licenseguard-cli 2.0.0 → 2.1.1

package/lib/scanner/index.js

@@ -1,146 +1,75 @@
 /**
- * Dependency License Scanner
- * Scans node_modules for license conflicts
+ * Dependency License Scanner - Orchestrator
+ * Auto-detects project type and delegates to appropriate plugin
  */
 
-const fs = require('fs')
-const path = require('path')
 const chalk = require('chalk')
-const { checkCompatibility } = require('./compat-checker')
-const { showProgress } = require('./progress')
 
-/**
- * Parse package.json to get dependencies
- * @returns {{deps: string[], packageJson: Object}} Dependency list and package.json
- */
-function parsePackageJson() {
-  try {
-    const content = fs.readFileSync('package.json', 'utf8')
-    const packageJson = JSON.parse(content)
-
-    // Only scan production dependencies
-    const deps = Object.keys(packageJson.dependencies || {})
-
-    return { deps, packageJson }
-  } catch (error) {
-    throw new Error('Failed to read package.json: ' + error.message)
-  }
+// Import explainCompatibility for --explain flag support
+const { explainCompatibility } = require('./compat-checker')
+
+// Import color mapper for license color-coding
+const { colorizeWithEmoji } = require('./color-mapper')
+
+// Import ecosystem plugins
+const nodePlugin = require('./plugins/node')
+const cppPlugin = require('./plugins/cpp')
+const rustPlugin = require('./plugins/rust')
+const pythonPlugin = require('./plugins/python')
+const goPlugin = require('./plugins/go')
+
+// Plugin registry with priority ordering
+// Priority: node > cpp > rust > python > go
+const plugins = {
+  node: nodePlugin,
+  cpp: cppPlugin,
+  rust: rustPlugin,
+  python: pythonPlugin,
+  go: goPlugin
 }
 
+// Plugin detection order (first match wins)
+const pluginOrder = ['node', 'cpp', 'rust', 'python', 'go']
+
 /**
- * Extract license info from a dependency
- * @param {string} depName - Dependency name
- * @returns {{name: string, version: string, license: string, path: string}} License info
+ * Auto-detect project type and get the appropriate plugin
+ * @returns {{name: string, plugin: Object}|null} Detected plugin or null
  */
-function extractLicense(depName) {
-  const depPath = path.join('node_modules', depName, 'package.json')
-
-  if (!fs.existsSync(depPath)) {
-    return {
-      name: depName,
-      version: 'unknown',
-      license: 'NOT_INSTALLED',
-      path: depPath
-    }
-  }
-
-  try {
-    const content = fs.readFileSync(depPath, 'utf8')
-    const depPackageJson = JSON.parse(content)
-
-    return {
-      name: depName,
-      version: depPackageJson.version || 'unknown',
-      license: depPackageJson.license || 'UNKNOWN',
-      path: depPath
-    }
-  } catch (error) {
-    return {
-      name: depName,
-      version: 'unknown',
-      license: 'PARSE_ERROR',
-      path: depPath
+function detectPlugin() {
+  for (const name of pluginOrder) {
+    const plugin = plugins[name]
+    if (plugin && plugin.detect()) {
+      return { name, plugin }
     }
   }
+  return null
 }
 
 /**
  * Scan all dependencies for license compatibility
+ * Auto-detects project type and delegates to appropriate plugin
  * @param {string} projectLicense - The project's license
  * @returns {Promise<Object>} Scan results
  */
 async function scanDependencies(projectLicense) {
-  // 1. Read project package.json
-  const { deps } = parsePackageJson()
-
-  const results = {
-    timestamp: new Date().toISOString(),
-    totalDependencies: deps.length,
-    compatible: 0,
-    incompatible: 0,
-    unknown: 0,
-    issues: []
-  }
+  const detected = detectPlugin()
 
