[PyPI] Fix license for packages following PEP 639 (#11001)

jlaine · chris48s · web-flow · commit 015ea0023e9f · 2025-04-06T18:31:44.000Z
* [PyPI] Fix license for packages following PEP 639 PEP 639 states that the preferred way of documenting a Python project's license is an SPDX expression in a `License-Expression` metadata field. PyPI exposes this information in `info.license_expression` in its JSON data. Fixes: #11000 * add license_expression to pypi response schema * move comments inline into the relevant blocks * assign both license and license_expression to intermediate variables * always pass a license_expression in test input objects --------- Co-authored-by: chris48s <git@chris-shaw.dev>
diff --git a/services/pypi/pypi-base.js b/services/pypi/pypi-base.js
@@ -9,6 +9,7 @@ const schema = Joi.object({
     // https://github.com/badges/shields/issues/2022
     // https://github.com/badges/shields/issues/7728
     license: Joi.string().allow('').allow(null),
+    license_expression: Joi.string().allow('').allow(null),
     classifiers: Joi.array().items(Joi.string()).required(),
   }).required(),
   urls: Joi.array()
diff --git a/services/pypi/pypi-helpers.js b/services/pypi/pypi-helpers.js
@@ -47,22 +47,29 @@ function parseClassifiers(parsedData, pattern, preserveCase = false) {
 }
 
 function getLicenses(packageData) {
-  const {
-    info: { license },
-  } = packageData
+  const license = packageData.info.license
+  const licenseExpression = packageData.info.license_expression
 
-  /*
-  The .license field may either contain
-  - a short license description (e.g: 'MIT' or 'GPL-3.0') or
-  - the full text of a license
-  but there is nothing in the response that tells us explicitly.
-  We have to make an assumption based on the length.
-  See https://github.com/badges/shields/issues/8689 and
-  https://github.com/badges/shields/pull/8690 for more info.
-  */
-  if (license && license.length < 40) {
+  if (licenseExpression) {
+    /*
+    The .license_expression field contains an SPDX expression, and it
+    is the preferred way of documenting a Python project's license.
+    See https://peps.python.org/pep-0639/
+    */
+    return [licenseExpression]
+  } else if (license && license.length < 40) {
+    /*
+    The .license field may either contain
+    - a short license description (e.g: 'MIT' or 'GPL-3.0') or
+    - the full text of a license
+    but there is nothing in the response that tells us explicitly.
+    We have to make an assumption based on the length.
+    See https://github.com/badges/shields/issues/8689 and
+    https://github.com/badges/shields/pull/8690 for more info.
+    */
     return [license]
   } else {
+    // else fall back to trove classifiers
     const parenthesizedAcronymRegex = /\(([^)]+)\)/
     const bareAcronymRegex = /^[a-z0-9]+$/
     const spdxAliases = {
diff --git a/services/pypi/pypi-helpers.spec.js b/services/pypi/pypi-helpers.spec.js
@@ -100,32 +100,47 @@ describe('PyPI helpers', function () {
   })
 
   test(getLicenses, () => {
-    forCases([given({ info: { license: 'MIT', classifiers: [] } })]).expect([
-      'MIT',
-    ])
     forCases([
       given({
         info: {
           license: null,
+          license_expression: 'MIT',
+          classifiers: [],
+        },
+      }),
+      given({
+        info: {
+          license: 'MIT',
+          license_expression: null,
+          classifiers: [],
+        },
+      }),
+      given({
+        info: {
+          license: null,
+          license_expression: null,
           classifiers: ['License :: OSI Approved :: MIT License'],
         },
       }),
       given({
         info: {
           license: '',
+          license_expression: null,
           classifiers: ['License :: OSI Approved :: MIT License'],
         },
       }),
       given({
         info: {
           license:
             'this text is really really really really really really long',
+          license_expression: null,
           classifiers: ['License :: OSI Approved :: MIT License'],
         },
       }),
       given({
         info: {
           license: '',
+          license_expression: null,
           classifiers: [
             'License :: OSI Approved :: MIT License',
             'License :: DFSG approved',
@@ -136,24 +151,28 @@ describe('PyPI helpers', function () {
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: ['License :: Public Domain'],
       },
     }).expect(['Public Domain'])
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: ['License :: Netscape Public License (NPL)'],
       },
     }).expect(['NPL'])
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: ['License :: OSI Approved :: Apache Software License'],
       },
     }).expect(['Apache-2.0'])
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: [
           'License :: CC0 1.0 Universal (CC0 1.0) Public Domain Dedication',
         ],
@@ -162,6 +181,7 @@ describe('PyPI helpers', function () {
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: [
           'License :: OSI Approved :: GNU Affero General Public License v3',
         ],
@@ -170,6 +190,7 @@ describe('PyPI helpers', function () {
     given({
       info: {
         license: '',
+        license_expression: null,
         classifiers: ['License :: OSI Approved :: Zero-Clause BSD (0BSD)'],
       },
     }).expect(['0BSD'])
