Skip to content

feat!: remove spdx expression validation#1382

Merged
jkowalleck merged 9 commits intofeat/10.0.0-devfrom
feat/remove-SPDX-expression-validation
Feb 20, 2026
Merged

feat!: remove spdx expression validation#1382
jkowalleck merged 9 commits intofeat/10.0.0-devfrom
feat/remove-SPDX-expression-validation

Conversation

@jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Feb 20, 2026
edited
Loading

Description

  • Constructor of Contrib.License.Factories.LicenseFactory got an injectable argument spdxExpressionValidate for validating SPDX Expressions
  • Dependency spdx-expression-parse became a suggested (optional peer-dependency) library
    Used as an injectable in Contrib.License.Factories.LicenseFactory.constructor.

Resolves or fixes issue:

AI Tool Disclosure

  • My contribution does not include any AI-generated content
  • My contribution includes AI-generated content, as disclosed below:
    • AI Tools: [e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]
    • LLMs and versions: [e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]
    • Prompts: [Summarize the key prompts or instructions given to the AI tools]

Affirmation

@jkowalleck
tests: fix browser tests
487de4b 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
feat!: SPDXexpression parser is an optional runtime dependency now
533f5e4 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
dings
aa520e1 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck requested a review from a team as a code owner February 20, 2026 13:36
@jkowalleck jkowalleck added enhancement New feature or request dependencies Pull requests that update a dependency file breaking change labels Feb 20, 2026
@read-the-docs-community
Copy link

read-the-docs-community bot commented Feb 20, 2026
edited
Loading

Documentation build overview

📚 CycloneDX JavaScript Library | 🛠️ Build #31488797 | 📁 Comparing faa5552 against latest (69ac857)


🔍 Preview build

Show files changed (53 files in total): 📝 7 modified | ➕ 2 added | ➖ 44 deleted
File Status
changelog.html 📝 modified
examples.html 📝 modified
index.html 📝 modified
typedoc/node/hierarchy.html 📝 modified
typedoc/node/index.html 📝 modified
typedoc/web/hierarchy.html 📝 modified
typedoc/web/index.html 📝 modified
typedoc/node/classes/Builders.FromNodePackageJson.ComponentBuilder.html ➖ deleted
typedoc/node/classes/Builders.FromNodePackageJson.ToolBuilder.html ➖ deleted
typedoc/node/classes/Contrib.FromNodePackageJson.Factories.PackageUrlFactory.html ➖ deleted
typedoc/node/classes/Contrib.PackageUrl.Factories.PackageUrlFactory.html ➖ deleted
typedoc/node/classes/Factories.FromNodePackageJson.ExternalReferenceFactory.html ➖ deleted
typedoc/node/classes/Factories.FromNodePackageJson.PackageUrlFactory.html ➖ deleted
typedoc/node/classes/Factories.LicenseFactory.html ➖ deleted
typedoc/node/classes/Factories.PackageUrlFactory.html ➖ deleted
typedoc/node/classes/Utils.LicenseUtility.LicenseEvidenceGatherer.html ➖ deleted
typedoc/node/functions/SPDX.isValidSpdxLicenseExpression.html ➖ deleted
typedoc/node/interfaces/Utils.LicenseUtility.FileAttachment.html ➖ deleted
typedoc/node/interfaces/Utils.LicenseUtility.FsUtils.html ➖ deleted
typedoc/node/interfaces/Utils.LicenseUtility.PathUtils.html ➖ deleted
typedoc/node/modules/Builders.FromNodePackageJson.html ➖ deleted
typedoc/node/modules/Builders.html ➖ deleted
typedoc/node/modules/Contrib.PackageUrl.Factories.html ➖ deleted
typedoc/node/modules/Contrib.PackageUrl.html ➖ deleted
typedoc/node/modules/Factories.FromNodePackageJson.html ➖ deleted
typedoc/node/modules/Factories.html ➖ deleted
typedoc/node/modules/Utils.BomUtility.html ➖ deleted
typedoc/node/modules/Utils.LicenseUtility.html ➖ deleted
typedoc/node/modules/Utils.NpmjsUtility.html ➖ deleted
typedoc/node/modules/Utils.html ➖ deleted
typedoc/node/types/Types.NodePackageJson.html ➖ deleted
typedoc/node/types/Utils.LicenseUtility.ErrorReporter.html ➖ deleted
typedoc/node/types/internal.SpdxExpressionValidate.html ➕ added
typedoc/node/variables/Types.assertNodePackageJson.html ➖ deleted
typedoc/node/variables/Types.isNodePackageJson.html ➖ deleted
typedoc/node/variables/Utils.BomUtility.randomSerialNumber.html ➖ deleted
typedoc/node/variables/Utils.NpmjsUtility.defaultRegistryMatcher.html ➖ deleted
typedoc/node/variables/Utils.NpmjsUtility.parsePackageIntegrity.html ➖ deleted
typedoc/web/classes/Contrib.PackageUrl.Factories.PackageUrlFactory.html ➖ deleted
typedoc/web/classes/Factories.LicenseFactory.html ➖ deleted
typedoc/web/classes/Factories.PackageUrlFactory.html ➖ deleted
typedoc/web/functions/SPDX.isValidSpdxLicenseExpression.html ➖ deleted
typedoc/web/interfaces/internal.NodePackageJson.html ➖ deleted
typedoc/web/modules/Contrib.PackageUrl.Factories.html ➖ deleted
typedoc/web/modules/Contrib.PackageUrl.html ➖ deleted
typedoc/web/modules/Factories.html ➖ deleted
typedoc/web/modules/Utils.BomUtility.html ➖ deleted
typedoc/web/modules/Utils.html ➖ deleted
typedoc/web/types/Types.NodePackageJson.html ➖ deleted
typedoc/web/types/internal.SpdxExpressionValidate.html ➕ added
typedoc/web/variables/Types.assertNodePackageJson.html ➖ deleted
typedoc/web/variables/Types.isNodePackageJson.html ➖ deleted
typedoc/web/variables/Utils.BomUtility.randomSerialNumber.html ➖ deleted

