convert spdx structs to versioned pkgs

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

33 files changed, 1142 insertions, 1074 deletions

diff --git a/spdx/annotation.go b/spdx/annotation.go
deleted file mode 100644
index 560b6f0..0000000
--- a/spdx/annotation.go
+++ /dev/null
@@ -1,92 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-)
-
-type Annotator struct {
-	Annotator string
-	// including AnnotatorType: one of "Person", "Organization" or "Tool"
-	AnnotatorType string
-}
-
-// UnmarshalJSON takes an annotator in the typical one-line format and parses it into an Annotator struct.
-// This function is also used when unmarshalling YAML
-func (a *Annotator) UnmarshalJSON(data []byte) error {
-	// annotator will simply be a string
-	annotatorStr := string(data)
-	annotatorStr = strings.Trim(annotatorStr, "\"")
-
-	annotatorFields := strings.SplitN(annotatorStr, ": ", 2)
-
-	if len(annotatorFields) != 2 {
-		return fmt.Errorf("failed to parse Annotator '%s'", annotatorStr)
-	}
-
-	a.AnnotatorType = annotatorFields[0]
-	a.Annotator = annotatorFields[1]
-
-	return nil
-}
-
-// MarshalJSON converts the receiver into a slice of bytes representing an Annotator in string form.
-// This function is also used when marshalling to YAML
-func (a Annotator) MarshalJSON() ([]byte, error) {
-	if a.Annotator != "" {
-		return json.Marshal(fmt.Sprintf("%s: %s", a.AnnotatorType, a.Annotator))
-	}
-
-	return []byte{}, nil
-}
-
-// Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec.
-type Annotation2_1 struct {
-	// 8.1: Annotator
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	Annotator Annotator `json:"annotator"`
-
-	// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationDate string `json:"annotationDate"`
-
-	// 8.3: Annotation Type: "REVIEW" or "OTHER"
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationType string `json:"annotationType"`
-
-	// 8.4: SPDX Identifier Reference
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
-	AnnotationSPDXIdentifier DocElementID `json:"-"`
-
-	// 8.5: Annotation Comment
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationComment string `json:"comment"`
-}
-
-// Annotation2_2 is an Annotation section of an SPDX Document for version 2.2 of the spec.
-type Annotation2_2 struct {
-	// 8.1: Annotator
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	Annotator Annotator `json:"annotator"`
-
-	// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationDate string `json:"annotationDate"`
-
-	// 8.3: Annotation Type: "REVIEW" or "OTHER"
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationType string `json:"annotationType"`
-
-	// 8.4: SPDX Identifier Reference
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
-	AnnotationSPDXIdentifier DocElementID `json:"-"`
-
-	// 8.5: Annotation Comment
-	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationComment string `json:"comment"`
-}
diff --git a/spdx/common/annotation.go b/spdx/common/annotation.go
new file mode 100644
index 0000000..e77d7b7
--- /dev/null
+++ b/spdx/common/annotation.go
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package common
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+type Annotator struct {
+	Annotator string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	AnnotatorType string
+}
+
+// UnmarshalJSON takes an annotator in the typical one-line format and parses it into an Annotator struct.
+// This function is also used when unmarshalling YAML
+func (a *Annotator) UnmarshalJSON(data []byte) error {
+	// annotator will simply be a string
+	annotatorStr := string(data)
+	annotatorStr = strings.Trim(annotatorStr, "\"")
+
+	annotatorFields := strings.SplitN(annotatorStr, ": ", 2)
+
+	if len(annotatorFields) != 2 {
+		return fmt.Errorf("failed to parse Annotator '%s'", annotatorStr)
+	}
+
+	a.AnnotatorType = annotatorFields[0]
+	a.Annotator = annotatorFields[1]
+
+	return nil
+}
+
+// MarshalJSON converts the receiver into a slice of bytes representing an Annotator in string form.
+// This function is also used when marshalling to YAML
+func (a Annotator) MarshalJSON() ([]byte, error) {
+	if a.Annotator != "" {
+		return json.Marshal(fmt.Sprintf("%s: %s", a.AnnotatorType, a.Annotator))
+	}
+
+	return []byte{}, nil
+}
diff --git a/spdx/checksum.go b/spdx/common/checksum.go
index 3295969..02a57ff 100644
--- a/spdx/checksum.go
+++ b/spdx/common/checksum.go
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
-package spdx
+package common
 
 // ChecksumAlgorithm represents the algorithm used to generate the file checksum in the Checksum struct.
 type ChecksumAlgorithm string
diff --git a/spdx/common/creation_info.go b/spdx/common/creation_info.go
new file mode 100644
index 0000000..c87ae7b
--- /dev/null
+++ b/spdx/common/creation_info.go
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package common
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// Creator is a wrapper around the Creator SPDX field. The SPDX field contains two values, which requires special
+// handling in order to marshal/unmarshal it to/from Go data types.
+type Creator struct {
+	Creator string
+	// CreatorType should be one of "Person", "Organization", or "Tool"
+	CreatorType string
+}
+
+// UnmarshalJSON takes an annotator in the typical one-line format and parses it into a Creator struct.
+// This function is also used when unmarshalling YAML
+func (c *Creator) UnmarshalJSON(data []byte) error {
+	str := string(data)
+	str = strings.Trim(str, "\"")
+	fields := strings.SplitN(str, ": ", 2)
+
+	if len(fields) != 2 {
+		return fmt.Errorf("failed to parse Creator '%s'", str)
+	}
+
+	c.CreatorType = fields[0]
+	c.Creator = fields[1]
+
+	return nil
+}
+
+// MarshalJSON converts the receiver into a slice of bytes representing a Creator in string form.
+// This function is also used with marshalling to YAML
+func (c Creator) MarshalJSON() ([]byte, error) {
+	if c.Creator != "" {
+		return json.Marshal(fmt.Sprintf("%s: %s", c.CreatorType, c.Creator))
+	}
+
+	return []byte{}, nil
+}
diff --git a/spdx/identifier.go b/spdx/common/identifier.go
index 56f8ffc..d656867 100644
--- a/spdx/identifier.go
+++ b/spdx/common/identifier.go
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
-package spdx
+package common
 
 import (
 	"encoding/json"
diff --git a/spdx/common/package.go b/spdx/common/package.go
new file mode 100644
index 0000000..e0635df
--- /dev/null
+++ b/spdx/common/package.go
@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package common
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+type Supplier struct {
+	// can be "NOASSERTION"
+	Supplier string
+	// SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION"
+	SupplierType string
+}
+
+// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct.
+// This function is also used when unmarshalling YAML
+func (s *Supplier) UnmarshalJSON(data []byte) error {
+	// the value is just a string presented as a slice of bytes
+	supplierStr := string(data)
+	supplierStr = strings.Trim(supplierStr, "\"")
+
+	if supplierStr == "NOASSERTION" {
+		s.Supplier = supplierStr
+		return nil
+	}
+
+	supplierFields := strings.SplitN(supplierStr, ": ", 2)
+
+	if len(supplierFields) != 2 {
+		return fmt.Errorf("failed to parse Supplier '%s'", supplierStr)
+	}
+
+	s.SupplierType = supplierFields[0]
+	s.Supplier = supplierFields[1]
+
+	return nil
+}
+
+// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form.
+// This function is also used when marshalling to YAML
+func (s Supplier) MarshalJSON() ([]byte, error) {
+	if s.Supplier == "NOASSERTION" {
+		return json.Marshal(s.Supplier)
+	} else if s.SupplierType != "" && s.Supplier != "" {
+		return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier))
+	}
+
+	return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s)
+}
+
+type Originator struct {
+	// can be "NOASSERTION"
+	Originator string
+	// OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION"
+	OriginatorType string
+}
+
+// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct.
+// This function is also used when unmarshalling YAML
+func (o *Originator) UnmarshalJSON(data []byte) error {
+	// the value is just a string presented as a slice of bytes
+	originatorStr := string(data)
+	originatorStr = strings.Trim(originatorStr, "\"")
+
+	if originatorStr == "NOASSERTION" {
+		o.Originator = originatorStr
+		return nil
+	}
+
+	originatorFields := strings.SplitN(originatorStr, ": ", 2)
+
+	if len(originatorFields) != 2 {
+		return fmt.Errorf("failed to parse Originator '%s'", originatorStr)
+	}
+
+	o.OriginatorType = originatorFields[0]
+	o.Originator = originatorFields[1]
+
+	return nil
+}
+
+// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form.
+// This function is also used when marshalling to YAML
+func (o Originator) MarshalJSON() ([]byte, error) {
+	if o.Originator == "NOASSERTION" {
+		return json.Marshal(o.Originator)
+	} else if o.Originator != "" {
+		return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator))
+	}
+
+	return []byte{}, nil
+}
+
+type PackageVerificationCode struct {
+	// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	Value string `json:"packageVerificationCodeValue"`
+	// Spec also allows specifying files to exclude from the
+	// verification code algorithm; intended to enable exclusion of
+	// the SPDX document file itself.
