inform users who publish with empty license of legal implications #6241
Comments
This sounds great. What I'd expect is something like:
Maybe when |
nudge them in the right direction by making |
The |
Note that despite not enforcing licenses github is still useful. If npm is going to start warning users before publishing there's other things that could do with warnings (e.g. |
Does npm have publicly posted terms of service for repository hosting, in addition to the Artistic License for the command-line client itself? I can't seem to find any. The closest is a "code of conduct". GitHub's terms of service have:
|
We have a Privacy Policy https://www.npmjs.com/policies/privacy but it is fairly generic and focused on the website. We are in the process of clarifying + expanding our policy documents to better reflect private module hosting, and I'll add this to the list of things to make clearer. |
This is partially addressed by the resolution of #8179 – multiple licenses can be included by using an SPDX license expression, There are some aspects of this discussion – like enforcement of the presence of a license on the registry side, including clear language warning about the legal implications on validation, and improving the terms of service for hosting – that aren't yet addressed by npm, so I'm leaving this issue open for now. Once we've got something in place that @seldo thinks fulfills the spirit of his request in the original post, we can split the remaining issues out into separate threads and close this issue. |
@npm should consult its legal counsel about all three remaining aspects---enforcing licensing, warnings, and terms of service. Unfortunately, I can't weigh in on those topics via GitHub, for various "totally lame" professional reasons. |
The warnings as implemented in 2.10.0 are sufficient for what I had in mind. You can close this ticket as far as I'm concerned, @othiym23. @kemitchell: we are definitely not going to stride into the minefield of attempting to enforce licensing, nor @sindresorhus are we going to require a license if you ignore our nudge that it's a good idea to have one; that seems like added friction and we are against that :-) @kemitchell's point about our terms of service for hosting benefiting from clearer language is well made; I'm going to create an issue internally for @rod11 to track that. |
@seldo 👍, closing per your recommendation. Thanks, everybody! |
A polite message saying "you have no license field. Without one, it's unclear who can legally use your code and how. Are you sure you want to publish without a license?"
Alternative suggestions welcome.
The text was updated successfully, but these errors were encountered: