLicense": "license should be a valid SPDX license expression"
+  ,"invalidLicense": "license should be a valid SPDX license expression"
   ,"missingProtocolHomepage": "homepage field must start with a protocol."
   ,"typo": "%s should probably be %s."
 }
diff --git a/node_modules/normalize-package-data/package.json b/node_modules/normalize-package-data/package.json
index 44ca4d586..f81f30f06 100644
--- a/node_modules/normalize-package-data/package.json
+++ b/node_modules/normalize-package-data/package.json
@@ -1,6 +1,6 @@
 {
   "name": "normalize-package-data",
-  "version": "2.2.1",
+  "version": "2.3.0",
   "author": {
     "name": "Meryn Stol",
     "email": "merynstol@gmail.com"
@@ -18,7 +18,7 @@
   "dependencies": {
     "hosted-git-info": "^2.0.2",
     "semver": "2 || 3 || 4",
-    "spdx": "^0.4.0"
+    "validate-npm-package-license": "^2.0.0"
   },
   "devDependencies": {
     "async": "~0.9.0",
@@ -39,14 +39,14 @@
       "email": "rok@kowalski.gd"
     }
   ],
-  "readme": "# normalize-package-data [![Build Status](https://travis-ci.org/npm/normalize-package-data.png?branch=master)](https://travis-ci.org/npm/normalize-package-data)\n\nnormalize-package data exports a function that normalizes package metadata. This data is typically found in a package.json file, but in principle could come from any source - for example the npm registry.\n\nnormalize-package-data is used by [read-package-json](https://npmjs.org/package/read-package-json) to normalize the data it reads from a package.json file. In turn, read-package-json is used by [npm](https://npmjs.org/package/npm) and various npm-related tools.\n\n## Installation\n\n```\nnpm install normalize-package-data\n```\n\n## Usage\n\nBasic usage is really simple. You call the function that normalize-package-data exports. Let's call it `normalizeData`.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nnormalizeData(packageData)\n// packageData is now normalized\n```\n\n#### Strict mode\n\nYou may activate strict validation by passing true as the second argument.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nwarnFn = function(msg) { console.error(msg) }\nnormalizeData(packageData, true)\n// packageData is now normalized\n```\n\nIf strict mode is activated, only Semver 2.0 version strings are accepted. Otherwise, Semver 1.0 strings are accepted as well. Packages must have a name, and the name field must not have contain leading or trailing whitespace.\n\n#### Warnings\n\nOptionally, you may pass a \"warning\" function. It gets called whenever the `normalizeData` function encounters something that doesn't look right. It indicates less than perfect input data.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nwarnFn = function(msg) { console.error(msg) }\nnormalizeData(packageData, warnFn)\n// packageData is now normalized. Any number of warnings may have been logged.\n```\n\nYou may combine strict validation with warnings by passing `true` as the second argument, and `warnFn` as third.\n\nWhen `private` field is set to `true`, warnings will be suppressed.\n\n### Potential exceptions\n\nIf the supplied data has an invalid name or version vield, `normalizeData` will throw an error. Depending on where you call `normalizeData`, you may want to catch these errors so can pass them to a callback.\n\n## What normalization (currently) entails\n\n* The value of `name` field gets trimmed (unless in strict mode).\n* The value of the `version` field gets cleaned by `semver.clean`. See [documentation for the semver module](https://github.com/isaacs/node-semver).\n* If `name` and/or `version` fields are missing, they are set to empty strings.\n* If `files` field is not an array, it will be removed.\n* If `bin` field is a string, then `bin` field will become an object with `name` set to the value of the `name` field, and `bin` set to the original string value.\n* If `man` field is a string, it will become an array with the original string as its sole member.\n* If `keywords` field is string, it is considered to be a list of keywords separated by one or more white-space characters. It gets converted to an array by splitting on `\\s+`.\n* All people fields (`author`, `maintainers`, `contributors`) get converted into objects with name, email and url properties.\n* If `bundledDependencies` field (a typo) exists and `bundleDependencies` field does not, `bundledDependencies` will get renamed to `bundleDependencies`.\n* If the value of any of the dependencies fields  (`dependencies`, `devDependencies`, `optionalDependencies`) is a string, it gets converted into an object with familiar `name=>value` pairs.\n* The values in `optionalDependencies` get added to `dependencies`. The `optionalDependencies` array is left untouched.\n* As of v2: Dependencies that point at known hosted git providers (currently: github, bitbucket, gitlab) will have their URLs canonicalized, but protocols will be preserved.