Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm install funding #1381

Closed
feross opened this issue Aug 19, 2019 · 174 comments
Closed

npm install funding #1381

feross opened this issue Aug 19, 2019 · 174 comments
Labels

Comments

@feross
Copy link
Member

@feross feross commented Aug 19, 2019

The experiment is over – read the recap here!

Hey folks! πŸ‘‹

I've already spoken to a few of you about this idea, but I'd like to share it with the broader community now that standard 14 has shipped.

Background: I think that the current model of sustaining open source is not working and we need more experimentation. This is one such experiment.

What's the experiment? Whenever standard 14 is installed, we'll display a message from a company that supports open source. The sponsorship pays directly for maintainer time. That is, writing new features, fixing bugs, answering user questions, and improving documentation.

What's the goal? My goal with this experiment is to make standard healthier. If we learn that the experiment works, perhaps we can help make all open source healthier, too.Β For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists). Essentially, we have a public good which is consumed by huge numbers of users, but which almost no one pays for. Fortunately, there exists a funding model that usually works for public goods like this – ads. The goal of this experiment is to answer the question: Can we use ethical ads – ads that don't track users or collect data – to fund open source software?

What does the code do? The code for this experiment is available here: feross/funding. Essentially, it calls console.log() on some text. There is no tracking, data collecting, or unexpected behavior. You can look at the code to verify – indeed, this is the beauty of open source!

What will the funds be used for? The funds raised so far ($2,000) have paid for Feross's time to release Standard 14 which has taken around five days. If we are able to raise additional funds, the next thing I'd like to focus on is out-of-the-box TypeScript support in StandardJS (one of the most common feature requests!) and modernizing the various text editor plugins (many of which are currently unmaintained). If others in the community are interested in taking the lead on any of these issues, I'd like to direct some funds to you.

Feedback welcome!


EDIT: This thread is now locked πŸ”’

For why + next steps, scroll to the end >>

EDIT: The experiment is over – Feross posted a recap on his blog

@feross feross added the meta label Aug 19, 2019
@feross feross pinned this issue Aug 19, 2019
@wmhilton
Copy link

@wmhilton wmhilton commented Aug 20, 2019

Feedback welcome!

I noticed the (fairly large bright bold) banner. It reminds me of the OpenCollective-style banners used by webpack / corejs.

image

I think it's OK... I do worry that npm install will just become a long trail of banner ads though eventually and it won't scale. Because if every npm package adds ads, the noticeability of each ad will diminish. (Interestingly, the most valuable "realestate" will be packages whose banner is displayed last, so if it becomes a literal "race-to-the-bottom" people might add sleep statements to their post-install scripts so they are displayed nearest the bottom. What a dystopian installation experience!)

Fun fact: yarn does not display the output of post-install scripts. One might say yarn has built-in ad-blocking.

@evantahler
Copy link

@evantahler evantahler commented Aug 20, 2019

While I'm totally OK with this on development machines, I think this is strange behavior for staging/production/etc. Perhaps https://github.com/feross/funding/blob/master/index.js should have a NODE_ENV check?

Then again, I don't imagine standard is going to be installed outside of NODE_ENV={test, development} anyway... so it's probably OK!

@mixmix
Copy link

@mixmix mixmix commented Aug 21, 2019

I am whole-heartedly behind this experiment.
It's not the perfect end solution, but that's not the point - it's about moving the conversation about how to build healthy relationships between our commons and companies forward.

Thanks for taking leadership on this @feross .

@morgansliman
Copy link

@morgansliman morgansliman commented Aug 21, 2019

Admittedly, I haven't contributed an immense amount to open source code, so I realize I don't have the same perspective on this issue. That being said, I sincerely hope that this solution does not become standard.

I agree wholeheartedly that this is a problem that needs a solution, and I am glad that the conversation is being pushed forward by this experiment. Advertisements in my terminal is not the solution.

For me, yarn or "standard": "^13.0.0" is going to have to be my "standard" until this is removed.

Fifteen Million Installs

@mhogerheijde
Copy link

@mhogerheijde mhogerheijde commented Aug 22, 2019

I'm with @morgansliman, of any place I don't want to see ads, my terminal is on the top of that list.

I would a low a "buy me a coffee"-link, but that's about it.

On another note: For me, it was totally not clear that this ad was for a company that donates to standard. So it took me a while to figure out where this ad came from. So I'm not sure what the ad should convey, but I don't think it is the feeling "what is this and how do I get rid of it?".

@ckipp01
Copy link

@ckipp01 ckipp01 commented Aug 22, 2019

First off, I love standard and use it in all my JS projects. Thank you so much for your hard work in making a fantastic, easy-to-use, and solid linter.