@jkowalleck
Merge remote-tracking branch 'origin/feat/10.0.0-dev' into feat/remov…
4e7a6b6 
…e-SPDX-expression-validation
@jkowalleck
tests
5f1bf13 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck jkowalleck mentioned this pull request Feb 20, 2026
Closed
4 tasks
@jkowalleck
docs
c4adddb 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
docs
bdb5c59 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
docs
290c818 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
docs
faa5552 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@codacy-production
Copy link

codacy-production bot commented Feb 20, 2026

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.02% (target: -1.00%) 100.00% (target: 90.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (b71be48) 26235 25809 98.38%
Head commit (faa5552) 26250 (+15) 25830 (+21) 98.40% (+0.02%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#1382) 23 23 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@jkowalleck jkowalleck linked an issue Feb 20, 2026 that may be closed by this pull request
feat!: (re)move non-standard implementations #1348
Closed
4 tasks
@jkowalleck jkowalleck added this to the v10.0.0 milestone Feb 20, 2026
@jkowalleck jkowalleck merged commit d6acb60 into feat/10.0.0-dev Feb 20, 2026
40 checks passed
@jkowalleck jkowalleck deleted the feat/remove-SPDX-expression-validation branch February 20, 2026 14:20
@jkowalleck jkowalleck mentioned this pull request Feb 20, 2026
Merged
jkowalleck added a commit that referenced this pull request Mar 2, 2026
@jkowalleck
v10.0.0 (#1376)
397ab83 
* **BREAKING** changes
  * Removed deprecated symbols
  * Removed PackageUrl factories
  * No longer use external standards' implementations directly
* Removed
  * Entrypoint `Builders` (via [#1377])
  * Entrypoint `Factories` (via [#1377])
  * Entrypoint `Utils` (via [#1377])
  * Entrypoint `Contrib/PackageUrl` (via [#1378])
  * Deprecated symbol `Builders` ([#1346] via [#1377])
* Deprecated symbol `Builders.FromNodePackageJson` ([#1346] via [#1377])
* Deprecated symbol `Builders.FromNodePackageJson.ToolBuilder` ([#1346]
via [#1377])
    Use `Contrib.FromNodePackageJson.Builders.ToolBuilder` instead.
* Deprecated symbol `Builders.FromNodePackageJson.ComponentBuilder`
([#1346] via [#1377])
    Use `Contrib.FromNodePackageJson.Builders.ComponentBuilder` instead.
  * Deprecated symbol `Factories` ([#1346] via [#1377])
* Deprecated symbol `Factories.FromNodePackageJson` ([#1346] via
[#1377])
* Deprecated symbol
`Factories.FromNodePackageJson.ExternalReferenceFactory` ([#1346] via
[#1377])
Use `Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory`
instead.
* Deprecated symbol `Factories.FromNodePackageJson.PackageUrlFactory`
([#1346] via [#1377])
    Use `packageurl-js` downstream.
* Deprecated symbol `Factories.LicenseFactory` ([#1346], [#1348] via
[#1377], [#1378])
    Use `Contrib.License.Factories.LicenseFactory` instead.
* Deprecated symbol `Factories.PackageUrlFactory` ([#1346] via [#1377])
    Use `packageurl-js` downstream.
* Deprecated symbol `Types.NodePackageJson` ([#1346], [#1348] via
[#1377], [#1378])
    Use `Contrib.FromNodePackageJson.Types.NodePackageJson` instead.
