Also, I don't fully understand what WebLabels are, but aren't them just the data in /jslicenses/? If so, it would make more sense to rename this folder to jssources or something similar.

I don't know about the prod config, but with the debug web server, the folder is /static/weblabels/, not /weblabels/. Would '../weblabels/' + srcFileData['id'] work?

Why 0R (zero ah) instead of OR (oh ah)? This seems to crash spdxParse.

spdxParse does not always return a dict with a license attribute. eg. when the licenseStr is 'MIT OR GPL-3.0', it will return:

{ left: { license: 'MIT' },
  conjunction: 'or',
  right: { license: 'GPL-3.0' } }

This probably would better be recursive, as the path comes from a config option: , {"recursive": true}

This is not related to this Diff, but I'm just noticing this file.

We bundle it in our code, so we must provide its license as well. (I know the current upstream doesn't do it either, but they probably should do it too.)

Yep, this seems a better name indeed

I considered that this path is relative to the root static folder.
This is for use with your web framework of choice who knows its location.
For instance with Django, using {% static <static_url> %} in a template works as expected.

whoopsie

Yes I know, this is currently not handled

ack

The license text is available from the WebLabels page. I can also copy it in source folder but a license header directly in the source file seems better.

If we don't need it, you can drop the OR-joining above and check the root item is a leaf (so we don't silently ignore an AND).

I can also copy it in source folder but a license header directly in the source file seems better.

The GPL requires the full license: "and give all recipients a copy of this License along with the Program" https://www.gnu.org/licenses/gpl-3.0.html#section4

Ok so the best option here is to use the following:
srcFileData['static_url'] = stats.publicPath + 'weblabels/' + srcFileData['id'];

It enables to get the absolute url of the source file even when using webpack-dev-server.
So no need to use the Django template tag static anymore.

The same mechanism must be used to compute the absolute url of each generated asset.

As I said, I did not handle multiple licenses for the moment. I intend to do it once the single license case is properly handled (I need to find some examples first).

Ack, I will make the changes in master then rebase.

The recursive options is only available with node >= 10 but the node version available in stretch-backports is 8.11.1.
So I will have to handle the recursive mkdir myself as in lines 275-282 below and create a dedicated method.

This assumes that the left subtree is a leaf.

I understand it is hard to fully support spdx expressions.
It's probably best to give up when the expression is anything more than a list of licenses with OR operators, to keep the code readable.

You're right! I would prefer to properly handle those multiple license cases so I will improve that before landing the diff. I have an idea about how to do it right.

Thinking it back, I do not want to implement complex processing regarding the combination operators of licenses at the moment. The LibreJS specification does not handle that currently and simply says that if a js file has multiple licenses, enumerating all of them is sufficient. So I will simply extract all references licenses in the SPDX expression and add them to the Web Labels page.

You should just check the operator is an OR. If it is not, it makes the plugin write incorrect information, so it's better to crash, or at least print a warning.

Considering that frontend node modules with complex spdx license expressions are pretty rare, I will leave it like it for the moment and add a TODO to properly handle complex license expressions once LibreJS will have a spec for it.

I still think we should print a warning in case of something that's not an OR, it's only three lines.