I was really taken off guard seeing this in my terminal today. It's the last place I expect to see an ad, and really the last place I want to. While I get the idea behind it, and I agree that we must think of innovative ways to support open-source, relying on displaying an ad in a place that typically doesn't have them opens up the doors to new behavior of ad spamming when I simply want to install a dependency.

I'm not saying this is the case here, but let's say that this really frustrates a percentage of developers and they decide to no longer use the project/tool/library, but the project does see an uptick in sponsorship. More than likely they'd see that as a win, and this could slowly shift the focus from a community-driven project to a sponsorship-driven project (and not as in individual sponsors, but company sponsorship). Again, I'm not saying this is the case here, but you can sort of see how that could happen if this becomes a normal practice in how we try to support open-source projects.

I'd much rather see an innovative solution that tries to encourage individual community members to give more to projects they want to support rather than relying on sponsorship ads.

Finally, I also agree with @mhogerheijde, when I first saw this I was confused, and my initial thought was to immediately find the package and to remove it since it wasn't clear at all where this was coming from or why an ad was in my terminal.

EDIT: spelling

@mixmix
Copy link

@mixmix mixmix commented Aug 22, 2019

@mhogerheijde
Copy link

@mhogerheijde mhogerheijde commented Aug 23, 2019

This isn't about having our cake and eating it too. Selling ad-space is not innovative. And it's particularly unhelpful in my logs.

I don't fully agree with @ckipp01 on the sponsorship driven OSS. It is a risk, but it already exists outside of selling ad-space in logs.

For me, the issue is more that I don't want stuff that doesn't help me in my logs. I wholeheartedly agree with putting your "supported by company X" in the readme. That helps me understand, it does resonate with me when I see certain companies donating money to OSS.

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out. There is value in feedback, especially when you don't agree.

EDIT: PS: I too want to live in a perfect world where every developer can live, pay rent and only work on projects they like. That perfect world for me does not include ads in my terminal.

EDIT2: PPS: Support of my peers for me is a big reason to work on stuff. I know others that earn enough in their day-job that they enthusiastically spend time on OSS in their free time as a hobby and get value out of verbal support from their peers. That support is more often than not shown in a verbal/written way.

@vweevers
Copy link
Contributor

@vweevers vweevers commented Aug 23, 2019

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out.

Fact of the matter is, OSS maintainers need money today. Better solutions may come along; putting up with ads in the mean time is a small price to pay. While I don't particularly like seeing ads in this space, I understand its necessity and fully support it.

I do agree that:

it could be more clear why the ads there, and specifically that it's making the tools you love maintainable.

@ArcanisCz
Copy link

@ArcanisCz ArcanisCz commented Aug 23, 2019

That reminds me of the article https://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041/ . Basically, our hated ads-driven business model of internet (google, facebook, ...) was forced to original publishers by people.... (posting it as a slight OT because when people dont know history, they tend to make same mistakes and desicisons)

@brodybits
Copy link
Contributor

@brodybits brodybits commented Aug 23, 2019

Hi @feross, I would favor advertisements for services that you would be willing to offer, either personally or from a company that you own and run.

@mhogerheijde
Copy link

@mhogerheijde mhogerheijde commented Aug 23, 2019

@vweevers Nobody is denying that money needs to flow to OSS maintainers. I don't mind putting up with ads anywhere else than in the logs of my build. There is plenty of space in things like README's and landing pages for links to sponsors and patreon(-like) solutions. Logs for me are a way of doing my job. I will (try to) weed out anything that negatively impacts my ability to do work.

Also, consider the effect that letting people know that you've got sponsoring can diminish the amount of support you get from your peers, as Matthias Wandel points out in one of his videos: https://www.youtube.com/watch?v=SToyIb9tNiY

@ArcanisCz interesting read!

@brodybits you mean you prefer ads for services from @feross over 3rd party ads? I agree, I probably wouldn't make this much a fuss if the advertisement was a single line with a link to buy them a cup of coffee or a side-project.

@brodybits
Copy link
Contributor

@brodybits brodybits commented Aug 23, 2019

@brodybits you mean you prefer ads for services from @feross over 3rd party ads?

Yes.

@arcanis
Copy link

@arcanis arcanis commented Aug 23, 2019

As maintainer of Yarn I'm strongly against this pattern, although not for the reasons you might think. Post-install scripts deoptimize packages and break workflows.

When a package has postinstall scripts, we (package managers) cannot assume anymore that it's safe to share its directory between projects. Even worse, we must extract it on the disk (in case there's a build step) even if it's actually completely unnecessary (because you only print things). We've been exploring a lot of optimisations in this space lately (Yarn 2 will keep your packages within their archives by default), and this kind of pattern will prevent your users from exploiting them to full benefits.

