What should I put in the license field of package.json if my code is only for use by the company I work for?

Question

NPM 2.11.3

I'm building a library in Node. This library is only for use by the company I am currently working for. I think this means that the license is "None". But when I npm init it wants me to use an SPDX License. "None" or "Unlicensed" are not valid options.

npm WARN package.json data_monitoring_api@0.1.0 license should be a valid SPDX license expression

There is some discussion around this on the NPM GitHub issue tracker but I can't find anything that definitively answers this. Perhaps NPM doesn't support this concept, but that seems odd.

What should I put for this field in this case? I'd like to get rid of the npm warnings related to this.

While the docs say that UNLICENSED is valid, it still gives a warning:

$ cat package.json | grep licen
  "license": "UNLICENSED",

$ npm install 
npm WARN package.json data_monitoring_api@0.1.0 license should be a valid SPDX license expression

I think this is your answer: http://programmers.stackexchange.com/questions/285885/which-spdx-license-is-equivalent-to-all-rights-reserved — Simon Groenewolt, Aug 27 '15 at 07:23
Looks like it @SimonGroenewolt, want to put that in as an answer? — jcollum, Aug 27 '15 at 14:28
NPM issue discussing this topic: https://github.com/npm/npm/issues/8918#issuecomment-138059254 — jcollum, Sep 06 '15 at 16:10
This is now irrelevant. NPM gave up on trying to force your license and now allows `SEE LICENSE IN LICENSE.txt`, which you set as `Copyright 20xx by xxx. All rights reserved. No license granted.' — Charles Merriam, Dec 01 '22 at 06:10

score 227 · Accepted Answer · edited Aug 28 '23 at 20:49

227

Use UNLICENSED per the npm docs:

Finally, if you do not wish to grant others the right to use a private or unpublished package under any terms:

{
  "license": "UNLICENSED"
}

_{This is not to be confused with the license that was confusingly called "The Unlicense".}

edited Aug 28 '23 at 20:49

bobpaul

361
3
12

answered Jan 28 '16 at 18:28

jcollum

43,623
55
191
321

score 95 · Answer 2 · edited Apr 27 '22 at 16:19

95

at the time of writing UNLICENSED (see the code sample in the question) was not an option please see jcollum's answer

Adding private to package.json will help:

"private": true

edited Apr 27 '22 at 16:19

jcollum

43,623
55
191
321

answered Sep 25 '17 at 06:31

Kieran

17,572
7
45
53

21

This has nothing to do with the license, you may want to publish a copyrighted module to your own registry:https://stackoverflow.com/questions/7314849/what-is-purpose-of-the-property-private-in-package-json "If you set "private": true in your package.json, then npm will refuse to publish it. This is a way to prevent accidental publication of private repositories." – pdem Apr 24 '18 at 09:31
at the time of writing UNLICENSED - (see the code sample in the question) was not an option please see [jcollumns answer](https://stackoverflow.com/a/35069236/181569) – Kieran Jan 23 '20 at 22:15
2

This used to be the technically correct answer, because the node team does not seem to understand that sometimes you need to "publish" something that is not free software. With the addition of UNLICENSED this is no longer correct. – tekHedd Apr 15 '21 at 18:38
This post does not answer the question. I edited the post to make it answer the question and to explain what `private` actually does (it has nothing to do with licensing), but unfortunately my edit got rolled back. – Flimm Feb 16 '22 at 19:29
doesnt help in node 14 – Sergey Khmelevskoy Feb 16 '22 at 23:47
and good idea - to remove "license": "UNLICENSED" – user3682640 Jul 20 '22 at 14:03
2

I see a lot of people saying this doesn't help at all, but it actually removed the error message for me. This is the only thing I changed. Using yarn 1.22.19 and node 16.17 – Jtcruthers Oct 25 '22 at 21:18

Derick Alangi · Answer 3 · 2017-10-21T14:12:18.957

13

On the second column of the table found on this link, https://spdx.org/licenses/, you can see all the different SPDX format to used in your package.json.

The name of the column is Identifier just in case. Thanks and hope it helps.

edited Oct 21 '17 at 14:12

answered Aug 09 '17 at 17:00

Derick Alangi

1,080
1
11
31

3

This is right, but please note this in the link "The SPDX License List is a list of commonly found licenses and exceptions used in free and open source and other collaborative software or documentation. ". That means the SPDX doesn't apply to a company copyrighted license. – pdem Jan 24 '20 at 08:53
Somehow I get a warning for `"license": "CC-PDDC"` – Dima Korobskiy Aug 30 '22 at 17:41

score 4 · Answer 4 · answered Aug 20 '21 at 08:57

4

For me whatever license I put in the code did not work. But then I figured out, that there is a invalid package.json in the parent directory. After removing it, this solved all the issues.

answered Aug 20 '21 at 08:57

bukso

1,108
12
23

1

It's very odd that npm would be reading a package.json in the parent directory at all. Something seems broken here. – jcollum Aug 20 '21 at 15:59
1

I've actually just experienced the same issue. Thanks for the fix. – mhlavacka Jan 30 '22 at 23:08
1

Yeah, this doesn't make sense, but I just ran into the same thing. I had a stray package.json three levels up and I was getting warnings about it. Delete that and the warnings went away. – jyurek May 25 '22 at 12:07
1

I had the same issue and struggled with it for a while. Weird indeed. – Radu Iamandi Jul 13 '22 at 12:37
1

Lifesaver, thanks. Spent hours researching what to put in the field, and the problem was in a parent folder... – Devis L. Nov 18 '22 at 04:33

What should I put in the license field of package.json if my code is only for use by the company I work for?

4 Answers4