Closed
Description
Hi
I have usecase where I want to redistribute a 3rd party dataset as part of an otherwise opensource package. The dataset allows this, but has its own custom license. I therefore want to indicate the existence of this in composer.json so that people who do due diligence on this stuff don't have any surprises.
The documentation at https://getcomposer.org/doc/04-schema.md#license says that it's possible to indicate this with and but that only seems to work when combining the SPDX identifiers. Combining an SPDX license with proprietary errors out.
My composer.json:
{
"name": "demo/licensebug",
"description": "Foo Bar Baz",
"type": "library",
"license": "(MIT and proprietary)",
"require": {}
}Output of composer diagnose:
Checking composer.json: WARNING
License "(MIT and proprietary)" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.0.0-alpha3
PHP version: 7.4.9
PHP binary path: C:\php\php.exe
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
When I run this command:
composer validate --strict
I get the following output:
./composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
License "(MIT and proprietary)" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
And I expected this to happen:
./composer.json is valid