* Deprecated symbol `Types.assertNodePackageJson` ([#1346] via [#1377])
Use `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead.
  * Deprecated symbol `Types.isNodePackageJson` ([#1346] via [#1377])  
    Use `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead.
  * Deprecated symbol `Utils` ([#1346] via [#1377])
  * Deprecated symbol `Utils.BomUtility` ([#1346] via [#1377])
* Deprecated symbol `Utils.BomUtility.randomSerialNumber` ([#1346] via
[#1377])
    Use `Contrib.Bom.Utils.randomSerialNumber` instead.
  * Deprecated symbol `Utils.LicenseUtility` ([#1346] via [#1377])
* Deprecated symbol `Utils.LicenseUtility.FsUtils` ([#1346] via [#1377])
    Use `Contrib.License.Utils.FsUtils` instead.
* Deprecated symbol `Utils.LicenseUtility.PathUtils` ([#1346] via
[#1377])
  * Use `Contrib.License.Utils.PathUtils` instead.
* Deprecated symbol `Utils.LicenseUtility.FileAttachment` ([#1346] via
[#1377])
    Use `Contrib.License.Utils.FileAttachment` instead.
* Deprecated symbol `Utils.LicenseUtility.ErrorReporter` ([#1346] via
[#1377])
    Use `Contrib.License.Utils.ErrorReporter` instead.
* Deprecated symbol `Utils.LicenseUtility.LicenseEvidenceGatherer`
([#1346] via [#1377])
    Use `Contrib.License.Utils.LicenseEvidenceGatherer` instead.
  * Deprecated symbol `Utils.NpmjsUtility` ([#1346] via [#1377])
* Deprecated symbol `Utils.NpmjsUtility.parsePackageIntegrity` ([#1346]
via [#1377])
Use `Contrib.FromNodePackageJson.Utils.parsePackageIntegrity` instead.
* Deprecated symbol `Utils.NpmjsUtility.defaultRegistryMatcher` ([#1346]
via [#1377])
Use `Contrib.FromNodePackageJson.Utils.defaultRegistryMatcher` instead.
* Symbol `Contrib.PackageUrl.Factories.PackageUrlFactory` ([#1348] via
[#1378])
    Use `packageurl-js` downstream.
* Symbol `Contrib.FromNodePackageJson.Factories.PackageUrlFactory`
([#1348] via [#1378])
    Use `packageurl-js` downstream.
  * Symbol `SPDX.isValidSpdxLicenseExpression` ([#1348] via [#1382])  
    Use package `spdx-expression-parse` instead.
* Changed
* `Component.purl` is a `string` now, was `PackaheUrl` ([#1348] via
[#1379])
* Constructor of `Contrib.License.Factories.LicenseFactory` got an
injectable argument `spdxExpressionValidate` for validating SPDX License
Expressions ([#1348] via [#1382])
    Suggested implementation is `spdx-expression-parse`.
* Dependencies
* Dependency `packageurl-js` became a suggested (optional
peer-dependency) library ([#1348] via [#1378])
    You may use it to craft and parse PackageURLs downstream. 
* Dependency `spdx-expression-parse` became a suggested (optional
peer-dependency) library ([#1348] via [#1382])
Used as an injectable in
`Contrib.License.Factories.LicenseFactory.constructor`.
* Chore
  * Set dev-engines in `package.json` ([#1301] via [#1380])

[#1301]:
#1301
[#1346]:
#1346
[#1348]:
#1348
[#1360]:
#1360
[#1374]:
#1374
[#1377]:
#1377
[#1378]:
#1378
[#1379]:
#1379
[#1380]:
#1380
[#1382]:
#1382
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

breaking change dependencies Pull requests that update a dependency file enhancement New feature or request

Projects

None yet

Milestone

v10.0.0

Development

Successfully merging this pull request may close these issues.

feat!: (re)move non-standard implementations

1 participant

@jkowalleck