Geekly Articles each Day
📜 ⬆️ ⬇️

Your Composer package is broken: update your license ID

image


If you, like me:



then you may have problems that you are unaware of.


What happened?


Some time ago the composer.json file was changed.


From now on, the license property is strictly recommended to specify only those license identifiers that are in the SPDX Open License Register, or write proprietary if you do not plan to follow any free license.


All packages in which composer.json license identifier is specified differently than in the list of SPDX, stopped automatically updated on Packagist


And what's the problem?


Previously, most packages indicated instead of the recommended license identifier just its name.


As it was, for example, I have:


  "license": "LGPL v.3",

As now required:


  "license": "LGPL-3.0-or-later",

The problem is that the packages just silently stop updating. They say that the authors of the packages receive a message from the Packagist. I personally did not see him, maybe he himself was to blame - he looked at it or accidentally stuffed it into spam ...


What to do?


To get started, go to packagist.org to your package page. Log in as the author of the package, click Update. If your package contains an incorrect (from the packagist point of view) license, you will see a message with something like this:


 Invalid package information: License "LGPL v.3" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license. If the software is closed-source, you may use "proprietary" as license.

Next, you have nothing to do except update the license property in the composer.json file of your package, remember to do it in all branches, create new version tags and update the package on Packagist.


Take care of the users of your packages - do it today!


What to read?



')

Source: https://habr.com/ru/post/348520/

More articles:


All Articles