Replies: 3 comments
-
I'm surprised how this issue doesn't have any comments. This should definitely be changed. It's easier to add a licence to an unlicensed project than the other way around since you can't retroactively do that. Additionally, by default, unlicensed projects mean regular copyright law applies. npm's default should mimic the real world's setting. |
Beta Was this translation helpful? Give feedback.
-
This just happened to me, I intentionally didn't want a License on a project and didn't realized that ISC was the default on my package.json, which I found strange why people forked my project and changed my code and added a ISC license to it, without talking with me. The default should be UNLICENSED and if people really want to add a permissive license they should be the ones to change it and not default to ISC. Now I have a complete project with an ISC licensed on GitHub when I didn't want it to be licensed due to my own pixel art sprites being generated by code - which is now unprotected. |
Beta Was this translation helpful? Give feedback.
-
I am not sure if it is still in the plans, but at one point the npm team had decided a community owned package init would be good. That work is in the pkgjs org as part of the Node.js project's Package Maintenance Working Group. When I saw this this morning I figured I would get some of the work over there kicked back off, so if you are interested please contribute over here: https://github.com/pkgjs/create-package-json |
Beta Was this translation helpful? Give feedback.
-
When running npm init, it defaults to ISC for a license (even though most other fields are left blank).
If someone isn't paying attention to it, or doesn't know what it means, then they could apply this license unintentionally. Then if they publish the repo, it's published with that license, which could be very bad if they didn't intend to license it publicly.
For the safety of your users, there should be no default license.
Beta Was this translation helpful? Give feedback.
All reactions