228

NPM 2.11.3

I'm building a library in Node. This library is only for use by the company I am currently working for. I think this means that the license is "None". But when I npm init it wants me to use an SPDX License. "None" or "Unlicensed" are not valid options.

npm WARN package.json [email protected] license should be a valid SPDX license expression

There is some discussion around this on the NPM GitHub issue tracker but I can't find anything that definitively answers this. Perhaps NPM doesn't support this concept, but that seems odd.

What should I put for this field in this case? I'd like to get rid of the npm warnings related to this.

While the docs say that UNLICENSED is valid, it still gives a warning:

$ cat package.json | grep licen
  "license": "UNLICENSED",

$ npm install 
npm WARN package.json [email protected] license should be a valid SPDX license expression
Improve this question
5

4 Answers 4

Reset to default
251

Use UNLICENSED per the npm docs:

Finally, if you do not wish to grant others the right to use a private or unpublished package under any terms:

{
  "license": "UNLICENSED"
}

This is not to be confused with the license that was confusingly called "The Unlicense".

Improve this answer
0
98

at the time of writing UNLICENSED (see the code sample in the question) was not an option please see jcollum's answer

Adding private to package.json will help:

"private": true
Improve this answer
7
  • 23
    This has nothing to do with the license, you may want to publish a copyrighted module to your own registry:stackoverflow.com/questions/7314849/… "If you set "private": true in your package.json, then npm will refuse to publish it. This is a way to prevent accidental publication of private repositories."
    – pdem
    Commented Apr 24, 2018 at 9:31
  • at the time of writing UNLICENSED - (see the code sample in the question) was not an option please see jcollumns answer
    – Kieran
    Commented Jan 23, 2020 at 22:15
  • 3
    This used to be the technically correct answer, because the node team does not seem to understand that sometimes you need to "publish" something that is not free software. With the addition of UNLICENSED this is no longer correct.
    – tekHedd
    Commented Apr 15, 2021 at 18:38
  • This post does not answer the question. I edited the post to make it answer the question and to explain what private actually does (it has nothing to do with licensing), but unfortunately my edit got rolled back.
    – Flimm
    Commented Feb 16, 2022 at 19:29
  • 2
    I see a lot of people saying this doesn't help at all, but it actually removed the error message for me. This is the only thing I changed. Using yarn 1.22.19 and node 16.17
    – Jtcruthers
    Commented Oct 25, 2022 at 21:18
13

On the second column of the table found on this link, https://spdx.org/licenses/, you can see all the different SPDX format to used in your package.json.

The name of the column is Identifier just in case. Thanks and hope it helps.

Improve this answer
2
  • 4
    This is right, but please note this in the link "The SPDX License List is a list of commonly found licenses and exceptions used in free and open source and other collaborative software or documentation. ". That means the SPDX doesn't apply to a company copyrighted license.
    – pdem
    Commented Jan 24, 2020 at 8:53
  • Somehow I get a warning for "license": "CC-PDDC"
    – Dima Korobskiy
    Commented Aug 30, 2022 at 17:41
4

For me whatever license I put in the code did not work. But then I figured out, that there is a invalid package.json in the parent directory. After removing it, this solved all the issues.

Improve this answer
5
  • 1
    It's very odd that npm would be reading a package.json in the parent directory at all. Something seems broken here.
    – jcollum
    Commented Aug 20, 2021 at 15:59
  • 1
    I've actually just experienced the same issue. Thanks for the fix.
    – mhlavacka
    Commented Jan 30, 2022 at 23:08
  • 1
    Yeah, this doesn't make sense, but I just ran into the same thing. I had a stray package.json three levels up and I was getting warnings about it. Delete that and the warnings went away.
    – jyurek
    Commented May 25, 2022 at 12:07
  • 1
    I had the same issue and struggled with it for a while. Weird indeed.
    – Radu Iamandi
    Commented Jul 13, 2022 at 12:37
  • 1
    Lifesaver, thanks. Spent hours researching what to put in the field, and the problem was in a parent folder...
    – Devis L.
    Commented Nov 18, 2022 at 4:33

Not the answer you're looking for? Browse other questions tagged or ask your own question.