As of npm 3.10 you have to use UNLICENSED:

{ "license": "UNLICENSED"}

or

{ "license": "SEE LICENSE IN <filename>"}

The value of license must either one of the options above or the identifier for the license from this list of SPDX licenses. Any other value is not valid.

The following is no longer valid for current versions of npm

For npm versions before 3.10 you may use:

{ "license" : "LicenseRef-LICENSE" }

Then include a LICENSE file at the top level of the package. It could be as short as:

(c) Copyright 2015 person or company, all rights reserved.

But you might want to be more explicit about what is not allowed.

Answer from Craig on Stack Exchange
🌐
Stack Exchange
softwareengineering.stackexchange.com › questions › 285885 › which-spdx-license-is-equivalent-to-all-rights-reserved
licensing - Which SPDX license is equivalent to 'All Rights Reserved'? - Software Engineering Stack Exchange
Top answer
1 of 3
178

As of npm 3.10 you have to use UNLICENSED:

{ "license": "UNLICENSED"}

or

{ "license": "SEE LICENSE IN <filename>"}

The value of license must either one of the options above or the identifier for the license from this list of SPDX licenses. Any other value is not valid.

The following is no longer valid for current versions of npm

For npm versions before 3.10 you may use:

{ "license" : "LicenseRef-LICENSE" }

Then include a LICENSE file at the top level of the package. It could be as short as:

(c) Copyright 2015 person or company, all rights reserved.

But you might want to be more explicit about what is not allowed.

2 of 3
17

This does not exactly answer your question, but what about:

{
  "license": "Proprietary",
  "private": true,
}
🌐
SPDX
spdx.org › licenses
SPDX License List | Software Package Data Exchange (SPDX)
The SPDX License List is an integral part of the SPDX Specification. The SPDX License List itself is a list of commonly found licenses and exceptions used in free and open or collaborative software, data, hardware, or documentation.
Videos
43:01
🌐 YouTube
Webinar: An Insider’s Guide to SPDX - YouTube
May 29, 2025
06:04
🌐 YouTube
What Is SPDX? The Software Package Data Exchange Explained - YouTube
March 11, 2025
🌐 youtube.com
Licensing profile | SPDX 3.0 RC: How to utilize profiles for ...
02:26
🌐 YouTube
Using SPDX for Open Source License Compliance - YouTube
July 28, 2023
41:14
🌐 YouTube
The SPDX License List: What, Why and How - Steve Winslow, Boston ...
July 30, 2022
199
View all
View all
🌐
Stack Overflow
stackoverflow.com › questions › 74013178 › spdx-identifier-for-proprietary-in-maven-pom-xml-license-name
java - SPDX identifier for "proprietary" in Maven pom.xml `<license>` name - Stack Overflow
Top answer
1 of 2
2

The accepted answer to this question is wrong. The SPDX specification offers LicenseRefs for this use case, so you could put a value such as LicenseRef-acme-corp-proprietary-license in the <name> field, and then a link to the full text of your proprietary license in the <url> field (to allow human lawyers to do appropriate due diligence). Any conforming SPDX processor / expression parser should handle it just fine.

As of SPDX v3.0 (not yet released, at the time of writing), a similar mechanism called AdditionRef will also be offered for License Exceptions, which will make SPDX expressions such as Apache-2.0 WITH AdditionRef-acme-corp-specific-modifications possible.

2 of 2
0

SPDX has no identifier for "proprietary" in the license list because there is no such license.

Similar "All rights reserved." is not a license. Its the default for copyrighted works.

The convention in composer.json to use "proprietary" is an inverse effect: In the Composer project SPDX license identifiers were introduced relatively early and the license field has to use the short identifiers to build the license string (you can have multiple licenses in that field).

As the license field in composer.json then was defined by that, any other license not in the SPDX license list could not be named. As those are normally "closed software" licenses, the common term "proprietary" was suggested (all lower-case, no confusion with SPDX short identifiers which use upper-case letters).

The situation in pom.xml is different. It does not require specific identifiers, it just recommends them for the name field:

<licenses>
  <license>
    <name>Apache License, Version 2.0</name>
    <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
    <distribution>repo</distribution>
    <comments>A business-friendly OSS license</comments>
  </license>
</licenses>

It offers its own system to name/define the license. And to use the (long) SPDX Identifier for the name is only a (sane) recommendation, but naturally only if you're using a license from that list.

But if you have a license your own, you put its name and the uniform resource location of the license text in there. There is no problem if you have an individual license (compare: in Composer you technically can not use the license field if you don't SPDX it)

Now:

According to your question you neither have yet a Name nor the Text of your license.

But you are already confronted with technical questions about how to incorporate and connect what is not there. As you'd like to have a license (you want to add a license entry into the pom.xml), I'd say why not get help from a lawyer on your behalf that is able to find a textual expression of your proprietary wishes. Tell her what you wish, want and need, like you want to fill out these two <name>and <url> fields and until then you just document the process:

<licenses>
  <license>
    <name/>
    <url/>
    <distribution/>
    <comments>Intentionally left blank.</comments>
  </license>
</licenses>

This certainly is only a very early and very basic baseline, you're certainly able to tweak it even before you consider grabbing the phone.

