register spdx lib as ES Module, start converting call sites to use new spdx pkg - TODO: update tests

__tests__/spdx.test.ts

@@ -0,0 +1,11 @@
+import {expect, jest, test} from '@jest/globals'
+import * as spdx from '../src/spdx'
+
+test('hello', () => {
+  expect(spdx.satisfies('MIT', 'MIT')).toBe(true)
+})
+
+test('isValid', () => {
+  expect(spdx.isValid('MIT')).toBe(true)
+  expect(spdx.isValid('FOOBARBAZ')).toBe(false)
+})

src/config.ts

@@ -4,7 +4,8 @@ import YAML from 'yaml'
 import * as core from '@actions/core'
 import * as z from 'zod'
 import {ConfigurationOptions, ConfigurationOptionsSchema} from './schemas'
-import {isSPDXValid, octokitClient} from './utils'
+import {octokitClient} from './utils'
+import {isValidSPDX} from './spdx'
 
 type ConfigurationOptionsPartial = Partial<ConfigurationOptions>
 
@@ -113,7 +114,7 @@ function validateLicenses(
     return
   }
 
-  const invalid_licenses = licenses.filter(license => !isSPDXValid(license))
+  const invalid_licenses = licenses.filter(license => !isValidSPDX(license))
 
   if (invalid_licenses.length > 0) {
     throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`)

src/licenses.ts

@@ -1,7 +1,8 @@
 import spdxSatisfies from 'spdx-satisfies'
 import {Change, Changes} from './schemas'
-import {isSPDXValid, octokitClient} from './utils'
+import {octokitClient} from './utils'
 import {parsePURL} from './purl'
+import {isValidSPDX} from './spdx'
 
 /**
  * Loops through a list of changes, filtering and returning the
@@ -161,10 +162,11 @@ const setGHLicenses = async (changes: Change[]): Promise<Change[]> => {
 
   return Promise.all(updatedChanges)
 }
+
 // Currently Dependency Graph licenses are truncated to 255 characters
 // This possibly makes them invalid spdx ids
 const truncatedDGLicense = (license: string): boolean =>
-  license.length === 255 && !isSPDXValid(license)
+  license.length === 255 && !isValidSPDX(license)
 
 async function groupChanges(
   changes: Changes

src/spdx.ts

@@ -0,0 +1,19 @@
+import * as spdx from '@onebeyond/spdx-license-satisfies'
+import parse from 'spdx-expression-parse'
+
+export function satisfies(
+  candidateExpr: string,
+  constraintExpr: string
+): boolean {
+  return spdx.satisfies(candidateExpr, constraintExpr)
+}
+
+// can be a single license or an SPDX expression
+export function isValidSPDX(spdxExpr: string): boolean {
+  try {
+    parse(spdxExpr)
+    return true
+  } catch (_) {
+    return false
+  }
+}

src/utils.ts

@@ -1,6 +1,5 @@
 import * as core from '@actions/core'
 import {Octokit} from 'octokit'
-import spdxParse from 'spdx-expression-parse'
 import {Changes} from './schemas'
 
 export function groupDependenciesByManifest(
@@ -34,15 +33,6 @@ export function renderUrl(url: string | null, text: string): string {
   }
 }
 
-export function isSPDXValid(license: string): boolean {
-  try {
-    spdxParse(license)
-    return true
-  } catch (_) {
-    return false
-  }
-}
-
 function isEnterprise(): boolean {
   const serverUrl = new URL(
     process.env['GITHUB_SERVER_URL'] ?? 'https://github.com'

tsconfig.json

@@ -5,7 +5,9 @@
     "outDir": "./lib" /* Redirect output structure to the directory. */,
     "strict": true /* Enable all strict type-checking options. */,
     "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
-    "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
+    "typeRoots": [ "./node_modules/@types", "./types" ],
+    "types": [ "node", "jest", "spdx-license-satisfies" ]
   },
   "exclude": ["node_modules"]
 }

types/spdx-license-satisfies.d.ts

@@ -0,0 +1,6 @@
+declare module '@onebeyond/spdx-license-satisfies' {
+  export function satisfies(
+    candidateExpr: string,
+    constraintExpr: string
+  ): boolean
+}