+	ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"`
+}
diff --git a/spdx/common/snippet.go b/spdx/common/snippet.go
new file mode 100644
index 0000000..63afac3
--- /dev/null
+++ b/spdx/common/snippet.go
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package common
+
+type SnippetRangePointer struct {
+	// 5.3: Snippet Byte Range: [start byte]:[end byte]
+	// Cardinality: mandatory, one
+	Offset int `json:"offset,omitempty"`
+
+	// 5.4: Snippet Line Range: [start line]:[end line]
+	// Cardinality: optional, one
+	LineNumber int `json:"lineNumber,omitempty"`
+
+	FileSPDXIdentifier ElementID `json:"reference"`
+}
+
+type SnippetRange struct {
+	StartPointer SnippetRangePointer `json:"startPointer"`
+	EndPointer   SnippetRangePointer `json:"endPointer"`
+}
diff --git a/spdx/creation_info.go b/spdx/creation_info.go
deleted file mode 100644
index c0b6f63..0000000
--- a/spdx/creation_info.go
+++ /dev/null
@@ -1,86 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-)
-
-// Creator is a wrapper around the Creator SPDX field. The SPDX field contains two values, which requires special
-// handling in order to marshal/unmarshal it to/from Go data types.
-type Creator struct {
-	Creator string
-	// CreatorType should be one of "Person", "Organization", or "Tool"
-	CreatorType string
-}
-
-// UnmarshalJSON takes an annotator in the typical one-line format and parses it into a Creator struct.
-// This function is also used when unmarshalling YAML
-func (c *Creator) UnmarshalJSON(data []byte) error {
-	str := string(data)
-	str = strings.Trim(str, "\"")
-	fields := strings.SplitN(str, ": ", 2)
-
-	if len(fields) != 2 {
-		return fmt.Errorf("failed to parse Creator '%s'", str)
-	}
-
-	c.CreatorType = fields[0]
-	c.Creator = fields[1]
-
-	return nil
-}
-
-// MarshalJSON converts the receiver into a slice of bytes representing a Creator in string form.
-// This function is also used with marshalling to YAML
-func (c Creator) MarshalJSON() ([]byte, error) {
-	if c.Creator != "" {
-		return json.Marshal(fmt.Sprintf("%s: %s", c.CreatorType, c.Creator))
-	}
-
-	return []byte{}, nil
-}
-
-// CreationInfo2_1 is a Document Creation Information section of an
-// SPDX Document for version 2.1 of the spec.
-type CreationInfo2_1 struct {
-	// 2.7: License List Version
-	// Cardinality: optional, one
-	LicenseListVersion string `json:"licenseListVersion"`
-
-	// 2.8: Creators: may have multiple keys for Person, Organization
-	//      and/or Tool
-	// Cardinality: mandatory, one or many
-	Creators []Creator `json:"creators"`
-
-	// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: mandatory, one
-	Created string `json:"created"`
-
-	// 2.10: Creator Comment
-	// Cardinality: optional, one
-	CreatorComment string `json:"comment"`
-}
-
-// CreationInfo2_2 is a Document Creation Information section of an
-// SPDX Document for version 2.2 of the spec.
-type CreationInfo2_2 struct {
-	// 2.7: License List Version
-	// Cardinality: optional, one
-	LicenseListVersion string `json:"licenseListVersion"`
-
-	// 2.8: Creators: may have multiple keys for Person, Organization
-	//      and/or Tool
-	// Cardinality: mandatory, one or many
-	Creators []Creator `json:"creators"`
-
-	// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: mandatory, one
-	Created string `json:"created"`
-
-	// 2.10: Creator Comment
-	// Cardinality: optional, one
-	CreatorComment string `json:"comment"`
-}
diff --git a/spdx/document.go b/spdx/document.go
deleted file mode 100644
index a3117cb..0000000
--- a/spdx/document.go
+++ /dev/null
@@ -1,122 +0,0 @@
-// Package spdx contains the struct definition for an SPDX Document
-// and its constituent parts.
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-package spdx
-
-// ExternalDocumentRef2_1 is a reference to an external SPDX document
-// as defined in section 2.6 for version 2.1 of the spec.
-type ExternalDocumentRef2_1 struct {
-	// DocumentRefID is the ID string defined in the start of the
-	// reference. It should _not_ contain the "DocumentRef-" part
-	// of the mandatory ID string.
-	DocumentRefID string `json:"externalDocumentId"`
-
-	// URI is the URI defined for the external document
-	URI string `json:"spdxDocument"`
-
-	// Checksum is the actual hash data
-	Checksum Checksum `json:"checksum"`
-}
-
-// ExternalDocumentRef2_2 is a reference to an external SPDX document
-// as defined in section 2.6 for version 2.2 of the spec.
-type ExternalDocumentRef2_2 struct {
-	// DocumentRefID is the ID string defined in the start of the
-	// reference. It should _not_ contain the "DocumentRef-" part
-	// of the mandatory ID string.
-	DocumentRefID string `json:"externalDocumentId"`
-
-	// URI is the URI defined for the external document
-	URI string `json:"spdxDocument"`
-
-	// Checksum is the actual hash data
-	Checksum Checksum `json:"checksum"`
-}
-
-// Document2_1 is an SPDX Document for version 2.1 of the spec.
-// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf
-type Document2_1 struct {
-	// 2.1: SPDX Version; should be in the format "SPDX-2.1"
-	// Cardinality: mandatory, one
-	SPDXVersion string `json:"spdxVersion"`
-
-	// 2.2: Data License; should be "CC0-1.0"
-	// Cardinality: mandatory, one
-	DataLicense string `json:"dataLicense"`
-
-	// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
-	//      mandatory identifier of SPDXRef-DOCUMENT
-	// Cardinality: mandatory, one
-	SPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 2.4: Document Name
-	// Cardinality: mandatory, one
-	DocumentName string `json:"name"`
-
-	// 2.5: Document Namespace
-	// Cardinality: mandatory, one
-	DocumentNamespace string `json:"documentNamespace"`
-
-	// 2.6: External Document References
-	// Cardinality: optional, one or many
-	ExternalDocumentReferences []ExternalDocumentRef2_1 `json:"externalDocumentRefs,omitempty"`
-
-	// 2.11: Document Comment
-	// Cardinality: optional, one
-	DocumentComment string `json:"comment,omitempty"`
-
-	CreationInfo  *CreationInfo2_1   `json:"creationInfo"`
-	Packages      []*Package2_1      `json:"packages"`
-	Files         []*File2_1         `json:"files"`
-	OtherLicenses []*OtherLicense2_1 `json:"hasExtractedLicensingInfos"`
-	Relationships []*Relationship2_1 `json:"relationships"`
-	Annotations   []*Annotation2_1   `json:"annotations"`
-	Snippets      []Snippet2_1       `json:"snippets"`
-
-	// DEPRECATED in version 2.0 of spec
-	Reviews []*Review2_1
-}
-
-// Document2_2 is an SPDX Document for version 2.2 of the spec.
-// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT)
-type Document2_2 struct {
-	// 2.1: SPDX Version; should be in the format "SPDX-2.2"
-	// Cardinality: mandatory, one
-	SPDXVersion string `json:"spdxVersion"`
-
-	// 2.2: Data License; should be "CC0-1.0"
-	// Cardinality: mandatory, one
-	DataLicense string `json:"dataLicense"`
-
-	// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
-	//      mandatory identifier of SPDXRef-DOCUMENT
-	// Cardinality: mandatory, one
-	SPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 2.4: Document Name
-	// Cardinality: mandatory, one
-	DocumentName string `json:"name"`
-
-	// 2.5: Document Namespace
-	// Cardinality: mandatory, one
-	DocumentNamespace string `json:"documentNamespace"`
-
-	// 2.6: External Document References
-	// Cardinality: optional, one or many
-	ExternalDocumentReferences []ExternalDocumentRef2_2 `json:"externalDocumentRefs,omitempty"`
-
-	// 2.11: Document Comment
-	// Cardinality: optional, one
-	DocumentComment string `json:"comment,omitempty"`
-
-	CreationInfo  *CreationInfo2_2   `json:"creationInfo"`
-	Packages      []*Package2_2      `json:"packages"`
-	Files         []*File2_2         `json:"files"`
-	OtherLicenses []*OtherLicense2_2 `json:"hasExtractedLicensingInfos"`
-	Relationships []*Relationship2_2 `json:"relationships"`
-	Annotations   []*Annotation2_2   `json:"annotations"`
-	Snippets      []Snippet2_2       `json:"snippets"`
-
-	// DEPRECATED in version 2.0 of spec
-	Reviews []*Review2_2
-}
diff --git a/spdx/file.go b/spdx/file.go
deleted file mode 100644
index 01dbb36..0000000
--- a/spdx/file.go
+++ /dev/null
@@ -1,177 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-// File2_1 is a File section of an SPDX Document for version 2.1 of the spec.
