This warning appears when your package.json file lacks a license field. npm displays this to indicate that your package metadata is incomplete and users won't know what rights they have to use, modify, or distribute your code.
This warning appears when your package.json file lacks a license field. npm displays this to indicate that your package metadata is incomplete and should not be published without proper license information. The warning means: "This package lacks proper licensing information—if you try to publish it, users won't know what rights they have to use, modify, or distribute your code." Without a license field, it's legally unclear who can use your code and how. Users downloading your package have no explicit rights to modify, distribute, or use it commercially—even if you intended to allow it.
Select a license based on your project type:
Permissive licenses (best for broad adoption):
- MIT: Most popular for npm packages. Simple, allows commercial use.
- Apache-2.0: Includes patent protection.
- ISC: Functionally identical to MIT, npm's default.
Copyleft licenses (require derivative works to be open source):
- GPL-3.0-or-later: Strong copyleft with patent protection.
For proprietary/private projects:
- UNLICENSED: Explicitly grants no rights.
View the complete SPDX License List at https://spdx.org/licenses/
Open your package.json and add the license field with a valid SPDX identifier:
{
"name": "my-package",
"version": "1.0.0",
"license": "MIT"
}For proprietary/unlicensed code:
{
"license": "UNLICENSED",
"private": true
}Create a LICENSE file (no extension) in your project root directory.
1. Download the full license text from choosealicense.com or spdx.org/licenses/
2. Save as LICENSE in your project root
3. Update copyright year and author name if required
Example structure:
project/
├── LICENSE
├── package.json
├── src/
└── README.mdValidate that your license field uses proper SPDX format:
npm view . licenseCommon mistakes to avoid:
- "MIT License" instead of "MIT" (use short form only)
- "Apache 2.0" instead of "Apache-2.0" (missing hyphen)
- "GPLv3" instead of "GPL-3.0-or-later" (use proper SPDX)
- "UNLICENSE" instead of "UNLICENSED" (different meaning)
SPDX Standard: The Software Package Data Exchange (SPDX) standard is adopted by npm, Python, Rust Cargo, and other major package managers. Using SPDX identifiers ensures your license is machine-readable and globally recognized.
License Expressions: npm supports compound license expressions:
- (MIT OR Apache-2.0) - User can choose either license
- (MIT AND Apache-2.0) - Both licenses apply
- GPL-2.0-or-later WITH Bison-exception-2.2 - Base license plus exception
For Proprietary Code: Never use "All Rights Reserved" (not SPDX-compliant). Use UNLICENSED instead. Combine with "private": true to prevent accidental npm registry publication.
Legal Implications: In cases like Artifex v. Hancom, copyright/license violations led to legal action. Always specify a license to be explicit about usage rights.
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error