CryptoSwift license incorrectly identified as Zlib

[hesa]

CryptoSwift license incorrectly identified as Zlib

The CONTRIBUTING and LICENSE files of CryptoSwift are incorrectly
identified as Zlib license.

CryptoSwift: https://github.com/krzyzanowskim/CryptoSwift

• LICENSE file: https://github.com/krzyzanowskim/CryptoSwift/blob/main/LICENSE
• CONTRIBUTING file: https://github.com/krzyzanowskim/CryptoSwift/blob/main/CONTRIBUTING.md

Zlib: https://www.zlib.net/

• license: https://www.zlib.net/zlib_license.html

Major difference

Zlib text

If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.

CryptoSwift text

If you use this software in a product, an acknowledgment in the product documentation is required.

The difference

Zlib says: appreciated but is not required
CryptoSwift: is required

This is quite a difference for users when complying with the license terms.

Additional notes

• The CryptoSwift license needs an identifier

• Unfortunately the LICENSE and CONTRIBUTING files have slightly different texts.

Reproducing

CONTRIBUTING file

Scanning the CONTRIBUTING file

mkdir contributing-file
cd    contributing-file
curl -LJ https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/CONTRIBUTING.md | grep "^//" > CONTRIBUTING.md
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp contributing-file.json contributing-file

Extracting the detected license

$ cat contributing-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

LICENSE file

Scanning the LICENSE file

mkdir license-file
cd    license-file
curl -LJO https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/LICENSE
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp license-file.json license-file

Extracting the detected license

$ cat license-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

Versions etc

• scancode-toolkit 32.3.0
• Ubuntu 24.04.1 LTS
• Python 3.12.3

[DennisClark]

@hesa Thanks for providing all the pertinent details, which are very helpful.

@AyanSinhaMahapatra New license LicenseRef-scancode-cryptoswift created in DejaCode enterprise and public instances. Please synchronize with scancode and the LicenseDB when you can, and correct the appropriate detection rules.