-type File2_1 struct {
-	// 4.1: File Name
-	// Cardinality: mandatory, one
-	FileName string `json:"fileName"`
-
-	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	FileSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 4.3: File Types
-	// Cardinality: optional, multiple
-	FileTypes []string `json:"fileTypes,omitempty"`
-
-	// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
-	// Cardinality: mandatory, one SHA1, others may be optionally provided
-	Checksums []Checksum `json:"checksums"`
-
-	// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	LicenseConcluded string `json:"licenseConcluded"`
-
-	// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one or many
-	LicenseInfoInFiles []string `json:"licenseInfoInFiles"`
-
-	// 4.7: Comments on License
-	// Cardinality: optional, one
-	LicenseComments string `json:"licenseComments,omitempty"`
-
-	// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	FileCopyrightText string `json:"copyrightText"`
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.9-4.11: Artifact of Project variables (defined below)
-	// Cardinality: optional, one or many
-	ArtifactOfProjects []*ArtifactOfProject2_1 `json:"-"`
-
-	// 4.12: File Comment
-	// Cardinality: optional, one
-	FileComment string `json:"comment,omitempty"`
-
-	// 4.13: File Notice
-	// Cardinality: optional, one
-	FileNotice string `json:"noticeText,omitempty"`
-
-	// 4.14: File Contributor
-	// Cardinality: optional, one or many
-	FileContributors []string `json:"fileContributors,omitempty"`
-
-	// DEPRECATED in version 2.0 of spec
-	// 4.15: File Dependencies
-	// Cardinality: optional, one or many
-	FileDependencies []string `json:"-"`
-
-	// Snippets contained in this File
-	// Note that Snippets could be defined in a different Document! However,
-	// the only ones that _THIS_ document can contain are the ones that are
-	// defined here -- so this should just be an ElementID.
-	Snippets map[ElementID]*Snippet2_1 `json:"-"`
-
-	Annotations []Annotation2_1 `json:"annotations"`
-}
-
-// ArtifactOfProject2_1 is a DEPRECATED collection of data regarding
-// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec.
-type ArtifactOfProject2_1 struct {
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.9: Artifact of Project Name
-	// Cardinality: conditional, required if present, one per AOP
-	Name string
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
-	// Cardinality: optional, one per AOP
-	HomePage string
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.11: Artifact of Project Uniform Resource Identifier
-	// Cardinality: optional, one per AOP
-	URI string
-}
-
-// File2_2 is a File section of an SPDX Document for version 2.2 of the spec.
-type File2_2 struct {
-	// 4.1: File Name
-	// Cardinality: mandatory, one
-	FileName string `json:"fileName"`
-
-	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	FileSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 4.3: File Types
-	// Cardinality: optional, multiple
-	FileTypes []string `json:"fileTypes,omitempty"`
-
-	// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
-	// Cardinality: mandatory, one SHA1, others may be optionally provided
-	Checksums []Checksum `json:"checksums"`
-
-	// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	LicenseConcluded string `json:"licenseConcluded"`
-
-	// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one or many
-	LicenseInfoInFiles []string `json:"licenseInfoInFiles"`
-
-	// 4.7: Comments on License
-	// Cardinality: optional, one
-	LicenseComments string `json:"licenseComments,omitempty"`
-
-	// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	FileCopyrightText string `json:"copyrightText"`
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.9-4.11: Artifact of Project variables (defined below)
-	// Cardinality: optional, one or many
-	ArtifactOfProjects []*ArtifactOfProject2_2 `json:"-"`
-
-	// 4.12: File Comment
-	// Cardinality: optional, one
-	FileComment string `json:"comment,omitempty"`
-
-	// 4.13: File Notice
-	// Cardinality: optional, one
-	FileNotice string `json:"noticeText,omitempty"`
-
-	// 4.14: File Contributor
-	// Cardinality: optional, one or many
-	FileContributors []string `json:"fileContributors,omitempty"`
-
-	// 4.15: File Attribution Text
-	// Cardinality: optional, one or many
-	FileAttributionTexts []string `json:"attributionTexts,omitempty"`
-
-	// DEPRECATED in version 2.0 of spec
-	// 4.16: File Dependencies
-	// Cardinality: optional, one or many
-	FileDependencies []string `json:"-"`
-
-	// Snippets contained in this File
-	// Note that Snippets could be defined in a different Document! However,
-	// the only ones that _THIS_ document can contain are this ones that are
-	// defined here -- so this should just be an ElementID.
-	Snippets map[ElementID]*Snippet2_2 `json:"-"`
-
-	Annotations []Annotation2_2 `json:"annotations,omitempty"`
-}
-
-// ArtifactOfProject2_2 is a DEPRECATED collection of data regarding
-// a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec.
-type ArtifactOfProject2_2 struct {
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.9: Artifact of Project Name
-	// Cardinality: conditional, required if present, one per AOP
-	Name string
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
-	// Cardinality: optional, one per AOP
-	HomePage string
-
-	// DEPRECATED in version 2.1 of spec
-	// 4.11: Artifact of Project Uniform Resource Identifier
-	// Cardinality: optional, one per AOP
-	URI string
-}
diff --git a/spdx/other_license.go b/spdx/other_license.go
deleted file mode 100644
index 6e43676..0000000
--- a/spdx/other_license.go
+++ /dev/null
@@ -1,59 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-// OtherLicense2_1 is an Other License Information section of an
-// SPDX Document for version 2.1 of the spec.
-type OtherLicense2_1 struct {
-	// 6.1: License Identifier: "LicenseRef-[idstring]"
-	// Cardinality: conditional (mandatory, one) if license is not
-	//              on SPDX License List
-	LicenseIdentifier string `json:"licenseId"`
-
-	// 6.2: Extracted Text
-	// Cardinality: conditional (mandatory, one) if there is a
-	//              License Identifier assigned
-	ExtractedText string `json:"extractedText"`
-
-	// 6.3: License Name: single line of text or "NOASSERTION"
-	// Cardinality: conditional (mandatory, one) if license is not
-	//              on SPDX License List
-	LicenseName string `json:"name,omitempty"`
-
-	// 6.4: License Cross Reference
-	// Cardinality: conditional (optional, one or many) if license
-	//              is not on SPDX License List
-	LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
-
-	// 6.5: License Comment
-	// Cardinality: optional, one
-	LicenseComment string `json:"comment,omitempty"`
-}
-
-// OtherLicense2_2 is an Other License Information section of an
-// SPDX Document for version 2.2 of the spec.
-type OtherLicense2_2 struct {
-	// 6.1: License Identifier: "LicenseRef-[idstring]"
-	// Cardinality: conditional (mandatory, one) if license is not
-	//              on SPDX License List
-	LicenseIdentifier string `json:"licenseId"`
-
-	// 6.2: Extracted Text
-	// Cardinality: conditional (mandatory, one) if there is a
-	//              License Identifier assigned
-	ExtractedText string `json:"extractedText"`
-
-	// 6.3: License Name: single line of text or "NOASSERTION"
-	// Cardinality: conditional (mandatory, one) if license is not
-	//              on SPDX License List
-	LicenseName string `json:"name,omitempty"`
-
-	// 6.4: License Cross Reference
-	// Cardinality: conditional (optional, one or many) if license
-	//              is not on SPDX License List
-	LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
-
-	// 6.5: License Comment
-	// Cardinality: optional, one
-	LicenseComment string `json:"comment,omitempty"`
-}
diff --git a/spdx/package.go b/spdx/package.go
deleted file mode 100644
index e6c4522..0000000
--- a/spdx/package.go
+++ /dev/null
@@ -1,348 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-)
-
-type Supplier struct {
-	// can be "NOASSERTION"
-	Supplier string
-	// SupplierType can be one of "Person", "Organization", or empty if Supplier is "NOASSERTION"
-	SupplierType string
-}
-
-// UnmarshalJSON takes a supplier in the typical one-line format and parses it into a Supplier struct.
-// This function is also used when unmarshalling YAML
-func (s *Supplier) UnmarshalJSON(data []byte) error {
-	// the value is just a string presented as a slice of bytes
-	supplierStr := string(data)
-	supplierStr = strings.Trim(supplierStr, "\"")
-
-	if supplierStr == "NOASSERTION" {
-		s.Supplier = supplierStr
-		return nil
-	}
-
-	supplierFields := strings.SplitN(supplierStr, ": ", 2)
-
-	if len(supplierFields) != 2 {
-		return fmt.Errorf("failed to parse Supplier '%s'", supplierStr)
-	}
-
-	s.SupplierType = supplierFields[0]
-	s.Supplier = supplierFields[1]
-
-	return nil
-}
-
-// MarshalJSON converts the receiver into a slice of bytes representing a Supplier in string form.
