npm, the awesome source code package manager for JavaScript and stuff, publishes a specification for license metadata in package.json files. The spec asks maintainers to use the SPDX standard’s license expression syntax to show how their work is licensed in a machine-readable way. You will get a warning if you don’t.

In most cases, that's as easy as setting your license property (not licenses, as for RubyGems) to MIT, ISC, BSD-2-Clause, Apache-2.0, or some other string on SPDX' official list. You can even Unlicense or WTFPL, you rebel, you.

The following is a list of packages among the 1,000 most-depended-upon (the “npm1K”) that aren't yet part of that better world. There are handy links for making quick pull requests to fix package.json if you’d like to help them out. Given how vital these packages are, each one with a good license property helps make Node easier to adopt in new and different teams, many of which are dipping timid corporate toes into open-source for the very first time.

Who cares? Nobody cares! Until they have to do a license check. Then, thanks to how amazing npm is, you’re left staring down a bottomless well of node_modules directories you must search, manually, for LICENSE files and hints in README. But shouldn’t some lousy program do that kind of work for you? Of course! And it would sure help if the npm ecosystem offered good, clean metadata to chew on.

Special thanks to @beaugunderson and @tunnckoCore.


94% valid
6% invalid

Thu, 18 Jan 2018 20:03:54 GMT

Package Latest Maintainers Fix It! Warnings
63 node-uuid 1.4.8 broofa defunctzombie
  • Missing license property
67 optimist 0.6.1 substack "MIT/X11"
  • license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN <filename>"
  • license is similar to the valid expression "MIT"
132 gulp-rename 1.2.2 hparra contra shinnn fractal
  • Missing license property
194 ssh2 0.5.5 mscdex
  • Missing license property
222 slug 0.9.1 dodo
  • Missing license property
230 nomnom 1.8.1 harth
  • Missing license property
238 bcrypt-nodejs 0.0.3 shanegirish
  • Missing license property
267 newrelic 2.6.0 lykkin
  • Missing license property
297 valid-url 1.0.9 odysseas sagens
  • Missing license property
314 markdown 0.5.0 ashb dom
  • Missing license property
318 passport-strategy 1.0.0 jaredhanson
  • Missing license property
329 slush 1.1.1 joakimbeng
  • Missing license property
339 pg-hstore 2.3.2 scarney
  • Missing license property
352 clui 0.3.6 artokun nathanpeck
  • Missing license property
362 entities 1.1.1 feedic "BSD-like"
  • license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN <filename>"
  • license is similar to the valid expression "BSD-2-Clause"
370 mandrill-api 1.0.45 mailchimp
  • Missing license property
378 hat 0.0.3 substack "MIT/X11"
  • license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN <filename>"
  • license is similar to the valid expression "MIT"
380 passport-http-bearer 1.0.1 jaredhanson
  • Missing license property
391 rethinkdb 2.3.3 rethinkdb
  • Missing license property
410 gsap 1.20.3 greensock "Standard 'no charge' license: https://greensock.com/standard-license. Club GreenSock members get more: https://greensock.com/licensing/. Why GreenSock doesn't employ an MIT license: https://greensock.com/why-license/"
  • license should be a valid SPDX license expression (without "LicenseRef"), "UNLICENSED", or "SEE LICENSE IN <filename>"
  • license is similar to the valid expression "MIT"
414 useragent 2.2.1 v1 3rdeden {"type":"MIT","url":"https://github.com/3rd-Eden/useragent/blob/master/LICENSE"}
  • Invalid license property
437 fs.extra 1.3.2 coolaj86
  • Missing license property
452 merge2 1.2.1 zensh
  • Missing license property
457 string-format 0.5.0 davidchambers
  • Missing license property
462 rc-util 4.3.1 yesmeck benjycui yiminghe
  • Missing license property
466 passport-http 0.3.0 jaredhanson
  • Missing license property
Fork me on GitHub