-  // 2. Scan each dependency
-  for (let i = 0; i < deps.length; i++) {
-    showProgress(i + 1, deps.length)
-
-    const depName = deps[i]
-    const depInfo = extractLicense(depName)
-
-    // Skip if not installed
-    if (depInfo.license === 'NOT_INSTALLED') {
-      continue
-    }
-
-    // Handle parse errors as unknown
-    if (depInfo.license === 'PARSE_ERROR') {
-      results.unknown++
-      results.issues.push({
-        package: `${depName}@${depInfo.version}`,
-        license: 'UNKNOWN',
-        type: 'warning',
-        reason: 'Failed to parse package.json',
-        location: depInfo.path
-      })
-      continue
-    }
-
-    // 3. Check compatibility
-    const compatResult = checkCompatibility(projectLicense, depInfo.license)
-
-    if (!compatResult.compatible) {
-      const isUnknown = depInfo.license === 'UNKNOWN'
-
-      if (isUnknown) {
-        results.unknown++
-      } else {
-        results.incompatible++
-      }
-
-      results.issues.push({
-        package: `${depName}@${depInfo.version}`,
-        license: depInfo.license,
-        type: isUnknown ? 'warning' : 'conflict',
-        reason: compatResult.reason,
-        location: depInfo.path
-      })
-    } else {
-      results.compatible++
-    }
+  if (!detected) {
+    throw new Error('No supported package manager detected')
   }
 
-  return results
+  return await detected.plugin.scanDependencies(projectLicense)
 }
 
 /**
  * Display conflict report to console
  * @param {Object} scanResult - Scan results
  * @param {string} projectLicense - The project's license
+ * @param {Object} options - Display options
+ * @param {boolean} options.explain - Show authoritative source citations
  * @returns {boolean} True if conflicts found (incompatible licenses), false otherwise
  */
-function displayConflictReport(scanResult, projectLicense) {
+function displayConflictReport(scanResult, projectLicense, options = {}) {
   if (scanResult.incompatible === 0 && scanResult.unknown === 0) {
     console.log(chalk.green(`\n✅ All ${scanResult.totalDependencies} dependencies compatible with ${projectLicense.toUpperCase()}!`))
     return false // No conflicts
@@ -157,13 +86,36 @@ function displayConflictReport(scanResult, projectLicense) {
   }
 
   for (const issue of scanResult.issues) {
+    // Color-code the license based on safety level
+    const coloredLicense = colorizeWithEmoji(issue.license, issue.license)
+
     if (issue.type === 'conflict') {
-      console.log(chalk.red(`❌ ${issue.package} (${issue.license})`))
+      console.log(chalk.red(`❌ ${issue.package} (${coloredLicense})`))
     } else {
-      console.log(chalk.yellow(`⚠️  ${issue.package} (${issue.license})`))
+      console.log(chalk.yellow(`⚠️  ${issue.package} (${coloredLicense})`))
     }
     console.log(chalk.gray(`   ${issue.reason}`))
-    console.log(chalk.gray(`   Location: ${issue.location}\n`))
+    console.log(chalk.gray(`   Location: ${issue.location}`))
+
+    // Show authoritative source citations when --explain is used
+    if (options.explain && issue.license && issue.license !== 'UNKNOWN') {
+      const explanation = explainCompatibility(projectLicense, issue.license)
+      // Extract source citation from explanation (after "📚 Source:")
+      const sourceMatch = explanation.match(/📚 Source: (.+?)(?:\n|$)/)
+      const urlMatch = explanation.match(/🔗 URL: (.+?)(?:\n|$)/)
+
+      if (sourceMatch || urlMatch) {
+        console.log(chalk.blue('   ────────────────────────'))
+        if (sourceMatch) {
+          console.log(chalk.blue(`   📚 ${sourceMatch[1]}`))
+        }
+        if (urlMatch) {
+          console.log(chalk.blue(`   🔗 ${urlMatch[1]}`))
+        }
+      }
+    }
+
+    console.log() // Blank line between issues
   }
 
   // Only return true if there are actual conflicts (incompatible licenses)
@@ -171,9 +123,15 @@ function displayConflictReport(scanResult, projectLicense) {
   return hasConflicts
 }
 
+// Re-export plugin functions for backward compatibility
+// These are deprecated but kept for BC
+const { parsePackageJson, extractLicense } = nodePlugin
+
 module.exports = {
   scanDependencies,
   parsePackageJson,
   extractLicense,
-  displayConflictReport
+  displayConflictReport,
+  // Additional exports for testing
+  detectPlugin
 }