-// This function is also used when marshalling to YAML
-func (s Supplier) MarshalJSON() ([]byte, error) {
-	if s.Supplier == "NOASSERTION" {
-		return json.Marshal(s.Supplier)
-	} else if s.SupplierType != "" && s.Supplier != "" {
-		return json.Marshal(fmt.Sprintf("%s: %s", s.SupplierType, s.Supplier))
-	}
-
-	return []byte{}, fmt.Errorf("failed to marshal invalid Supplier: %+v", s)
-}
-
-type Originator struct {
-	// can be "NOASSERTION"
-	Originator string
-	// OriginatorType can be one of "Person", "Organization", or empty if Originator is "NOASSERTION"
-	OriginatorType string
-}
-
-// UnmarshalJSON takes an originator in the typical one-line format and parses it into an Originator struct.
-// This function is also used when unmarshalling YAML
-func (o *Originator) UnmarshalJSON(data []byte) error {
-	// the value is just a string presented as a slice of bytes
-	originatorStr := string(data)
-	originatorStr = strings.Trim(originatorStr, "\"")
-
-	if originatorStr == "NOASSERTION" {
-		o.Originator = originatorStr
-		return nil
-	}
-
-	originatorFields := strings.SplitN(originatorStr, ": ", 2)
-
-	if len(originatorFields) != 2 {
-		return fmt.Errorf("failed to parse Originator '%s'", originatorStr)
-	}
-
-	o.OriginatorType = originatorFields[0]
-	o.Originator = originatorFields[1]
-
-	return nil
-}
-
-// MarshalJSON converts the receiver into a slice of bytes representing an Originator in string form.
-// This function is also used when marshalling to YAML
-func (o Originator) MarshalJSON() ([]byte, error) {
-	if o.Originator == "NOASSERTION" {
-		return json.Marshal(o.Originator)
-	} else if o.Originator != "" {
-		return json.Marshal(fmt.Sprintf("%s: %s", o.OriginatorType, o.Originator))
-	}
-
-	return []byte{}, nil
-}
-
-type PackageVerificationCode struct {
-	// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
-	//              zero (must be omitted) if filesAnalyzed is false
-	Value string `json:"packageVerificationCodeValue"`
-	// Spec also allows specifying files to exclude from the
-	// verification code algorithm; intended to enable exclusion of
-	// the SPDX document file itself.
-	ExcludedFiles []string `json:"packageVerificationCodeExcludedFiles"`
-}
-
-// Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
-type Package2_1 struct {
-	// 3.1: Package Name
-	// Cardinality: mandatory, one
-	PackageName string `json:"name"`
-
-	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	PackageSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 3.3: Package Version
-	// Cardinality: optional, one
-	PackageVersion string `json:"versionInfo,omitempty"`
-
-	// 3.4: Package File Name
-	// Cardinality: optional, one
-	PackageFileName string `json:"packageFileName,omitempty"`
-
-	// 3.5: Package Supplier: may have single result for either Person or Organization,
-	//                        or NOASSERTION
-	// Cardinality: optional, one
-	PackageSupplier *Supplier `json:"supplier,omitempty"`
-
-	// 3.6: Package Originator: may have single result for either Person or Organization,
-	//                          or NOASSERTION
-	// Cardinality: optional, one
-	PackageOriginator *Originator `json:"originator,omitempty"`
-
-	// 3.7: Package Download Location
-	// Cardinality: mandatory, one
-	PackageDownloadLocation string `json:"downloadLocation"`
-
-	// 3.8: FilesAnalyzed
-	// Cardinality: optional, one; default value is "true" if omitted
-	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
-	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
-	IsFilesAnalyzedTagPresent bool `json:"-"`
-
-	// 3.9: Package Verification Code
-	PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"`
-
-	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
-	// Cardinality: optional, one or many
-	PackageChecksums []Checksum `json:"checksums,omitempty"`
-
-	// 3.11: Package Home Page
-	// Cardinality: optional, one
-	PackageHomePage string `json:"homepage,omitempty"`
-
-	// 3.12: Source Information
-	// Cardinality: optional, one
-	PackageSourceInfo string `json:"sourceInfo,omitempty"`
-
-	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageLicenseConcluded string `json:"licenseConcluded"`
-
-	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
-	//              zero (must be omitted) if filesAnalyzed is false
-	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
-
-	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageLicenseDeclared string `json:"licenseDeclared"`
-
-	// 3.16: Comments on License
-	// Cardinality: optional, one
-	PackageLicenseComments string `json:"licenseComments,omitempty"`
-
-	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageCopyrightText string `json:"copyrightText"`
-
-	// 3.18: Package Summary Description
-	// Cardinality: optional, one
-	PackageSummary string `json:"summary,omitempty"`
-
-	// 3.19: Package Detailed Description
-	// Cardinality: optional, one
-	PackageDescription string `json:"description,omitempty"`
-
-	// 3.20: Package Comment
-	// Cardinality: optional, one
-	PackageComment string `json:"comment,omitempty"`
-
-	// 3.21: Package External Reference
-	// Cardinality: optional, one or many
-	PackageExternalReferences []*PackageExternalReference2_1 `json:"externalRefs,omitempty"`
-
-	// Files contained in this Package
-	Files []*File2_1
-
-	Annotations []Annotation2_1 `json:"annotations,omitempty"`
-}
-
-// PackageExternalReference2_1 is an External Reference to additional info
-// about a Package, as defined in section 3.21 in version 2.1 of the spec.
-type PackageExternalReference2_1 struct {
-	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
-	Category string `json:"referenceCategory"`
-
-	// type is an [idstring] as defined in Appendix VI;
-	// called RefType here due to "type" being a Golang keyword
-	RefType string `json:"referenceType"`
-
-	// locator is a unique string to access the package-specific
-	// info, metadata or content within the target location
-	Locator string `json:"referenceLocator"`
-
-	// 3.22: Package External Reference Comment
-	// Cardinality: conditional (optional, one) for each External Reference
-	ExternalRefComment string `json:"comment"`
-}
-
-// Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec.
-type Package2_2 struct {
-	// NOT PART OF SPEC
-	// flag: does this "package" contain files that were in fact "unpackaged",
-	// e.g. included directly in the Document without being in a Package?
-	IsUnpackaged bool
-
-	// 3.1: Package Name
-	// Cardinality: mandatory, one
-	PackageName string `json:"name"`
-
-	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	PackageSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 3.3: Package Version
-	// Cardinality: optional, one
-	PackageVersion string `json:"versionInfo,omitempty"`
-
-	// 3.4: Package File Name
-	// Cardinality: optional, one
-	PackageFileName string `json:"packageFileName,omitempty"`
-
-	// 3.5: Package Supplier: may have single result for either Person or Organization,
-	//                        or NOASSERTION
-	// Cardinality: optional, one
-	PackageSupplier *Supplier `json:"supplier,omitempty"`
-
-	// 3.6: Package Originator: may have single result for either Person or Organization,
-	//                          or NOASSERTION
-	// Cardinality: optional, one
-	PackageOriginator *Originator `json:"originator,omitempty"`
-
-	// 3.7: Package Download Location
-	// Cardinality: mandatory, one
-	PackageDownloadLocation string `json:"downloadLocation"`
-
-	// 3.8: FilesAnalyzed
-	// Cardinality: optional, one; default value is "true" if omitted
-	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
-	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
-	IsFilesAnalyzedTagPresent bool
-
-	// 3.9: Package Verification Code
-	PackageVerificationCode PackageVerificationCode `json:"packageVerificationCode"`
-
-	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
-	// Cardinality: optional, one or many
-	PackageChecksums []Checksum `json:"checksums"`
-
-	// 3.11: Package Home Page
-	// Cardinality: optional, one
-	PackageHomePage string `json:"homepage,omitempty"`
-
-	// 3.12: Source Information
-	// Cardinality: optional, one
-	PackageSourceInfo string `json:"sourceInfo,omitempty"`
-
-	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageLicenseConcluded string `json:"licenseConcluded"`
-
-	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
-	//              zero (must be omitted) if filesAnalyzed is false
-	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
-
-	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageLicenseDeclared string `json:"licenseDeclared"`
-
-	// 3.16: Comments on License
-	// Cardinality: optional, one
-	PackageLicenseComments string `json:"licenseComments,omitempty"`
-
-	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	PackageCopyrightText string `json:"copyrightText"`
-
-	// 3.18: Package Summary Description
-	// Cardinality: optional, one
-	PackageSummary string `json:"summary,omitempty"`
-
-	// 3.19: Package Detailed Description
-	// Cardinality: optional, one
-	PackageDescription string `json:"description,omitempty"`
-
-	// 3.20: Package Comment
-	// Cardinality: optional, one
-	PackageComment string `json:"comment,omitempty"`
-
-	// 3.21: Package External Reference
-	// Cardinality: optional, one or many
-	PackageExternalReferences []*PackageExternalReference2_2 `json:"externalRefs,omitempty"`
-
-	// 3.22: Package External Reference Comment
-	// Cardinality: conditional (optional, one) for each External Reference
-	// contained within PackageExternalReference2_1 struct, if present
-
-	// 3.23: Package Attribution Text
-	// Cardinality: optional, one or many
-	PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
-
-	// Files contained in this Package
-	Files []*File2_2
-
-	Annotations []Annotation2_2 `json:"annotations"`
-}
-
-// PackageExternalReference2_2 is an External Reference to additional info
-// about a Package, as defined in section 3.21 in version 2.2 of the spec.
