[BUG] BlueOak-1.0.0 not recognized as valid license

[ghost]

What / Why

BlueOak-1.0.0 is a valid SPDX identifier, but it is not recognized in npm init v6.14.5.

When

Running npm init v6.14.5 and asked for a license.

Where

npm CLI

Current Behavior

license: (ISC) BlueOak-1.0.0
Sorry, license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN ".

Steps to Reproduce

1. npm init
2. Answer various prompts. At the "license" prompt, enter: BlueOak-1.0.0

Expected Behavior

BlueOak-1.0.0 is accepted as a valid SPDX license identifier.

Who

• n/a

References

• The SPDX identifier is correctly included in https://github.com/shinnn/spdx-license-ids/blob/master/index.json which seems to be the dependency.

[spl]

I encountered this problem, too. Perhaps @kemitchell might know what to do.

[kemitchell]

Thank you both. This is likely another package that hasn't been updated since Blue Oak's release.

[kemitchell]

The CLI is shipping an old version of the license list package.

Here's npm ls output for latest:

npm@6.14.5 /home/kyle/cli
...
├─┬ validate-npm-package-license@3.0.4
│ ├─┬ spdx-correct@3.0.0
│ │ ├── spdx-expression-parse@3.0.0 deduped
│ │ └── spdx-license-ids@3.0.3
│ └─┬ spdx-expression-parse@3.0.0
│   ├── spdx-exceptions@2.1.0
│   └── spdx-license-ids@3.0.3 deduped
...

Here's npm ls --production for validate-npm-package@3.0.4 installed from scratch:

validate-npm-package-license@3.0.4 /home/kyle/validate-npm-package-license.js
├─┬ spdx-correct@3.1.1
│ ├── spdx-expression-parse@3.0.1 deduped
│ └── spdx-license-ids@3.0.5
└─┬ spdx-expression-parse@3.0.1
  ├── spdx-exceptions@2.3.0
  └── spdx-license-ids@3.0.5 deduped

spdx-license-ids@3.0.5 has Blue Oak and a number of other new IDs.

@jeremiahlee would you like the honors of running npm upgrade and sending the PR? Credit where due. I don't use npm init, and missed this for quite some time.

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.