@univerjs/protocol is missing the license field in package.json

[shameetbadarla]

Description

The @univerjs/protocol package (currently v0.1.48/0.1.49) on npm has no license field in its package.json, no LICENSE file, and no repository or homepage fields.

npm view @univerjs/protocol license → (not set)
npm view @univerjs/protocol repository → (not set)

Every other @univerjs/* package correctly declares "license": "Apache-2.0". Since @univerjs/protocol is a required transitive dependency of @univerjs/core, @univerjs/sheets, and @univerjs/sheets-ui, any project using Univer automatically installs it, but without a declared license, automated license checkers flag it as "unknown" and fail CI builds.

Impact

• Automated license compliance tools (e.g. license-checker, FOSSA, Snyk) report this package as unlicensed/unknown, which blocks CI pipelines
• Under copyright law, a missing license means "all rights reserved" by default, this creates legal ambiguity for commercial users of Univer
• The package is not in the main dream-num/univer monorepo, so its source and license cannot be verified from GitHub

Request

Could the license, repository, and homepage fields be added to @univerjs/protocol's package.json, similar to the other @univerjs/* packages? Including a LICENSE file in the published package would also help.

Environment

• @univerjs/protocol: 0.1.48
• @univerjs/preset-sheets-core: 0.20.0
• @univerjs/presets: 0.20.0

Thank you for maintaining Univer.

[jikkai]

We will completely remove the @univerjs/protocol dependency in an upcoming release.