\n* As of v2: Dependencies that use shortcuts for hosted git providers (`org/proj`, `github:org/proj`, `bitbucket:org/proj`, `gitlab:org/proj`, `gist:docid`) will have the shortcut left in place. (In the case of github, the `org/proj` form will be expanded to `github:org/proj`.) THIS MARKS A BREAKING CHANGE FROM V1, where the shorcut was previously expanded to a URL.\n* If `description` field does not exist, but `readme` field does, then (more or less) the first paragraph of text that's found in the readme is taken as value for `description`.\n* If `repository` field is a string, it will become an object with `url` set to the original string value, and `type` set to `\"git\"`.\n* If `repository.url` is not a valid url, but in the style of \"[owner-name]/[repo-name]\", `repository.url` will be set to https://github.com/[owner-name]/[repo-name]\n* If `bugs` field is a string, the value of `bugs` field is changed into an object with `url` set to the original string value.\n* If `bugs` field does not exist, but `repository` field points to a repository hosted on GitHub, the value of the `bugs` field gets set to an url in the form of https://github.com/[owner-name]/[repo-name]/issues . If the repository field points to a GitHub Gist repo url, the associated http url is chosen.\n* If `bugs` field is an object, the resulting value only has email and url properties. If email and url properties are not strings, they are ignored. If no valid values for either email or url is found, bugs field will be removed.\n* If `homepage` field is not a string, it will be removed.\n* If the url in the `homepage` field does not specify a protocol, then http is assumed. For example, `myproject.org` will be changed to `http://myproject.org`.\n* If `homepage` field does not exist, but `repository` field points to a repository hosted on GitHub, the value of the `homepage` field gets set to an url in the form of https://github.com/[owner-name]/[repo-name]/ . If the repository field points to a GitHub Gist repo url, the associated http url is chosen.\n\n### Rules for name field\n\nIf `name` field is given, the value of the name field must be a string. The string may not:\n\n* start with a period.\n* contain the following characters: `/@\\s+%`\n* contain and characters that would need to be encoded for use in urls.\n* resemble the word `node_modules` or `favicon.ico` (case doesn't matter).\n\n### Rules for version field\n\nIf `version` field is given, the value of the version field must be a valid *semver* string, as determined by the `semver.valid` method. See [documentation for the semver module](https://github.com/isaacs/node-semver).\n\n### Rules for license field\n\nThe `license` field should be a valid *SDPDX license expression* string, as determined by the `spdx.valid` method. See [documentation for the spdx module](https://github.com/kemitchell/spdx.js).\n\n## Credits\n\nThis package contains code based on read-package-json written by Isaac Z. Schlueter. Used with permisson.\n\n## License\n\nnormalize-package-data is released under the [BSD 2-Clause License](http://opensource.org/licenses/MIT).  \nCopyright (c) 2013 Meryn Stol  \n",
+  "readme": "# normalize-package-data [![Build Status](https://travis-ci.org/npm/normalize-package-data.png?branch=master)](https://travis-ci.org/npm/normalize-package-data)\n\nnormalize-package data exports a function that normalizes package metadata. This data is typically found in a package.json file, but in principle could come from any source - for example the npm registry.\n\nnormalize-package-data is used by [read-package-json](https://npmjs.org/package/read-package-json) to normalize the data it reads from a package.json file. In turn, read-package-json is used by [npm](https://npmjs.org/package/npm) and various npm-related tools.\n\n## Installation\n\n```\nnpm install normalize-package-data\n```\n\n## Usage\n\nBasic usage is really simple. You call the function that normalize-package-data exports. Let's call it `normalizeData`.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nnormalizeData(packageData)\n// packageData is now normalized\n```\n\n#### Strict mode\n\nYou may activate strict validation by passing true as the second argument.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nwarnFn = function(msg) { console.error(msg) }\nnormalizeData(packageData, true)\n// packageData is now normalized\n```\n\nIf strict mode is activated, only Semver 2.0 version strings are accepted. Otherwise, Semver 1.0 strings are accepted as well. Packages must have a name, and the name field must not have contain leading or trailing whitespace.\n\n#### Warnings\n\nOptionally, you may pass a \"warning\" function. It gets called whenever the `normalizeData` function encounters something that doesn't look right. It indicates less than perfect input data.