package/lib/scanner/license-compatibility-matrix.json

@@ -0,0 +1,338 @@
+{
+  "version": "1.0.0",
+  "last_updated": "2025-11-22",
+  "description": "Authoritative license compatibility matrix for top 20 open source licenses covering ~95% of packages",
+  "methodology": "Based on FSF GPL Compatibility List, Mozilla MPL FAQ, Apache Foundation guidance, and SPDX specifications",
+
+  "sources": {
+    "fsf_gpl_compat": {
+      "title": "FSF GPL Compatibility List",
+      "url": "https://www.gnu.org/licenses/license-compatibility.html"
+    },
+    "fsf_license_list": {
+      "title": "FSF License List",
+      "url": "https://www.gnu.org/licenses/license-list.html"
+    },
+    "mozilla_mpl_faq": {
+      "title": "Mozilla MPL 2.0 FAQ",
+      "url": "https://www.mozilla.org/en-US/MPL/2.0/FAQ/"
+    },
+    "mozilla_mpl_gpl": {
+      "title": "Mozilla MPL-GPL Combining Guide",
+      "url": "https://www.mozilla.org/en-US/MPL/2.0/combining-mpl-and-gpl/"
+    },
+    "apache_gpl_compat": {
+      "title": "Apache-GPL Compatibility",
+      "url": "https://www.apache.org/licenses/GPL-compatibility.html"
+    },
+    "spdx_spec": {
+      "title": "SPDX License Expressions",
+      "url": "https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/"
+    },
+    "lgpl_section_3": {
+      "title": "LGPL Section 3 (Upgrade Clause)",
+      "url": "https://www.gnu.org/licenses/lgpl-3.0.html#section3"
+    }
+  },
+
+  "licenses": {
+    "MIT": {
+      "type": "permissive",
+      "description": "Highly permissive license with minimal restrictions",
+      "compatible_with": ["*permissive*"],
+      "incompatible_with": ["*copyleft*"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: MIT license is permissive and GPL-compatible",
+        "url": "https://www.gnu.org/licenses/license-list.html#Expat"
+      },
+      "reasoning": "Permissive licenses cannot incorporate copyleft-licensed code without violating copyleft requirements"
+    },
+
+    "Apache-2.0": {
+      "type": "permissive-with-patent-grant",
+      "description": "Permissive license with explicit patent grant",
+      "compatible_with": ["*permissive*", "GPL-3.0-only", "GPL-3.0-or-later"],
+      "incompatible_with": ["GPL-2.0-only", "GPL-2.0-or-later", "LGPL-2.1-only", "LGPL-2.1-or-later"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "Apache 2.0 patent clause incompatible with GPL-2.0, but compatible with GPL-3.0",
+        "url": "https://www.apache.org/licenses/GPL-compatibility.html"
+      },
+      "reasoning": "Apache 2.0's patent grant conflicts with GPLv2 section 6, but GPLv3 was designed to resolve this"
+    },
+
+    "BSD-3-Clause": {
+      "type": "permissive",
+      "description": "Permissive BSD license with 3 clauses",
+      "compatible_with": ["*permissive*"],
+      "incompatible_with": ["*copyleft*"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: 3-clause BSD is permissive and GPL-compatible",
+        "url": "https://www.gnu.org/licenses/license-list.html#ModifiedBSD"
+      },
+      "reasoning": "Permissive license, same reasoning as MIT"
+    },
+
+    "BSD-2-Clause": {
+      "type": "permissive",
+      "description": "Simplified BSD license with 2 clauses",
+      "compatible_with": ["*permissive*"],
+      "incompatible_with": ["*copyleft*"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: 2-clause BSD is permissive and GPL-compatible",
+        "url": "https://www.gnu.org/licenses/license-list.html#FreeBSD"
+      },
+      "reasoning": "Even more permissive than BSD-3-Clause"
+    },
+
+    "ISC": {
+      "type": "permissive",
+      "description": "Functionally equivalent to MIT/BSD-2-Clause",
+      "compatible_with": ["*permissive*"],
+      "incompatible_with": ["*copyleft*"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: ISC license is permissive and GPL-compatible",
+        "url": "https://www.gnu.org/licenses/license-list.html#ISC"
+      },
+      "reasoning": "Permissive license, same reasoning as MIT"
+    },
+
+    "0BSD": {
+      "type": "public-domain",
+      "description": "BSD Zero Clause (public domain equivalent)",
+      "compatible_with": ["*"],
+      "incompatible_with": [],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: 0BSD is ultra-permissive public domain equivalent",
+        "url": "https://www.gnu.org/licenses/license-list.html#0BSD"
+      },
+      "reasoning": "Public domain equivalent - compatible with everything"