-type PackageExternalReference2_2 struct {
-	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
-	Category string `json:"referenceCategory"`
-
-	// type is an [idstring] as defined in Appendix VI;
-	// called RefType here due to "type" being a Golang keyword
-	RefType string `json:"referenceType"`
-
-	// locator is a unique string to access the package-specific
-	// info, metadata or content within the target location
-	Locator string `json:"referenceLocator"`
-
-	// 3.22: Package External Reference Comment
-	// Cardinality: conditional (optional, one) for each External Reference
-	ExternalRefComment string `json:"comment"`
-}
diff --git a/spdx/relationship.go b/spdx/relationship.go
deleted file mode 100644
index 9127727..0000000
--- a/spdx/relationship.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-// Relationship2_1 is a Relationship section of an SPDX Document for
-// version 2.1 of the spec.
-type Relationship2_1 struct {
-
-	// 7.1: Relationship
-	// Cardinality: optional, one or more; one per Relationship2_1
-	//              one mandatory for SPDX Document with multiple packages
-	// RefA and RefB are first and second item
-	// Relationship is type from 7.1.1
-	RefA         DocElementID `json:"spdxElementId"`
-	RefB         DocElementID `json:"relatedSpdxElement"`
-	Relationship string       `json:"relationshipType"`
-
-	// 7.2: Relationship Comment
-	// Cardinality: optional, one
-	RelationshipComment string `json:"comment,omitempty"`
-}
-
-// Relationship2_2 is a Relationship section of an SPDX Document for
-// version 2.2 of the spec.
-type Relationship2_2 struct {
-
-	// 7.1: Relationship
-	// Cardinality: optional, one or more; one per Relationship2_2
-	//              one mandatory for SPDX Document with multiple packages
-	// RefA and RefB are first and second item
-	// Relationship is type from 7.1.1
-	RefA         DocElementID `json:"spdxElementId"`
-	RefB         DocElementID `json:"relatedSpdxElement"`
-	Relationship string       `json:"relationshipType"`
-
-	// 7.2: Relationship Comment
-	// Cardinality: optional, one
-	RelationshipComment string `json:"comment,omitempty"`
-}
diff --git a/spdx/review.go b/spdx/review.go
deleted file mode 100644
index 8ca6a77..0000000
--- a/spdx/review.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-// Review2_1 is a Review section of an SPDX Document for version 2.1 of the spec.
-// DEPRECATED in version 2.0 of spec; retained here for compatibility.
-type Review2_1 struct {
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.1: Reviewer
-	// Cardinality: optional, one
-	Reviewer string
-	// including AnnotatorType: one of "Person", "Organization" or "Tool"
-	ReviewerType string
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: conditional (mandatory, one) if there is a Reviewer
-	ReviewDate string
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.3: Review Comment
-	// Cardinality: optional, one
-	ReviewComment string
-}
-
-// Review2_2 is a Review section of an SPDX Document for version 2.2 of the spec.
-// DEPRECATED in version 2.0 of spec; retained here for compatibility.
-type Review2_2 struct {
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.1: Reviewer
-	// Cardinality: optional, one
-	Reviewer string
-	// including AnnotatorType: one of "Person", "Organization" or "Tool"
-	ReviewerType string
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
-	// Cardinality: conditional (mandatory, one) if there is a Reviewer
-	ReviewDate string
-
-	// DEPRECATED in version 2.0 of spec
-	// 9.3: Review Comment
-	// Cardinality: optional, one
-	ReviewComment string
-}
diff --git a/spdx/snippet.go b/spdx/snippet.go
deleted file mode 100644
index 6bffb8c..0000000
--- a/spdx/snippet.go
+++ /dev/null
@@ -1,102 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-package spdx
-
-type SnippetRangePointer struct {
-	// 5.3: Snippet Byte Range: [start byte]:[end byte]
-	// Cardinality: mandatory, one
-	Offset int `json:"offset,omitempty"`
-
-	// 5.4: Snippet Line Range: [start line]:[end line]
-	// Cardinality: optional, one
-	LineNumber int `json:"lineNumber,omitempty"`
-
-	FileSPDXIdentifier ElementID `json:"reference"`
-}
-
-type SnippetRange struct {
-	StartPointer SnippetRangePointer `json:"startPointer"`
-	EndPointer   SnippetRangePointer `json:"endPointer"`
-}
-
-// Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec.
-type Snippet2_1 struct {
-
-	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	SnippetSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 5.2: Snippet from File SPDX Identifier
-	// Cardinality: mandatory, one
-	SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"`
-
-	// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
-	Ranges []SnippetRange `json:"ranges"`
-
-	// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	SnippetLicenseConcluded string `json:"licenseConcluded"`
-
-	// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: optional, one or many
-	LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
-
-	// 5.7: Snippet Comments on License
-	// Cardinality: optional, one
-	SnippetLicenseComments string `json:"licenseComments,omitempty"`
-
-	// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	SnippetCopyrightText string `json:"copyrightText"`
-
-	// 5.9: Snippet Comment
-	// Cardinality: optional, one
-	SnippetComment string `json:"comment,omitempty"`
-
-	// 5.10: Snippet Name
-	// Cardinality: optional, one
-	SnippetName string `json:"name,omitempty"`
-}
-
-// Snippet2_2 is a Snippet section of an SPDX Document for version 2.2 of the spec.
-type Snippet2_2 struct {
-
-	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
-	// Cardinality: mandatory, one
-	SnippetSPDXIdentifier ElementID `json:"SPDXID"`
-
-	// 5.2: Snippet from File SPDX Identifier
-	// Cardinality: mandatory, one
-	SnippetFromFileSPDXIdentifier ElementID `json:"snippetFromFile"`
-
-	// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
-	Ranges []SnippetRange `json:"ranges"`
-
-	// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	SnippetLicenseConcluded string `json:"licenseConcluded"`
-
-	// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
-	// Cardinality: optional, one or many
-	LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
-
-	// 5.7: Snippet Comments on License
-	// Cardinality: optional, one
-	SnippetLicenseComments string `json:"licenseComments,omitempty"`
-
-	// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
-	// Cardinality: mandatory, one
-	SnippetCopyrightText string `json:"copyrightText"`
-
-	// 5.9: Snippet Comment
-	// Cardinality: optional, one
-	SnippetComment string `json:"comment,omitempty"`
-
-	// 5.10: Snippet Name
-	// Cardinality: optional, one
-	SnippetName string `json:"name,omitempty"`
-
-	// 5.11: Snippet Attribution Text
-	// Cardinality: optional, one or many
-	SnippetAttributionTexts []string `json:"-"`
-}
diff --git a/spdx/v2_1/annotation.go b/spdx/v2_1/annotation.go
new file mode 100644
index 0000000..45fcd13
--- /dev/null
+++ b/spdx/v2_1/annotation.go
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Annotation is an Annotation section of an SPDX Document for version 2.1 of the spec.
+type Annotation struct {
+	// 8.1: Annotator
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	Annotator common.Annotator `json:"annotator"`
+
+	// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationDate string `json:"annotationDate"`
+
+	// 8.3: Annotation Type: "REVIEW" or "OTHER"
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationType string `json:"annotationType"`
+
+	// 8.4: SPDX Identifier Reference
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
+	AnnotationSPDXIdentifier common.DocElementID `json:"-"`
+
+	// 8.5: Annotation Comment
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationComment string `json:"comment"`
+}
diff --git a/spdx/v2_1/creation_info.go b/spdx/v2_1/creation_info.go
new file mode 100644
index 0000000..f4c4f41
--- /dev/null
+++ b/spdx/v2_1/creation_info.go
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// CreationInfo is a Document Creation Information section of an
+// SPDX Document for version 2.1 of the spec.
