Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: correctly handle object licenses in SBOM generation #6969

Merged
merged 2 commits into from
Nov 6, 2023

Commits on Nov 6, 2023

  1. Document current license SPDX behaviour

    As a step towards resolving npm#6966, we should document how SPDX SBOM
    generation works with a single string license or license expression.
    jamietanna committed Nov 6, 2023
    Configuration menu
    Copy the full SHA
    002be85 View commit details
    Browse the repository at this point in the history
  2. Correctly handle license objects in SBOM generation

    As a means to resolve npm#6966, we can tweak the way we handle licenses,
    where receiving a license object, instead of license string, results in
    a malformed SPDX JSON SBOM.
    
    While working on this, it was noted that CycloneDX also needed to be
    amended, as it was omitting any license objects.
    
    Closes npm#6966.
    jamietanna committed Nov 6, 2023
    Configuration menu
    Copy the full SHA
    0d1d79f View commit details
    Browse the repository at this point in the history