Join GitHub today
Clarify license metadata guidelines #8179
This PR changes the documentation visible with
There are several ways to to specify machine-readable license metadata that would seem "right". Past affirmatively requiring a valid SPDX identifier, it's a bikeshed, since so few projects are multi-licensed. Some important ones are, but they are few.
I only bring this up early because so many of the most-used npm packages are older, and haven't had their metadata updated since the
Of the 1,000 most-depended-upon npm modules, only the following have
I'd love to make this metadata guidance part of npm@3 if at all possible. Given the growth rate of npm packages, I get the feeling it's early or never for compliance as the norm.
May 6, 2015
I went ahead and rebased, squashed, and landed what you had so far as 8669f7d and b01ba1a. I also landed eb18245, so npm no longer warns on missing READMEs or invalid license stanzas on transitive dependencies (it logs them at
If you want to take a shot at implementing the logic behind