This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

doc: clarify license metadata guidelines

* explain license expressions with a link to spdx.js
* show how to upgrade old array-style license fields
* show how to correct bad multi-license metadata
  • Loading branch information...
kemitchell authored and othiym23 committed May 4, 2015
1 parent eb18245 commit 8669f7d88c472ccdd60e140106ac43cca636a648
Showing with 39 additions and 5 deletions.
  1. +39 −5 doc/files/package.json.md
@@ -98,18 +98,52 @@ If a url is provided, it will be used by the `npm bugs` command.
You should specify a license for your package so that people know how they are
permitted to use it, and any restrictions you're placing on it.
The simplest way, assuming you're using a common license such as BSD-3-Clause
or MIT, is to just specify the standard SPDX ID of the license you're using,
like this:
If you're using a common license such as BSD-2-Clause or MIT, add a
current SPDX license identifier for the license you're using, like this:
{ "license" : "BSD-3-Clause" }
You can check [the full list of SPDX license IDs](https://spdx.org/licenses/).
Ideally you should pick one that is
[OSI](http://opensource.org/licenses/alphabetical) approved.
It's also a good idea to include a LICENSE file at the top level in
your package.
If your package is licensed under multiple common licenses, use an [SPDX license
expression syntax version 2.0 string](http://npmjs.com/package/spdx), like this:
{ "license" : "(ISC OR GPL-3.0)" }
If you are using a license that hasn't been assigned an SPDX identifier, or if
you are using an uncommon or custom license, do not include a "license" string
in package.json. In those cases especially, but also more generally, it's a good
idea to include a LICENSE file at the top level of the package.
Some old packages used license objects or a "licenses" property containing an
array of license objects:
// Not valid metadata
{ "license" :
{ "type" : "ISC"
, "url" : "http://opensource.org/licenses/ISC"
}
}
// Not valid metadata
{ "licenses" :
[
{ "type": "MIT"
, "url": "http://www.opensource.org/licenses/mit-license.php"
}
, { "type": "Apache-2.0"
, "url": "http://opensource.org/licenses/apache2.0.php"
}
]
}
Those styles are now deprecated. Instead, use SPDX expressions, like this:
{ "license": "ISC" }
{ "license": "(MIT OR Apache-2.0)" }
## people fields: author, contributors

0 comments on commit 8669f7d

Please sign in to comment.