+    },
+
+    "GPL-3.0-only": {
+      "type": "strong-copyleft",
+      "description": "GNU General Public License v3.0",
+      "compatible_with": ["*permissive*", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "AGPL-3.0-only", "AGPL-3.0-or-later"],
+      "can_upgrade_from": ["LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later"],
+      "sources": {
+        "citation": "FSF: GPL-3.0 is compatible with LGPL (via Section 3 upgrade), Apache-2.0, MPL-2.0",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility"
+      },
+      "reasoning": "Strong copyleft - requires all combined code to be GPL-3.0. LGPL can upgrade to GPL (Section 3). MPL 2.0 Section 3.3 allows GPL combination. Apache-2.0 patent clause resolved in GPLv3."
+    },
+
+    "GPL-3.0-or-later": {
+      "type": "strong-copyleft",
+      "description": "GNU General Public License v3.0 or any later version",
+      "compatible_with": ["*permissive*", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only"],
+      "can_upgrade_from": ["LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later"],
+      "sources": {
+        "citation": "FSF: GPL-3.0-or-later provides upgrade path flexibility",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#VersionThreeOrLater"
+      },
+      "reasoning": "Same as GPL-3.0-only but with upgrade flexibility"
+    },
+
+    "GPL-2.0-only": {
+      "type": "strong-copyleft",
+      "description": "GNU General Public License v2.0",
+      "compatible_with": ["*permissive*", "GPL-2.0-only", "GPL-2.0-or-later", "LGPL-2.1-only", "LGPL-2.1-or-later"],
+      "incompatible_with": ["GPL-3.0-only", "GPL-3.0-or-later", "Apache-2.0", "MPL-2.0"],
+      "can_upgrade_from": ["LGPL-2.1-only", "LGPL-2.1-or-later"],
+      "sources": {
+        "citation": "FSF: GPL-2.0 incompatible with Apache-2.0 (patent clause), MPL-2.0, and GPL-3.0",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility"
+      },
+      "reasoning": "Strong copyleft. Incompatible with Apache-2.0 (patent clause conflict), MPL-2.0 (file-level copyleft incompatibility), and GPL-3.0 (different copyleft terms)"
+    },
+
+    "GPL-2.0-or-later": {
+      "type": "strong-copyleft",
+      "description": "GNU General Public License v2.0 or any later version",
+      "compatible_with": ["*permissive*", "GPL-2.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": [],
+      "can_upgrade_from": ["LGPL-2.1-or-later", "LGPL-3.0-or-later"],
+      "sources": {
+        "citation": "FSF: GPL-2.0-or-later can upgrade to GPL-3.0, resolving compatibility issues",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility"
+      },
+      "reasoning": "Upgrade path to GPL-3.0 resolves Apache-2.0 and MPL-2.0 incompatibilities"
+    },
+
+    "LGPL-2.1-only": {
+      "type": "weak-copyleft",
+      "description": "GNU Lesser General Public License v2.1",
+      "compatible_with": ["*permissive*", "GPL-2.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-2.1-or-later"],
+      "incompatible_with": ["Apache-2.0"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "LGPL Section 3: Can upgrade to corresponding GPL version",
+        "url": "https://www.gnu.org/licenses/lgpl-3.0.html#section3"
+      },
+      "reasoning": "Weak copyleft - Section 3 allows upgrading to GPL. Incompatible with Apache-2.0 due to GPLv2 patent clause conflict."
+    },
+
+    "LGPL-2.1-or-later": {
+      "type": "weak-copyleft",
+      "description": "GNU Lesser General Public License v2.1 or any later version",
+      "compatible_with": ["*permissive*", "GPL-2.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": [],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "LGPL Section 3: Upgrade path to GPL resolves incompatibilities",
+        "url": "https://www.gnu.org/licenses/lgpl-3.0.html#section3"
+      },
+      "reasoning": "Can upgrade to LGPL-3.0 or GPL-3.0, resolving Apache-2.0 incompatibility"
+    },
+
+    "LGPL-3.0-only": {
+      "type": "weak-copyleft",
+      "description": "GNU Lesser General Public License v3.0",
+      "compatible_with": ["*permissive*", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "GPL-2.0-or-later"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "LGPL-3.0 Section 3: Can upgrade to GPL-3.0",
+        "url": "https://www.gnu.org/licenses/lgpl-3.0.html#section3"
+      },