+type CreationInfo struct {
+	// 2.7: License List Version
+	// Cardinality: optional, one
+	LicenseListVersion string `json:"licenseListVersion"`
+
+	// 2.8: Creators: may have multiple keys for Person, Organization
+	//      and/or Tool
+	// Cardinality: mandatory, one or many
+	Creators []common.Creator `json:"creators"`
+
+	// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: mandatory, one
+	Created string `json:"created"`
+
+	// 2.10: Creator Comment
+	// Cardinality: optional, one
+	CreatorComment string `json:"comment"`
+}
diff --git a/spdx/v2_1/document.go b/spdx/v2_1/document.go
new file mode 100644
index 0000000..9721463
--- /dev/null
+++ b/spdx/v2_1/document.go
@@ -0,0 +1,65 @@
+// Package spdx contains the struct definition for an SPDX Document
+// and its constituent parts.
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// ExternalDocumentRef is a reference to an external SPDX document
+// as defined in section 2.6 for version 2.1 of the spec.
+type ExternalDocumentRef struct {
+	// DocumentRefID is the ID string defined in the start of the
+	// reference. It should _not_ contain the "DocumentRef-" part
+	// of the mandatory ID string.
+	DocumentRefID string `json:"externalDocumentId"`
+
+	// URI is the URI defined for the external document
+	URI string `json:"spdxDocument"`
+
+	// Checksum is the actual hash data
+	Checksum common.Checksum `json:"checksum"`
+}
+
+// Document is an SPDX Document for version 2.1 of the spec.
+// See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf
+type Document struct {
+	// 2.1: SPDX Version; should be in the format "SPDX-2.1"
+	// Cardinality: mandatory, one
+	SPDXVersion string `json:"spdxVersion"`
+
+	// 2.2: Data License; should be "CC0-1.0"
+	// Cardinality: mandatory, one
+	DataLicense string `json:"dataLicense"`
+
+	// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
+	//      mandatory identifier of SPDXRef-DOCUMENT
+	// Cardinality: mandatory, one
+	SPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 2.4: Document Name
+	// Cardinality: mandatory, one
+	DocumentName string `json:"name"`
+
+	// 2.5: Document Namespace
+	// Cardinality: mandatory, one
+	DocumentNamespace string `json:"documentNamespace"`
+
+	// 2.6: External Document References
+	// Cardinality: optional, one or many
+	ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
+
+	// 2.11: Document Comment
+	// Cardinality: optional, one
+	DocumentComment string `json:"comment,omitempty"`
+
+	CreationInfo  *CreationInfo   `json:"creationInfo"`
+	Packages      []*Package      `json:"packages"`
+	Files         []*File         `json:"files"`
+	OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos"`
+	Relationships []*Relationship `json:"relationships"`
+	Annotations   []*Annotation   `json:"annotations"`
+	Snippets      []Snippet       `json:"snippets"`
+
+	// DEPRECATED in version 2.0 of spec
+	Reviews []*Review
+}
diff --git a/spdx/v2_1/file.go b/spdx/v2_1/file.go
new file mode 100644
index 0000000..ffdec94
--- /dev/null
+++ b/spdx/v2_1/file.go
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// File is a File section of an SPDX Document for version 2.1 of the spec.
+type File struct {
+	// 4.1: File Name
+	// Cardinality: mandatory, one
+	FileName string `json:"fileName"`
+
+	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	FileSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 4.3: File Types
+	// Cardinality: optional, multiple
+	FileTypes []string `json:"fileTypes,omitempty"`
+
+	// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: mandatory, one SHA1, others may be optionally provided
+	Checksums []common.Checksum `json:"checksums"`
+
+	// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	LicenseConcluded string `json:"licenseConcluded"`
+
+	// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many
+	LicenseInfoInFiles []string `json:"licenseInfoInFiles"`
+
+	// 4.7: Comments on License
+	// Cardinality: optional, one
+	LicenseComments string `json:"licenseComments,omitempty"`
+
+	// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	FileCopyrightText string `json:"copyrightText"`
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9-4.11: Artifact of Project variables (defined below)
+	// Cardinality: optional, one or many
+	ArtifactOfProjects []*ArtifactOfProject `json:"-"`
+
+	// 4.12: File Comment
+	// Cardinality: optional, one
+	FileComment string `json:"comment,omitempty"`
+
+	// 4.13: File Notice
+	// Cardinality: optional, one
+	FileNotice string `json:"noticeText,omitempty"`
+
+	// 4.14: File Contributor
+	// Cardinality: optional, one or many
+	FileContributors []string `json:"fileContributors,omitempty"`
+
+	// DEPRECATED in version 2.0 of spec
+	// 4.15: File Dependencies
+	// Cardinality: optional, one or many
+	FileDependencies []string `json:"-"`
+
+	// Snippets contained in this File
+	// Note that Snippets could be defined in a different Document! However,
+	// the only ones that _THIS_ document can contain are the ones that are
+	// defined here -- so this should just be an ElementID.
+	Snippets map[common.ElementID]*Snippet `json:"-"`
+
+	Annotations []Annotation `json:"annotations"`
+}
+
+// ArtifactOfProject is a DEPRECATED collection of data regarding
+// a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec.
+type ArtifactOfProject struct {
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9: Artifact of Project Name
+	// Cardinality: conditional, required if present, one per AOP
+	Name string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
+	// Cardinality: optional, one per AOP
+	HomePage string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.11: Artifact of Project Uniform Resource Identifier
+	// Cardinality: optional, one per AOP
+	URI string
+}
diff --git a/spdx/v2_1/other_license.go b/spdx/v2_1/other_license.go
new file mode 100644
index 0000000..6ae09fe
--- /dev/null
+++ b/spdx/v2_1/other_license.go
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+// OtherLicense is an Other License Information section of an
+// SPDX Document for version 2.1 of the spec.
+type OtherLicense struct {
+	// 6.1: License Identifier: "LicenseRef-[idstring]"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseIdentifier string `json:"licenseId"`
+
+	// 6.2: Extracted Text
+	// Cardinality: conditional (mandatory, one) if there is a
+	//              License Identifier assigned
+	ExtractedText string `json:"extractedText"`
+
+	// 6.3: License Name: single line of text or "NOASSERTION"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseName string `json:"name,omitempty"`
+
+	// 6.4: License Cross Reference
+	// Cardinality: conditional (optional, one or many) if license
+	//              is not on SPDX License List
+	LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
+
+	// 6.5: License Comment
+	// Cardinality: optional, one
+	LicenseComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_1/package.go b/spdx/v2_1/package.go
new file mode 100644
index 0000000..4bf5636
--- /dev/null
+++ b/spdx/v2_1/package.go
@@ -0,0 +1,120 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Package is a Package section of an SPDX Document for version 2.1 of the spec.
+type Package struct {
+	// 3.1: Package Name
+	// Cardinality: mandatory, one
+	PackageName string `json:"name"`
+
+	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 3.3: Package Version
+	// Cardinality: optional, one
+	PackageVersion string `json:"versionInfo,omitempty"`
+
+	// 3.4: Package File Name
+	// Cardinality: optional, one
+	PackageFileName string `json:"packageFileName,omitempty"`
+
+	// 3.5: Package Supplier: may have single result for either Person or Organization,
+	//                        or NOASSERTION
+	// Cardinality: optional, one
+	PackageSupplier *common.Supplier `json:"supplier,omitempty"`
+
+	// 3.6: Package Originator: may have single result for either Person or Organization,
+	//                          or NOASSERTION
+	// Cardinality: optional, one
+	PackageOriginator *common.Originator `json:"originator,omitempty"`
+
+	// 3.7: Package Download Location
+	// Cardinality: mandatory, one
+	PackageDownloadLocation string `json:"downloadLocation"`
+
+	// 3.8: FilesAnalyzed
+	// Cardinality: optional, one; default value is "true" if omitted
+	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
+	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
+	IsFilesAnalyzedTagPresent bool `json:"-"`
+
+	// 3.9: Package Verification Code
+	PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"`
+
+	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: optional, one or many
+	PackageChecksums []common.Checksum `json:"checksums,omitempty"`
+
+	// 3.11: Package Home Page
+	// Cardinality: optional, one
+	PackageHomePage string `json:"homepage,omitempty"`
+
+	// 3.12: Source Information
+	// Cardinality: optional, one
+	PackageSourceInfo string `json:"sourceInfo,omitempty"`
+
+	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseConcluded string `json:"licenseConcluded"`
+
+	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
+
+	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseDeclared string `json:"licenseDeclared"`
+
+	// 3.16: Comments on License
+	// Cardinality: optional, one
+	PackageLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageCopyrightText string `json:"copyrightText"`
+
+	// 3.18: Package Summary Description
+	// Cardinality: optional, one
+	PackageSummary string `json:"summary,omitempty"`
+
+	// 3.19: Package Detailed Description
+	// Cardinality: optional, one
+	PackageDescription string `json:"description,omitempty"`
+
+	// 3.20: Package Comment
+	// Cardinality: optional, one
+	PackageComment string `json:"comment,omitempty"`
+
+	// 3.21: Package External Reference
+	// Cardinality: optional, one or many
+	PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
+
+	// Files contained in this Package
+	Files []*File
+
+	Annotations []Annotation `json:"annotations,omitempty"`
+}
+
+// PackageExternalReference is an External Reference to additional info
+// about a Package, as defined in section 3.21 in version 2.1 of the spec.
