fix(SP-4467): correct copyleft docs and remove dead license list

[isasmendiagus]

SP-4467

Background

A customer asked us to confirm how copyleft licenses are determined and reported a discrepancy: the README implies licenses with the -or-later suffix are not copyleft, but the Action correctly flags them.

Root cause

The README stated the default copyleft license list "is defined in" src/utils/license.utils.ts and linked to it. That list is dead code:

• defaultCopyleftLicenses / copyLeftLicenses are populated by init() but copyLeftLicenses is a private field that is never read (there is no isCopyLeft method). The only live export from the file is getOSADL(), used by report.service.ts to build an SPDX URL.
• The actual copyleft pass/fail decision is delegated to scanoss-py inspect copyleft (copyleft-policy-check.ts / copyleft-argument-builder.ts), which determines copyleft from the OSADL copyleft checklist, and OSADL does include -or-later variants (e.g. GPL-2.0-or-later, AGPL-3.0-or-later).

So the Action's behavior is correct; the README was the inaccurate part.

Changes

• README: repoint the copyleft reference from license.utils.ts to scanoss.py / the OSADL checklist, and clarify that -or-later variants (and both Yes / Yes (restricted) entries) are treated as copyleft. Also mention the include / exclude / explicit customization inputs.
• license.utils.ts: remove the unused defaultCopyleftLicenses, copyLeftLicenses, and init(); keep only getOSADL() (its single live use).
• Tests: drop the now-meaningless class-initialization cases; keep full getOSADL() coverage.

Verification

• jest license.utils → 13 passed, license.utils.ts 100% coverage.
• Pre-existing tsc/eslint env issues in this checkout (UploadArtifactOptions.skipArchive, missing typescript-eslint) are unrelated and do not touch these files.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Updated copyleft policy description to clarify how copyleft detection is performed and which license variants are treated as copyleft. Added details on customizing the default copyleft list through configuration options.

• Refactor

  • Simplified internal architecture by focusing specific utilities on their core responsibility.

• Tests

  • Streamlined test suite structure for improved maintainability.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 44b940d6-d05b-4c1f-a937-b9641a075c3c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

LicenseUtil is stripped of its constructor and all copyleft-license configuration logic (default sets, include/exclude handling, init() call), leaving it as a pure SPDX URL builder. The test suite removes the corresponding mock scaffolding, and the README updates the copyleft policy description to reference delegated detection via scanoss-py inspect copyleft.

Changes

LicenseUtil copyleft removal

Layer / File(s)	Summary
Strip copyleft logic from LicenseUtil, tests, and docs src/utils/license.utils.ts, __tests__/license.utils.test.ts, README.md	Constructor and copyleft configuration state removed from LicenseUtil; class doc updated to describe SPDX URL building only. Test suite scaffolding (@actions/core mock, per-test beforeEach, initialization tests) removed in favour of direct instantiation. README copyleft section updated to describe scanoss-py inspect copyleft with OSADL checklist and customization inputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 Snip snip, the copyleft code hops away,
No constructor left to initialize today.
The URL builder stands tidy and lean,
Tests run direct — no mocks in between.
README now points where the logic resides,
A slimmer LicenseUtil bounces with pride! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: correcting copyleft documentation to reference the actual behavior (scanoss-py and OSADL checklist) and removing dead code (unused license configuration variables and init method) from license.utils.ts.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/SP-4467_copyleft-readme-osadl

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 67
• Detected files undeclared: 0
• Detected files declared: 67
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 2 pass (2 total)

View more details on SCANOSS Action Summary

[github-actions]

🔍 SCANOSS Code Similarity Detected

📄 1 snippet matches found

🔗 View detailed findings on commit 556abb4

Files with similarities:

• dist/index.js

💡 Click the commit link above to see detailed annotations for each match.

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 3
• Undeclared components: 1
• Declared components: 2
• Detected files: 67
• Detected files undeclared: 1
• Detected files declared: 66
• Licenses detected: 2
• Licenses detected with copyleft: 0
• Policies: ❌ 1 fail ✅ 1 pass (2 total)

View more details on SCANOSS Action Summary