False positive: Extra licenses detected for CKEditor 5 (augmentation.d.ts) #4583
Description
Description
When scanning the package @ckeditor/[email protected] using ScanCode Toolkit, the file package/dist/augmentation.d.ts is detected with the following license expression:
(gpl-2.0-plus AND (gpl-2.0-plus OR lgpl-2.1-plus OR mpl-1.1)) OR commercial-license
This detection is triggered by https://github.com/aboutcode-org/scancode-toolkit/blob/develop/src/licensedcode/data/rules/gpl-2.0-plus_and_gpl-2.0-plus_or_lgpl-2.1-plus_or_mpl-1.1_or_commercial-license_1.RULE, which matches the text:
'For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license'
However, the linked URL currently describes licensing terms for CKEditor 4 and CKEditor 5
CKEditor 4 includes MPL-1.1 and other licenses.
For CKEditor 5 (including version 43.0.0), the license is GPL-2.0-plus, so the detection result is incorrect and includes unnecessary licenses (e.g., MPL-1.1, LGPL-2.1-plus).
How To Reproduce
npm pack @ckeditor/[email protected]
tar -xvf ckeditor-ckeditor5-special-characters-43.0.0.tgz
scancode --license --json-pp scancode.json package
Check the scancode.json output for package/dist/augmentation.d.ts and note the license expression.
System configuration
OS: macOS 15.6.1 (x86_64)
ScanCode Toolkit version: 32.4.1
Installation method: pip