+type PackageExternalReference struct {
+	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
+	Category string `json:"referenceCategory"`
+
+	// type is an [idstring] as defined in Appendix VI;
+	// called RefType here due to "type" being a Golang keyword
+	RefType string `json:"referenceType"`
+
+	// locator is a unique string to access the package-specific
+	// info, metadata or content within the target location
+	Locator string `json:"referenceLocator"`
+
+	// 3.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	ExternalRefComment string `json:"comment"`
+}
diff --git a/spdx/v2_1/relationship.go b/spdx/v2_1/relationship.go
new file mode 100644
index 0000000..006e23f
--- /dev/null
+++ b/spdx/v2_1/relationship.go
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Relationship is a Relationship section of an SPDX Document for
+// version 2.1 of the spec.
+type Relationship struct {
+
+	// 7.1: Relationship
+	// Cardinality: optional, one or more; one per Relationship
+	//              one mandatory for SPDX Document with multiple packages
+	// RefA and RefB are first and second item
+	// Relationship is type from 7.1.1
+	RefA         common.DocElementID `json:"spdxElementId"`
+	RefB         common.DocElementID `json:"relatedSpdxElement"`
+	Relationship string              `json:"relationshipType"`
+
+	// 7.2: Relationship Comment
+	// Cardinality: optional, one
+	RelationshipComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_1/review.go b/spdx/v2_1/review.go
new file mode 100644
index 0000000..8d70d00
--- /dev/null
+++ b/spdx/v2_1/review.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+// Review is a Review section of an SPDX Document for version 2.1 of the spec.
+// DEPRECATED in version 2.0 of spec; retained here for compatibility.
+type Review struct {
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.1: Reviewer
+	// Cardinality: optional, one
+	Reviewer string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	ReviewerType string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is a Reviewer
+	ReviewDate string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.3: Review Comment
+	// Cardinality: optional, one
+	ReviewComment string
+}
diff --git a/spdx/v2_1/snippet.go b/spdx/v2_1/snippet.go
new file mode 100644
index 0000000..e4d2f59
--- /dev/null
+++ b/spdx/v2_1/snippet.go
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_1
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Snippet is a Snippet section of an SPDX Document for version 2.1 of the spec.
+type Snippet struct {
+
+	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	SnippetSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 5.2: Snippet from File SPDX Identifier
+	// Cardinality: mandatory, one
+	SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"`
+
+	// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
+	Ranges []common.SnippetRange `json:"ranges"`
+
+	// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetLicenseConcluded string `json:"licenseConcluded"`
+
+	// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many
+	LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
+
+	// 5.7: Snippet Comments on License
+	// Cardinality: optional, one
+	SnippetLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetCopyrightText string `json:"copyrightText"`
+
+	// 5.9: Snippet Comment
+	// Cardinality: optional, one
+	SnippetComment string `json:"comment,omitempty"`
+
+	// 5.10: Snippet Name
+	// Cardinality: optional, one
+	SnippetName string `json:"name,omitempty"`
+}
diff --git a/spdx/v2_2/annotation.go b/spdx/v2_2/annotation.go
new file mode 100644
index 0000000..f2d5bc8
--- /dev/null
+++ b/spdx/v2_2/annotation.go
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Annotation is an Annotation section of an SPDX Document for version 2.2 of the spec.
+type Annotation struct {
+	// 8.1: Annotator
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	Annotator common.Annotator `json:"annotator"`
+
+	// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationDate string `json:"annotationDate"`
+
+	// 8.3: Annotation Type: "REVIEW" or "OTHER"
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationType string `json:"annotationType"`
+
+	// 8.4: SPDX Identifier Reference
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
+	AnnotationSPDXIdentifier common.DocElementID `json:"-"`
+
+	// 8.5: Annotation Comment
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationComment string `json:"comment"`
+}
diff --git a/spdx/v2_2/creation_info.go b/spdx/v2_2/creation_info.go
new file mode 100644
index 0000000..b68dade
--- /dev/null
+++ b/spdx/v2_2/creation_info.go
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// CreationInfo is a Document Creation Information section of an
+// SPDX Document for version 2.2 of the spec.
+type CreationInfo struct {
+	// 2.7: License List Version
+	// Cardinality: optional, one
+	LicenseListVersion string `json:"licenseListVersion"`
+
+	// 2.8: Creators: may have multiple keys for Person, Organization
+	//      and/or Tool
+	// Cardinality: mandatory, one or many
+	Creators []common.Creator `json:"creators"`
+
+	// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: mandatory, one
+	Created string `json:"created"`
+
+	// 2.10: Creator Comment
+	// Cardinality: optional, one
+	CreatorComment string `json:"comment"`
+}
diff --git a/spdx/v2_2/document.go b/spdx/v2_2/document.go
new file mode 100644
index 0000000..d239194
--- /dev/null
+++ b/spdx/v2_2/document.go
@@ -0,0 +1,65 @@
+// Package spdx contains the struct definition for an SPDX Document
+// and its constituent parts.
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// ExternalDocumentRef is a reference to an external SPDX document
+// as defined in section 2.6 for version 2.2 of the spec.
+type ExternalDocumentRef struct {
+	// DocumentRefID is the ID string defined in the start of the
+	// reference. It should _not_ contain the "DocumentRef-" part
+	// of the mandatory ID string.
+	DocumentRefID string `json:"externalDocumentId"`
+
+	// URI is the URI defined for the external document
+	URI string `json:"spdxDocument"`
+
+	// Checksum is the actual hash data
+	Checksum common.Checksum `json:"checksum"`
+}
+
+// Document is an SPDX Document for version 2.2 of the spec.
+// See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT)
+type Document struct {
+	// 2.1: SPDX Version; should be in the format "SPDX-2.2"
+	// Cardinality: mandatory, one
+	SPDXVersion string `json:"spdxVersion"`
+
+	// 2.2: Data License; should be "CC0-1.0"
+	// Cardinality: mandatory, one
+	DataLicense string `json:"dataLicense"`
+
+	// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
+	//      mandatory identifier of SPDXRef-DOCUMENT
+	// Cardinality: mandatory, one
+	SPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 2.4: Document Name
+	// Cardinality: mandatory, one
+	DocumentName string `json:"name"`
+
+	// 2.5: Document Namespace
+	// Cardinality: mandatory, one
+	DocumentNamespace string `json:"documentNamespace"`
+
+	// 2.6: External Document References
+	// Cardinality: optional, one or many
+	ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
+
+	// 2.11: Document Comment
+	// Cardinality: optional, one
+	DocumentComment string `json:"comment,omitempty"`
+
+	CreationInfo  *CreationInfo   `json:"creationInfo"`
+	Packages      []*Package      `json:"packages"`
+	Files         []*File         `json:"files"`
+	OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos"`
+	Relationships []*Relationship `json:"relationships"`
+	Annotations   []*Annotation   `json:"annotations"`
+	Snippets      []Snippet       `json:"snippets"`
+
+	// DEPRECATED in version 2.0 of spec
+	Reviews []*Review
+}
diff --git a/spdx/v2_2/file.go b/spdx/v2_2/file.go
new file mode 100644
index 0000000..43c2608
--- /dev/null
+++ b/spdx/v2_2/file.go
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// File is a File section of an SPDX Document for version 2.2 of the spec.
+type File struct {
+	// 4.1: File Name
+	// Cardinality: mandatory, one
+	FileName string `json:"fileName"`
+
+	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	FileSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 4.3: File Types
+	// Cardinality: optional, multiple
+	FileTypes []string `json:"fileTypes,omitempty"`
+
+	// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: mandatory, one SHA1, others may be optionally provided
+	Checksums []common.Checksum `json:"checksums"`
+
+	// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	LicenseConcluded string `json:"licenseConcluded"`
+
+	// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many
+	LicenseInfoInFiles []string `json:"licenseInfoInFiles"`
+
+	// 4.7: Comments on License
+	// Cardinality: optional, one
+	LicenseComments string `json:"licenseComments,omitempty"`
+
+	// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	FileCopyrightText string `json:"copyrightText"`
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9-4.11: Artifact of Project variables (defined below)
+	// Cardinality: optional, one or many
+	ArtifactOfProjects []*ArtifactOfProject `json:"-"`
+
+	// 4.12: File Comment
+	// Cardinality: optional, one
+	FileComment string `json:"comment,omitempty"`
+
+	// 4.13: File Notice
+	// Cardinality: optional, one
+	FileNotice string `json:"noticeText,omitempty"`
+
+	// 4.14: File Contributor
+	// Cardinality: optional, one or many
+	FileContributors []string `json:"fileContributors,omitempty"`
+
+	// 4.15: File Attribution Text
+	// Cardinality: optional, one or many
+	FileAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+	// DEPRECATED in version 2.0 of spec
+	// 4.16: File Dependencies
+	// Cardinality: optional, one or many
+	FileDependencies []string `json:"-"`
+
+	// Snippets contained in this File
+	// Note that Snippets could be defined in a different Document! However,
+	// the only ones that _THIS_ document can contain are this ones that are
+	// defined here -- so this should just be an ElementID.
