Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Invalid SPDX License Expressions should not also be missing licenses #1254

New issue
New issue
Closed
Closed
Invalid SPDX License Expressions should not also be missing licenses#1254
@carmenbianca

Description

@carmenbianca
carmenbianca
opened on Oct 9, 2025

If a file has an invalid SPDX License Expression, this expression shows up as 'used license' and as 'missing license' (because it isn't in LICENSES/). I had previously gauged that this was correct, but after discussing it, we should straighten this out. The expression is invalid, ergo it is neither used nor missing.

(reuse-py3.10) ⬢ 📺 carmenbianca reuse-tool $ echo 'SPDX-License-Identifier: <invalid>' > foo.py
(reuse-py3.10) ⬢ 📺 carmenbianca reuse-tool $ reuse lint
# MISSING LICENSES

'<invalid>' found in:
* foo.py

# INVALID SPDX LICENSE EXPRESSIONS

'foo.py' contains invalid SPDX License Expressions:
* <invalid>

# MISSING COPYRIGHT AND LICENSING INFORMATION

The following files have no copyright information:
* foo.py

# SUMMARY

* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: <invalid>
* Unused licenses: 0
* Used licenses: <invalid>, Apache-2.0, CC-BY-SA-4.0, CC0-1.0, GPL-3.0-or-later
* Read errors: 0
* Invalid SPDX License Expressions: 1
* Files with copyright information: 136 / 137
* Files with license information: 137 / 137

Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-(


# RECOMMENDATIONS

* Fix missing licenses: For at least one of the license identifiers provided by
  the 'SPDX-License-Identifier' tags, there is no corresponding license text
  file in the 'LICENSES' directory. For SPDX license identifiers, you can simply
  run 'reuse download --all' to get any missing ones. For custom licenses
  (starting with 'LicenseRef-'), you need to add these files yourself.
* Fix invalid SPDX License Expressions: In one or more files there are SPDX
  License Expressions which cannot be parse. Check whether the value that
  follows 'SPDX-License-Identifier:' is correct. If the detected expression is
  not meant to be valid, put it between 'REUSE-IgnoreStart' and 'REUSE-
  IgnoreEnd' comments.
* Fix missing copyright/licensing information: For one or more files, the tool
  cannot find copyright and/or licensing information. You typically do this by
  adding 'SPDX-FileCopyrightText' and 'SPDX-License-Identifier' tags to each
  file. The tutorial explains additional ways to do this:
  <https://reuse.software/tutorial/>

(reuse-py3.10) ⬢ 📺 carmenbianca reuse-tool $ reuse lint --lines
foo.py: missing license '<invalid>'
foo.py: invalid SPDX License Expression '<invalid>'
foo.py: no copyright notice

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions