package.json files. The spec asks maintainers to use the SPDX standard’s license expression syntax to show how their work is licensed in a machine-readable way. You will get a warning if you don’t.
In most cases, that's as easy as setting your
license property (not
licenses, as for RubyGems) to
Apache-2.0, or some other string on SPDX' official list. You can even
WTFPL, you rebel, you.
The following is a list of packages among the 1,000 most-depended-upon (the “npm1K”) that aren't yet part of that better world. There are handy links for making quick pull requests to fix
package.json if you’d like to help them out. Given how vital these packages are, each one with a good
license property helps make Node easier to adopt in new and different teams, many of which are dipping timid corporate toes into open-source for the very first time.
Who cares? Nobody cares! Until they have to do a license check. Then, thanks to how amazing npm is, you’re left staring down a bottomless well of
node_modules directories you must search, manually, for
LICENSE files and hints in
README. But shouldn’t some lousy program do that kind of work for you? Of course! And it would sure help if the npm ecosystem offered good, clean metadata to chew on.
Fri, 15 Dec 2017 09:01:13 GMT
|131||gulp-rename||1.2.2||hparra contra shinnn fractal||
|295||exports-loader||0.6.4||bebraw d3viant0ne ericclemmons jhnns peerigon sokra thelarkinn||