It’s just a check as of NPM v1.2.20, they report this as a warning.

However, don’t worry, there are sooooooo many packages which still don’t have the repository field in their package.json. The field is used for informational purposes.

In the case you’re a package author, put the repository in your package.json, like this:

"repository": {
  "type": "git",
  "url": "git://"

Read more about the repository field, and see the logged bug for further details.

Additionally, as originally reported by @dan_nl, you can set private key in your package.json.
This will not only stop you from accidentally running npm publish in your app, but will also stop NPM from printing warnings regarding package.json problems.

  "name": "my-super-amazing-app",
  "version": "1.0.0",
  "private": true