Use SPDX license id as documented on https://spdx.dev/ids/ and use REUSE methodology to define license for files that cannot include comments (e.g. JSON) by using the .reuse/dep5 file (see documentation of Debian DEP 5 syntax). REUSE also provide the Helper tool that is a great assistant to check that all project files have proper license information.