+	Snippets map[common.ElementID]*Snippet `json:"-"`
+
+	Annotations []Annotation `json:"annotations,omitempty"`
+}
+
+// ArtifactOfProject is a DEPRECATED collection of data regarding
+// a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec.
+type ArtifactOfProject struct {
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.9: Artifact of Project Name
+	// Cardinality: conditional, required if present, one per AOP
+	Name string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
+	// Cardinality: optional, one per AOP
+	HomePage string
+
+	// DEPRECATED in version 2.1 of spec
+	// 4.11: Artifact of Project Uniform Resource Identifier
+	// Cardinality: optional, one per AOP
+	URI string
+}
diff --git a/spdx/v2_2/other_license.go b/spdx/v2_2/other_license.go
new file mode 100644
index 0000000..1580169
--- /dev/null
+++ b/spdx/v2_2/other_license.go
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+// OtherLicense is an Other License Information section of an
+// SPDX Document for version 2.2 of the spec.
+type OtherLicense struct {
+	// 6.1: License Identifier: "LicenseRef-[idstring]"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseIdentifier string `json:"licenseId"`
+
+	// 6.2: Extracted Text
+	// Cardinality: conditional (mandatory, one) if there is a
+	//              License Identifier assigned
+	ExtractedText string `json:"extractedText"`
+
+	// 6.3: License Name: single line of text or "NOASSERTION"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseName string `json:"name,omitempty"`
+
+	// 6.4: License Cross Reference
+	// Cardinality: conditional (optional, one or many) if license
+	//              is not on SPDX License List
+	LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
+
+	// 6.5: License Comment
+	// Cardinality: optional, one
+	LicenseComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_2/package.go b/spdx/v2_2/package.go
new file mode 100644
index 0000000..f8eff78
--- /dev/null
+++ b/spdx/v2_2/package.go
@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Package is a Package section of an SPDX Document for version 2.2 of the spec.
+type Package struct {
+	// NOT PART OF SPEC
+	// flag: does this "package" contain files that were in fact "unpackaged",
+	// e.g. included directly in the Document without being in a Package?
+	IsUnpackaged bool
+
+	// 3.1: Package Name
+	// Cardinality: mandatory, one
+	PackageName string `json:"name"`
+
+	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 3.3: Package Version
+	// Cardinality: optional, one
+	PackageVersion string `json:"versionInfo,omitempty"`
+
+	// 3.4: Package File Name
+	// Cardinality: optional, one
+	PackageFileName string `json:"packageFileName,omitempty"`
+
+	// 3.5: Package Supplier: may have single result for either Person or Organization,
+	//                        or NOASSERTION
+	// Cardinality: optional, one
+	PackageSupplier *common.Supplier `json:"supplier,omitempty"`
+
+	// 3.6: Package Originator: may have single result for either Person or Organization,
+	//                          or NOASSERTION
+	// Cardinality: optional, one
+	PackageOriginator *common.Originator `json:"originator,omitempty"`
+
+	// 3.7: Package Download Location
+	// Cardinality: mandatory, one
+	PackageDownloadLocation string `json:"downloadLocation"`
+
+	// 3.8: FilesAnalyzed
+	// Cardinality: optional, one; default value is "true" if omitted
+	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
+	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
+	IsFilesAnalyzedTagPresent bool
+
+	// 3.9: Package Verification Code
+	PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"`
+
+	// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
+	// Cardinality: optional, one or many
+	PackageChecksums []common.Checksum `json:"checksums"`
+
+	// 3.11: Package Home Page
+	// Cardinality: optional, one
+	PackageHomePage string `json:"homepage,omitempty"`
+
+	// 3.12: Source Information
+	// Cardinality: optional, one
+	PackageSourceInfo string `json:"sourceInfo,omitempty"`
+
+	// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseConcluded string `json:"licenseConcluded"`
+
+	// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"`
+
+	// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageLicenseDeclared string `json:"licenseDeclared"`
+
+	// 3.16: Comments on License
+	// Cardinality: optional, one
+	PackageLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageCopyrightText string `json:"copyrightText"`
+
+	// 3.18: Package Summary Description
+	// Cardinality: optional, one
+	PackageSummary string `json:"summary,omitempty"`
+
+	// 3.19: Package Detailed Description
+	// Cardinality: optional, one
+	PackageDescription string `json:"description,omitempty"`
+
+	// 3.20: Package Comment
+	// Cardinality: optional, one
+	PackageComment string `json:"comment,omitempty"`
+
+	// 3.21: Package External Reference
+	// Cardinality: optional, one or many
+	PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
+
+	// 3.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	// contained within PackageExternalReference2_1 struct, if present
+
+	// 3.23: Package Attribution Text
+	// Cardinality: optional, one or many
+	PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+	// Files contained in this Package
+	Files []*File
+
+	Annotations []Annotation `json:"annotations"`
+}
+
+// PackageExternalReference is an External Reference to additional info
+// about a Package, as defined in section 3.21 in version 2.2 of the spec.
+type PackageExternalReference struct {
+	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
+	Category string `json:"referenceCategory"`
+
+	// type is an [idstring] as defined in Appendix VI;
+	// called RefType here due to "type" being a Golang keyword
+	RefType string `json:"referenceType"`
+
+	// locator is a unique string to access the package-specific
+	// info, metadata or content within the target location
+	Locator string `json:"referenceLocator"`
+
+	// 3.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	ExternalRefComment string `json:"comment"`
+}
diff --git a/spdx/v2_2/relationship.go b/spdx/v2_2/relationship.go
new file mode 100644
index 0000000..6b44898
--- /dev/null
+++ b/spdx/v2_2/relationship.go
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Relationship is a Relationship section of an SPDX Document for
+// version 2.2 of the spec.
+type Relationship struct {
+
+	// 7.1: Relationship
+	// Cardinality: optional, one or more; one per Relationship
+	//              one mandatory for SPDX Document with multiple packages
+	// RefA and RefB are first and second item
+	// Relationship is type from 7.1.1
+	RefA         common.DocElementID `json:"spdxElementId"`
+	RefB         common.DocElementID `json:"relatedSpdxElement"`
+	Relationship string              `json:"relationshipType"`
+
+	// 7.2: Relationship Comment
+	// Cardinality: optional, one
+	RelationshipComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_2/review.go b/spdx/v2_2/review.go
new file mode 100644
index 0000000..4cc7c42
--- /dev/null
+++ b/spdx/v2_2/review.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+// Review is a Review section of an SPDX Document for version 2.2 of the spec.
+// DEPRECATED in version 2.0 of spec; retained here for compatibility.
+type Review struct {
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.1: Reviewer
+	// Cardinality: optional, one
+	Reviewer string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	ReviewerType string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is a Reviewer
+	ReviewDate string
+
+	// DEPRECATED in version 2.0 of spec
+	// 9.3: Review Comment
+	// Cardinality: optional, one
+	ReviewComment string
+}
diff --git a/spdx/v2_2/snippet.go b/spdx/v2_2/snippet.go
new file mode 100644
index 0000000..913007a
--- /dev/null
+++ b/spdx/v2_2/snippet.go
@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_2
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Snippet is a Snippet section of an SPDX Document for version 2.2 of the spec.
+type Snippet struct {
+
+	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	SnippetSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 5.2: Snippet from File SPDX Identifier
+	// Cardinality: mandatory, one
+	SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"`
+
+	// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
+	Ranges []common.SnippetRange `json:"ranges"`
+
+	// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetLicenseConcluded string `json:"licenseConcluded"`
+
+	// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many
+	LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
+
+	// 5.7: Snippet Comments on License
+	// Cardinality: optional, one
+	SnippetLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetCopyrightText string `json:"copyrightText"`
+
+	// 5.9: Snippet Comment
+	// Cardinality: optional, one
+	SnippetComment string `json:"comment,omitempty"`
+
+	// 5.10: Snippet Name
+	// Cardinality: optional, one
+	SnippetName string `json:"name,omitempty"`
+
+	// 5.11: Snippet Attribution Text
+	// Cardinality: optional, one or many
+	SnippetAttributionTexts []string `json:"-"`
+}