+      "reasoning": "Weak copyleft with GPL upgrade path. Compatible with Apache-2.0 and MPL-2.0 via GPL-3.0 upgrade."
+    },
+
+    "LGPL-3.0-or-later": {
+      "type": "weak-copyleft",
+      "description": "GNU Lesser General Public License v3.0 or any later version",
+      "compatible_with": ["*permissive*", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "GPL-2.0-or-later"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "LGPL-3.0-or-later provides upgrade flexibility",
+        "url": "https://www.gnu.org/licenses/lgpl-3.0.html"
+      },
+      "reasoning": "Same as LGPL-3.0-only but with upgrade flexibility"
+    },
+
+    "MPL-2.0": {
+      "type": "weak-copyleft",
+      "description": "Mozilla Public License 2.0 (file-level copyleft)",
+      "compatible_with": ["*permissive*", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-only", "LGPL-3.0-or-later", "MPL-2.0", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "LGPL-2.1-only"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "MPL 2.0 Section 3.3: Secondary licenses allow GPL combination",
+        "url": "https://www.mozilla.org/en-US/MPL/2.0/combining-mpl-and-gpl/"
+      },
+      "reasoning": "Section 3.3 allows MPL-2.0 code to be relicensed under GPL/LGPL when combined. Incompatible with GPL-2.0-only due to terms conflict."
+    },
+
+    "AGPL-3.0-only": {
+      "type": "network-copyleft",
+      "description": "GNU Affero General Public License v3.0 (network use = distribution)",
+      "compatible_with": ["*permissive*", "AGPL-3.0-only", "AGPL-3.0-or-later", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: AGPL-3.0 incompatible with GPL (stricter terms)",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility"
+      },
+      "reasoning": "Network copyleft - stricter than GPL. Cannot combine AGPL with GPL due to additional restrictions."
+    },
+
+    "AGPL-3.0-or-later": {
+      "type": "network-copyleft",
+      "description": "GNU Affero General Public License v3.0 or any later version",
+      "compatible_with": ["*permissive*", "AGPL-3.0-only", "AGPL-3.0-or-later", "Apache-2.0"],
+      "incompatible_with": ["GPL-2.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GPL-3.0-or-later"],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "FSF: AGPL-3.0-or-later incompatible with GPL",
+        "url": "https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility"
+      },
+      "reasoning": "Same as AGPL-3.0-only"
+    },
+
+    "Unlicense": {
+      "type": "public-domain",
+      "description": "Public domain dedication",
+      "compatible_with": ["*"],
+      "incompatible_with": [],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "Public domain dedication - no restrictions",
+        "url": "https://unlicense.org/"
+      },
+      "reasoning": "No restrictions - compatible with everything"
+    },
+
+    "CC0-1.0": {
+      "type": "public-domain",
+      "description": "Creative Commons Zero (public domain)",
+      "compatible_with": ["*"],
+      "incompatible_with": [],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "Public domain waiver - no restrictions",
+        "url": "https://creativecommons.org/publicdomain/zero/1.0/"
+      },
+      "reasoning": "Public domain waiver - compatible with everything"
+    },
+
+    "WTFPL": {
+      "type": "public-domain",
+      "description": "Do What The F*ck You Want To Public License",
+      "compatible_with": ["*"],
+      "incompatible_with": [],
+      "can_upgrade_from": [],
+      "sources": {
+        "citation": "Ultra-permissive - no restrictions",
+        "url": "http://www.wtfpl.net/"
+      },
+      "reasoning": "No restrictions - compatible with everything"
+    }
+  },
+
+  "wildcards": {
+    "*permissive*": [
+      "MIT",
+      "Apache-2.0",
+      "BSD-3-Clause",
+      "BSD-2-Clause",
+      "BSD-1-Clause",
+      "ISC",
+      "0BSD",
+      "Zlib",
+      "bzip2-1.0.6",
+      "BSL-1.0",
+      "PSF-2.0"
+    ],
+    "*copyleft*": [
+      "GPL-2.0-only",
+      "GPL-2.0-or-later",
+      "GPL-3.0-only",
+      "GPL-3.0-or-later",
+      "LGPL-2.1-only",
+      "LGPL-2.1-or-later",
+      "LGPL-3.0-only",
+      "LGPL-3.0-or-later",
+      "MPL-2.0",
+      "MPL-1.1",
+      "AGPL-3.0-only",
+      "AGPL-3.0-or-later",
+      "EPL-2.0",
+      "EUPL-1.2",
+      "CDDL-1.0"
+    ],
+    "*public-domain*": [
+      "Unlicense",
+      "CC0-1.0",
+      "WTFPL",
+      "0BSD"
+    ]
+  }
+}