Conversation
The repo had no license file and both publishable packages (`arkor`, `create-arkor`) were marked `"license": "UNLICENSED"` — which would have shipped to npm as a non-redistributable bundle the moment we hit publish, contradicting the public-access `publishConfig` and the alpha distribution intent. Add the standard OSI-approved MIT text at the repo root and align the package.json metadata: - LICENSE.md: Copyright (c) 2026 Arkor - packages/arkor/package.json: UNLICENSED → MIT - packages/create-arkor/package.json: UNLICENSED → MIT Root package.json stays as-is (`"private": true`, no license field needed since it never publishes). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e51e28a993
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "url": "https://github.com/arkorlab/arkor/issues" | ||
| }, | ||
| "license": "UNLICENSED", | ||
| "license": "MIT", |
There was a problem hiding this comment.
Switching this package to "license": "MIT" without adding a LICENSE* file inside packages/arkor leaves published artifacts without the MIT notice text; npm pack --dry-run from that directory currently includes only README.md and package.json. Because MIT requires the copyright/permission notice to travel with redistributed copies, consumers installing from npm would not receive the required notice unless a package-local license file is shipped.
Useful? React with 👍 / 👎.
| "url": "https://github.com/arkorlab/arkor/issues" | ||
| }, | ||
| "license": "UNLICENSED", | ||
| "license": "MIT", |
There was a problem hiding this comment.
This package is now marked "license": "MIT", but there is still no LICENSE* file under packages/create-arkor, so the packed npm artifact omits the MIT notice (the npm pack --dry-run file list includes only README.md and package.json). That creates a redistribution gap for MIT’s required notice in installed copies, so the package metadata and shipped contents are inconsistent.
Useful? React with 👍 / 👎.
Codex review on the previous commit noted the metadata/contents mismatch: switching `"license": "MIT"` in both package.json files without putting a LICENSE notice *inside* the package directory means the npm tarball ships without it. MIT requires the copyright/permission notice to travel with redistributed copies, so consumers installing from npm wouldn't receive what the metadata advertises. Copy the repo-root LICENSE.md into each publishable package. npm auto-includes `LICENSE*` regardless of the `files` whitelist, so no package.json change is needed — `npm pack --dry-run` now lists `LICENSE.md (1.1kB)` alongside `README.md` and the `dist/**` artifacts in both `arkor` and `create-arkor` tarballs (14 → 15 and 4 → 5 files respectively). The root LICENSE.md stays as the authoritative source; the package-local copies are byte-identical for now. If the holder or year ever changes, all three move together. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2 participants
The repo had no license file and both publishable packages (
arkor,create-arkor) were marked"license": "UNLICENSED"— which would have shipped to npm as a non-redistributable bundle the moment we hit publish, contradicting the public-accesspublishConfigand the alpha distribution intent.Add the standard OSI-approved MIT text at the repo root and align the package.json metadata:
Root package.json stays as-is (
"private": true, no license field needed since it never publishes).