Because when "private": true is set, npm assumes the package won't be published, so it skips checking for certain things like the license field.
Basically, it’s npm’s way of saying “no need to warn you about missing metadata if you're not publishing this.