🌐
Spdx
spdx.dev › learn › areas-of-interest › licensing
Licensing – SPDX
Recipients and redistributors of software can use the licensing profile metadata fields to understand which licenses (whether open source or proprietary) apply to the software.
🌐
Spdx
spdx.github.io › spdx-spec › v2.3 › SPDX-license-expressions
Annex D: SPDX License Expressions - SPDX Specification 2.3.0
Another example is when a set of ... AND BSD-3-Clause). SPDX License Expressions provide a way for one to construct expressions that more accurately represent the licensing terms typically found in open source software source code....
🌐
GitHub
github.com › spdx › spdx-spec › issues › 814
Add `PROPRIETARY` to the license expression syntax · Issue #814 · spdx/spdx-spec
November 17, 2022 - With the current status quo it is not possible to express a dual license like GPL-2.0 OR PROPRIETARY, which is a common practice in the industry. There have been workarounds by users of SPDX, like adding UNLICENSED in npm.
Author   AldoMX
🌐
Spdx
wiki.spdx.org › view › SPDX_FAQ
SPDX FAQ - SPDX Wiki
Reduce the effort of creating, consuming and validating SPDX Documents · Provide a translation from the technical document (e.g. RDF/XML or tag-value format) to a more readable format ... Enable contributions and review of the tool implementation by the broader technical community through open source licensing · In addition, we expect that additional open source and proprietary tools will be created to help with these tasks.
🌐
GitHub
github.com › npm › npm › issues › 8773
what SPDX license should I use for private modules? · Issue #8773 · npm/npm
June 30, 2015 - NPM now forbids the user to put non-spdx licenses in the license field during npm init, and complain thereafter if you have something weird in there. However, NPM is used also for private modules. ...
Author   mcollina
Find elsewhere
🌐
Linux Kernel
kernel.org › doc › Documentation › process › license-rules.rst
license-rules.rst
(SPDX-License-Identifier) nor in any way relevant for expressing or determining the exact license under which the source code of the module is provided. The sole purpose of this tag is to provide sufficient information whether the module is free software or proprietary for the kernel ...
🌐
GitHub
github.com › composer › composer › issues › 2152
Support proprietary/individual licenses (SPDX license references/magic numbers next to SPDX License IDs) · Issue #2152 · composer/composer
August 6, 2013 - So with the circumstance that the proprietary license is actually available, it could be added as a file in the package root like named the same LicenseRef-1 and then the JSON data can point to it. This has the benefit that a license is actually specified (and like in SPDX there is no need to have one from the curated license list but to include the own one).
Author   ktomk
🌐
Wikipedia
en.wikipedia.org › wiki › Software_Package_Data_Exchange
Software Package Data Exchange - Wikipedia
February 2, 2026 - SPDX 2.2.1 was submitted to the International Organization for Standardization (ISO) in October, 2020, and was published as ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1 in August, 2021. Each license is identified by a full name, such as "Mozilla Public License 2.0" and a short identifier, here "MPL-2.0".
StructureVersion historySPDX-License-IdentifierAdoption
🌐
Spdx
spdx.dev › learn › handling-license-info
Handling License Info – SPDX
In each file in your project, just add a single line in the following format, tailored to your license(s) and the comment style for that file’s language: ... SPDX identifiers are being used in a growing number of open source projects (such as the Linux kernel), licensing guidelines (such as the FSFE‘s REUSE Software initiative), and license scanning tools.
🌐
Spdx
spdx.dev › about › overview
Overview – SPDX
SPDX makes no legal interpretations (of licenses or license compliance).
🌐
Spdx
spdx.dev › faq
FAQ - Software Package Data Exchange (SPDX)
March 27, 2017 - SPDX makes no legal interpretations (of licenses or license compliance).
🌐
GitHub
github.com › spdx › license-list-XML › issues › 1856
New license request: Generic Proprietary license · Issue #1856 · spdx/license-list-XML
February 24, 2023 - Introduction As more companies adopt SPDX to generate SBOMs for their proprietary software, it would be nice if there was a generic "proprietary" license identifier. I know that it's possible to use a LicenseRef for this, but using a Lic...
Author   rnjudge
🌐
Aboutcode
scancode-licensedb.aboutcode.org › proprietary-license.html
proprietary-license - ScanCode LicenseDB
replaces the "proprietary" ScanCode license key used before ScanCode 3.1. is_generic · True · spdx_license_key · LicenseRef-scancode-proprietary-license · other_spdx_license_keys · LicenseRef-LICENSE · LicenseRef-LICENSE.md · license_text ·
🌐
Python Packaging
packaging.python.org › en › latest › specifications › license-expression
License Expression - Python Packaging User Guide
The custom identifiers must follow the SPDX specification, clause 10.1 of the given specification version. ... MIT BSD-3-Clause MIT AND (Apache-2.0 OR BSD-2-Clause) MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause) GPL-3.0-only WITH Classpath-Exception-2.0 OR BSD-3-Clause LicenseRef-Special-License OR CC0-1.0 OR Unlicense LicenseRef-Proprietary...
🌐
Spdx
spdx.github.io › spdx-spec › v2-draft › SPDX-license-expressions
Annex D SPDX license expressions (Normative)
Redirecting to ../../v2.3/SPDX-license-expressions/...
🌐
Reuse
reuse.software › faq
Frequently Asked Questions | REUSE
SPDX stands for Software Package Data Exchange. It is a project by the Linux Foundation and the rock upon which REUSE is built. SPDX defines a standardised way to share copyright and licensing information between projects and people.
🌐
CoinsBench
coinsbench.com › why-spdx-license-identifiers-are-important-in-solidity-ccbe8f33d6d7
Why SPDX License Identifiers are Important in Solidity | by Vin M N Shelar| @th_v_slr | CoinsBench
January 27, 2025 - Unlicense: A license that dedicates the code to the public domain. Proprietary: Used for closed-source code with no public usage rights. Adding an SPDX identifier is simple.
Related queries
spdx license list
spdx unlicensed
spdx license
spdx license expression
spdx custom license
spdx-license-identifier example
license should be a valid spdx license expression
spdx license identifier: mit