NPM should remove the default license from new packages (ISC)
a year ago
- #npm
- #licensing
- #open-source
- npm is a package manager for JavaScript, included with Node.js, allowing developers to include code from others via packages.
- Packages come with licenses dictating usage rights, such as commercialization, source code provision, and attribution requirements.
- npm init defaults new packages to the ISC license without explanation, potentially leading to unintended legal consequences.
- Defaulting to ISC can create confusion and legal risks, especially if authors later change to incompatible licenses like GPL.
- Other package managers (e.g., Rust's cargo, PyPi) do not assume a default license, leaving the choice to the developer.
- Unlicensed code is not public domain; without a license, the copyright holder retains all rights, restricting redistribution and modification.
- The discussion highlights the need for npm to remove the default ISC license to prevent unintentional licensing and legal issues.