\n\n```javascript\nnormalizeData = require('normalize-package-data')\npackageData = fs.readFileSync(\"package.json\")\nwarnFn = function(msg) { console.error(msg) }\nnormalizeData(packageData, warnFn)\n// packageData is now normalized. Any number of warnings may have been logged.\n```\n\nYou may combine strict validation with warnings by passing `true` as the second argument, and `warnFn` as third.\n\nWhen `private` field is set to `true`, warnings will be suppressed.\n\n### Potential exceptions\n\nIf the supplied data has an invalid name or version vield, `normalizeData` will throw an error. Depending on where you call `normalizeData`, you may want to catch these errors so can pass them to a callback.\n\n## What normalization (currently) entails\n\n* The value of `name` field gets trimmed (unless in strict mode).\n* The value of the `version` field gets cleaned by `semver.clean`. See [documentation for the semver module](https://github.com/isaacs/node-semver).\n* If `name` and/or `version` fields are missing, they are set to empty strings.\n* If `files` field is not an array, it will be removed.\n* If `bin` field is a string, then `bin` field will become an object with `name` set to the value of the `name` field, and `bin` set to the original string value.\n* If `man` field is a string, it will become an array with the original string as its sole member.\n* If `keywords` field is string, it is considered to be a list of keywords separated by one or more white-space characters. It gets converted to an array by splitting on `\\s+`.\n* All people fields (`author`, `maintainers`, `contributors`) get converted into objects with name, email and url properties.\n* If `bundledDependencies` field (a typo) exists and `bundleDependencies` field does not, `bundledDependencies` will get renamed to `bundleDependencies`.\n* If the value of any of the dependencies fields  (`dependencies`, `devDependencies`, `optionalDependencies`) is a string, it gets converted into an object with familiar `name=>value` pairs.\n* The values in `optionalDependencies` get added to `dependencies`. The `optionalDependencies` array is left untouched.\n* As of v2: Dependencies that point at known hosted git providers (currently: github, bitbucket, gitlab) will have their URLs canonicalized, but protocols will be preserved.\n* As of v2: Dependencies that use shortcuts for hosted git providers (`org/proj`, `github:org/proj`, `bitbucket:org/proj`, `gitlab:org/proj`, `gist:docid`) will have the shortcut left in place. (In the case of github, the `org/proj` form will be expanded to `github:org/proj`.) THIS MARKS A BREAKING CHANGE FROM V1, where the shorcut was previously expanded to a URL.\n* If `description` field does not exist, but `readme` field does, then (more or less) the first paragraph of text that's found in the readme is taken as value for `description`.\n* If `repository` field is a string, it will become an object with `url` set to the original string value, and `type` set to `\"git\"`.\n* If `repository.url` is not a valid url, but in the style of \"[owner-name]/[repo-name]\", `repository.url` will be set to https://github.com/[owner-name]/[repo-name]\n* If `bugs` field is a string, the value of `bugs` field is changed into an object with `url` set to the original string value.\n* If `bugs` field does not exist, but `repository` field points to a repository hosted on GitHub, the value of the `bugs` field gets set to an url in the form of https://github.com/[owner-name]/[repo-name]/issues . If the repository field points to a GitHub Gist repo url, the associated http url is chosen.\n* If `bugs` field is an object, the resulting value only has email and url properties. If email and url properties are not strings, they are ignored. If no valid values for either email or url is found, bugs field will be removed.\n* If `homepage` field is not a string, it will be removed.\n* If the url in the `homepage` field does not specify a protocol, then http is assumed. For example, `myproject.org` will be changed to `http://myproject.org`.\n* If `homepage` field does not exist, but `repository` field points to a repository hosted on GitHub, the value of the `homepage` field gets set to an url in the form of https://github.com/[owner-name]/[repo-name]/ . If the repository field points to a GitHub Gist repo url, the associated http url is chosen.\n\n### Rules for name field\n\nIf `name` field is given, the value of the name field must be a string. The string may not:\n\n* start with a period.\n* contain the following characters: `/@\\s+%`\n* contain and characters that would need to be encoded for use in urls.\n* resemble the word `node_modules` or `favicon.ico` (case doesn't matter).\n\n### Rules for version field\n\nIf `version` field is given, the value of the version field must be a valid *semver* string, as determined by the `semver.valid` method. See [documentation for the semver module](https://github.com/isaacs/node-semver).\n\n### Rules for license field\n\nThe `license` field should be a valid *SDPDX license expression* or one of the special values allowed by [validate-npm-package-license](https://npmjs.com/packages/validate-npm-package-license). See [documentation for the license field in package.json](https://docs.npmjs.com/files/package.json#license).\n\n## Credits\n\nThis package contains code based on read-package-json written by Isaac Z. Schlueter. Used with permisson.\n\n## License\n\nnormalize-package-data is released under the [BSD 2-Clause License](http://opensource.org/licenses/MIT).  \nCopyright (c) 2013 Meryn Stol  \n",
