Tip #1 – Unlicensed Node.js packages

Introduction

I’ve decided to start a series of short tips on this blog for software and coding stuff that I discover here and there. I sometimes stumble across a little quirk or a detail that I really want to talk about, but these things usually aren’t deserving of deep dives or even moderately-long posts. This series will help me remember these things, and it might help someone else who’s searching around for similar stuff. Win-win!

Today’s tip relates to Node.js or, more precisely, its package managers npm and yarn. I thought this one was noteworthy enough because of how little fanfare the documentation for npm gave it.

Disclaimer: I am not a lawyer, and nothing here is legal advice.

The Details

If you’re writing a closed source or proprietary package (they do exist!), you can put the word UNLICENSED in the license field in your package.json file. This is an officially supported feature in both npm and yarn, and it makes it clear (for machines) that the codebase for the package does not have a typical open source or free software license.

Here is an example use case with some irrelevant details omitted.

{
  "name": "my-package",
  "version": "1.0.0",
  "description": "This is what my package does",

  ...

  "license": "UNLICENSED",

  ...

  "homepage": "https://github.com/username/my-package#readme"
}

Warning: You need to be very careful when typing this out and especially if you’re just passing along this info to other people. The correct keyword is UNLICENSED. This is, however, annoyingly similar to Unlicense, the SPDX short identifier for the Unlicense, which is a public domain dedication document. That’s probably the polar opposite of what you want!