"All Rights Reserved" license in package.json

I have a small node.js project that is company-internal and will not be released publicly or shared with third parties. It certainly will not be contributed to any public package repositories.

But when I run npm install I always get the following error:

npm WARN package.json <<myproject>>@0.1.0 license should be a valid SPDX license expression

The desired license is: "copyright by us and all rights reserved". I could not find anything that looked applicable in the SPDX license list. The suggestion in this answer does not work either. If I simply remove the license field from package.json the error changes to no license field.

How do I get npm install to show no errors or warnings without putting a license reference in there that we do not want to use?


Solution 1:

According to the new npm specification you can use { "license": "UNLICENSED"} if you do not wish to grant others the right to use a private or unpublished package under any terms.

Please refer the full details here

So you might not get the error you mentioned.

Solution 2:

According to the latest docs for package.json:

If you are using a license that hasn't been assigned an SPDX identifier, or if you are using a custom license, use the following valid SPDX expression:

{ "license" : "SEE LICENSE IN <filename>" }

Then include a file named <filename> at the top level of the package.

Solution 3:

UNLICENSED means that it is not licensed, while "unlicense", with no "d" at the end, refers to a license named The Unlicense, which is something very different. To prevent confusion, and if you want to assert a copyright, you should point someone to your own internal license file.

Definitely DO NOT use:

{ "license": "unlicense" }

as suggested by the top voted answer if you wish to clearly communicate that you wish to have a copyright claim style license.

A clip from the first two paragraphs of the UNLICENSE license makes clear this has no relation at all to the OP's request to have a copyright claim:

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

To the top voted answer's credit, the Node documentation page makes a claim that the use of the UNLICENSED option is to make it so you are not granting any rights to others:

if you do not wish to grant others the right to use a private or unpublished package under any terms:

This does not appear to be a safe choice for retaining your rights. You could infer that the lack of the extra "D" means these are two entirely different terms, but you can not assume that others will know that, and when they search for what the UNLICENSED license is, they may get the link to The Unlicense.

So, the following:

{ "license": "SEE LICENSE IN <filename>" }

is the safer answer at this time.

Solution 4:

Also consider adding "private": true which will cause npm to prevent any publishing of your package. So in package.json :

  "license": "UNLICENSED",
  "private": true,

Ref: https://docs.npmjs.com/cli/v7/configuring-npm/package-json