   "readmeFilename": "README.md",
-  "gitHead": "e319259b7ebac34c470ae0dc55610befa711dbb6",
+  "gitHead": "2b006a6d53490fc053ba5ee727d36fbb4ff64868",
   "bugs": {
     "url": "https://github.com/npm/normalize-package-data/issues"
   },
   "homepage": "https://github.com/npm/normalize-package-data#readme",
-  "_id": "normalize-package-data@2.2.1",
-  "_shasum": "0e00ebd73ac065eb19092fd313531dd291a0e045",
-  "_from": "normalize-package-data@latest"
+  "_id": "normalize-package-data@2.3.0",
+  "_shasum": "5a81b77a6bc2edcea5fceb380d3e34ae28059f51",
+  "_from": "normalize-package-data@>=2.3.0 <2.4.0"
 }
diff --git a/node_modules/normalize-package-data/test/normalize.js b/node_modules/normalize-package-data/test/normalize.js
index 3dce3c057..de6f1ce5b 100644
--- a/node_modules/normalize-package-data/test/normalize.js
+++ b/node_modules/normalize-package-data/test/normalize.js
@@ -160,7 +160,7 @@ tap.test("license field should be a valid SPDX expression", function(t) {
     [ warningMessages.missingDescription,
       warningMessages.missingRepository,
       warningMessages.missingReadme,
-      warningMessages.nonSPDXLicense]
+      warningMessages.invalidLicense]
   t.same(warnings, expect)
   t.end()
 })
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/LICENSE b/node_modules/validate-npm-package-license/LICENSE
index a5e905d55..a5e905d55 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/LICENSE
+++ b/node_modules/validate-npm-package-license/LICENSE
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/README.md b/node_modules/validate-npm-package-license/README.md
index b71e26e06..b71e26e06 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/README.md
+++ b/node_modules/validate-npm-package-license/README.md
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/index.js b/node_modules/validate-npm-package-license/index.js
index 2e9bc195d..2e9bc195d 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/index.js
+++ b/node_modules/validate-npm-package-license/index.js
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/LICENSE b/node_modules/validate-npm-package-license/node_modules/spdx-correct/LICENSE
index a5e905d55..a5e905d55 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/LICENSE
+++ b/node_modules/validate-npm-package-license/node_modules/spdx-correct/LICENSE
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/README.md b/node_modules/validate-npm-package-license/node_modules/spdx-correct/README.md
index 05cd9947d..05cd9947d 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/README.md
+++ b/node_modules/validate-npm-package-license/node_modules/spdx-correct/README.md
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/package.json b/node_modules/validate-npm-package-license/node_modules/spdx-correct/package.json
index d0946e3e2..d0946e3e2 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/package.json
+++ b/node_modules/validate-npm-package-license/node_modules/spdx-correct/package.json
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/spdx-correct.js b/node_modules/validate-npm-package-license/node_modules/spdx-correct/spdx-correct.js
index 094712d62..094712d62 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/node_modules/spdx-correct/spdx-correct.js
+++ b/node_modules/validate-npm-package-license/node_modules/spdx-correct/spdx-correct.js
diff --git a/node_modules/init-package-json/node_modules/validate-npm-package-license/package.json b/node_modules/validate-npm-package-license/package.json
index fb61000ad..beb00f8bf 100644
--- a/node_modules/init-package-json/node_modules/validate-npm-package-license/package.json
+++ b/node_modules/validate-npm-package-license/package.json
@@ -37,7 +37,7 @@
   "gitHead": "24544d4688f7cc9ed9685a3f9f90bd3f3bed58c0",
   "_id": "validate-npm-package-license@2.0.0",
   "_shasum": "ce0a29300edfa07e6ac6ad52eed8d6dfd194e42b",
-  "_from": "validate-npm-package-license@>=2.0.0 <3.0.0",
+  "_from": "validate-npm-package-license@2.0.0",
   "_npmVersion": "2.11.1",
   "_nodeVersion": "2.3.0",
   "_npmUser": {
author	Forrest L Norvell <forrest@npmjs.com>	2015-06-19 11:34:06 +0300
committer	Forrest L Norvell <forrest@npmjs.com>	2015-06-19 11:34:06 +0300
commit	4827fc784117c17f35dd9b51b21d1eff6094f661 (patch)
tree	091c344098a276117afee6c63772117bca565c40 /node_modules
parent	e6c61954aad42e20eec49745615c7640b2026a6c (diff)