Loopback-next: App template generates MIT License file without prompt
Overview
Generating a new application with the lb4 app command generates a LICENSE file, whose contents are the MIT license template. This happens without user interaction!
Problems
- Users can't select a different license
- Users who don't pay attention may end up releasing code to others under a license they never intended (not something we should make possible, however unlikely)
- Users can't opt-out of selecting a license of any kind
@strongloop/loopback-devs What are your thoughts on this?
Acceptance Criteria
As a result:
- [ ] In
package.json, have alicenseproperty set to empty string ("").
- This ensures
npm installwill give a warning to users about the project not having a license.
- This ensures
- [ ] Not generating
LICENSEfile at all
kjdelisle
All 11 comments
That's good catch. I didn't realize LICENSE file got generated!
IMHO, i don't think we should generate the LICENSE file for the user.
dhmlau
on 3 Mar 2018
+1 on not providing a license file at all
virkt25
on 5 Mar 2018
+1
shimks
on 5 Mar 2018
+1
jannyHou
on 5 Mar 2018
There are debates on how npm init handles license. See https://github.com/npm/npm/issues/8918 and https://spdx.org/spdx-specification-21-web-version.
I suggest that we generate the following:
- Add
"license": "SEE LICENSE IN LICENSE"topackage.json - Generate an empty
LICENSEfile
raymondfeng
on 5 Mar 2018
@raymondfeng , any reasons that we want to generate an empty LICENSE file vs not generating it at all?
Either way we go, I'd like to mark this as MVP.
dhmlau
on 5 Mar 2018
@dhmlau
- It's a good practice to include the license with any Node.js module/app
- npm checks
SPDXcompliance forlicensein package.json. You will see warnings duringnpm iiflicenseproperty is missing or not complying to SPDX.
raymondfeng
on 5 Mar 2018
+1 for keeping it out and I like the idea of generating an empty LICENSE file. It won't hurt if it doesn't end up getting used.
b-admike
on 5 Mar 2018
Rejecting. Needs more clarification. Acceptance Criteria needs to address problems. Concerns / questions raised during estimation below.
- What does LoopBack 3 do?
- What are the implications of an empty License file vs. not having a license field at all?
- We can't shield everyone across the globe from all the legal implications. We aren't in the business of LICENSE compliance.
- Users should take ownership
- Should CLI tell the user to add a LICENSE themselves
- What does a
npmexpect for a published package?
virkt25
on 6 Mar 2018
What does LoopBack 3 do?
No LICENSE file.
In package.json, "license": "UNLICENSED",
(I've tried with LB3 creating an "empty server" app)
What are the implications of an empty License file vs. not having a license field at all?
We can't shield everyone across the globe from all the legal implications. We aren't in the business of LICENSE compliance.
Questions for @jjtang1
Users should take ownership
Yes
Should CLI tell the user to add a LICENSE themselves
It wouldn't hurt. but again, question for @jjtang1
What does a npm expect for a published package?
See this link in npm documentation.
From @raymondfeng's above comment, we'll get a warning for not specifying the license attribute.
dhmlau
on 9 Mar 2018
@raymondfeng @strongloop/sq-lb-apex @bajtos , are you ok with following what we do in LB3:
i.e.
- In
package.json, uselicense": "UNLICENSED" - Not genenerating
LICENSEfile at all
dhmlau
on 12 Mar 2018
Related issues
half-blood-programmer
路
3Comments
teambitcodeGIT
路
3Comments
milindsingh
路
3Comments
mightytyphoon
路
3Comments
dericgw
路
3Comments
Most helpful comment
@raymondfeng @strongloop/sq-lb-apex @bajtos , are you ok with following what we do in LB3:
i.e.
package.json, uselicense": "UNLICENSED"LICENSEfile at all