(Note that I'm not saying the postinstall scripts are deprecated - just that they should be reserved to the use case they were designed for, which is building a package against a local environment)

Fwiw, as is mentioned somewhere in this thread, Yarn already doesn't print the build logs unless they make the installs crash, so this post-install script wouldn't have any visible effect for our users. Still, I value the health of the ecosystem a lot, both from the point of view of maintainers and users, and I would be happy to discuss how we could satisfy this use case in a more integrated and less intrusive way (for example by adding a specific field to the package.json). I've actually opened an issue against the OpenCollective repo to discuss that, but it got no traction until now.

@tommck
Copy link

@tommck tommck commented Aug 23, 2019

I agree with a bunch of folks here that the goal here is great, but I already have enough trouble getting devs to pay attention to warnings like "unmet peer dependencies" when an npm install is finished. Having screens of ads go by makes it impossible to see them.
('core-js' comes to mind begging for money AND a job for the lead dev)

[Update: spelling]

@CalinLeafshade
Copy link

@CalinLeafshade CalinLeafshade commented Aug 23, 2019

Companies should sponsor OSS projects because they use them. Not to get ads in front of the project's users.

Also, this kind of thing is easily blocked so it's unlikely to be a good revenue stream anyway.

@ljosberinn
Copy link

@ljosberinn ljosberinn commented Aug 23, 2019

I'm all for (better) compensation of OSS developers but I will go lengths to avoid ads, just any ads in general. Ads are a toxic pest in modern days, wherever you go you're slammed with them. The console is not intended for this either.

If this means I have to change a dependency or library to not have ads, I will do it, not because you don't deserve money, but because you're intruding an area you're not supposed to intrude by design.

_Edited a word. _

@bunchopunch
Copy link

@bunchopunch bunchopunch commented Aug 23, 2019

If a company is advertising in my terminal, even if they're technically sponsoring a project as means to do so, I will do everything I can to avoid that company. Whether or not they know it, I'm pretty sure this is the exact opposite of the sort of publicity these sponsors would want among developers.

@Grandclosing
Copy link

@Grandclosing Grandclosing commented Aug 23, 2019

My terminal is the one last stronghold, the one last haven of peace that doesn't endlessly serve me ads from corporate overlords all day long. I vehemently oppose this idea as I believe it is fundamentally opposed to the open source ethos we've built up over decades.

Yes, it's important to help out open source contributors and project owners - but ads are not the solution.

@brodybits
Copy link
Contributor

@brodybits brodybits commented Aug 23, 2019

-1 for that kind of non-permissive licensing, it does not even seem to fit the definition of "open source" ref:

+1 for offer of services from the primary author, which is sometimes needed to help with open-source sustainability

-1 for promotion of third-party products or services (noisy, distracting, etc.)

lightswitch05 added a commit to lightswitch05/hosts that referenced this issue Aug 23, 2019
@lightswitch05
Copy link

@lightswitch05 lightswitch05 commented Aug 23, 2019

The package maintainers are welcome to do as they see fit. However, I would like a way to opt-out entirely from this package ever being install into my system. As far as I can tell, that is not possible with NPM.

https://npm.community/t/blacklist-entire-packages/9659

@Jhawins
Copy link

@Jhawins Jhawins commented Aug 23, 2019

This does 2 things, 1 is objectively bad and one is subjective.

  1. Encourages users to run with --silent as an adblocker
    • Bad because it means users won't see critical errors, security warnings etc
    • If we can agree it's bad to encourage users to ignore key warnings, we inherently agree that polluting the output of install is bad for the exact same reason.
  2. It's the most annoying thing you could possibly do as a package maintainer other than remove your package.

Regardless, NPM will undoubtedly decide to block any method of serving advertisements through the terminal. It doesn't matter what Standard chooses to do.

@mzzfederico

This comment was marked as off-topic.

@kinow
Copy link

@kinow kinow commented Aug 24, 2019

Dang it. Just enabled it the other week, already going to have to raise another PR to remove from the project now 😞

@steve-perkins
Copy link

@steve-perkins steve-perkins commented Aug 24, 2019

Given that this package is essentially a config file and thin wrapper script for ESLint, I am curious how much of this revenue will be shared with the upstream ESLint developers.

@osmarks
Copy link

@osmarks osmarks commented Aug 24, 2019

We are going to need adblockers for npm install output now...

Now I'm actually wondering how that might work... maybe just blocking specific packages' postinstall scripts would do it. For now. It's not like there's some easy way to detect sponsored messages.

@tedivm
Copy link

@tedivm tedivm commented Aug 24, 2019

I don't want to have to view advertisements in my CI logs, and I hate what this would mean if other packages started doing this. Some JS packages have dozens, hundreds, or even more dependencies- can you imagine what it would look like if every package did this?

@sserdda-liamE
Copy link

@sserdda-liamE sserdda-liamE commented Aug 24, 2019

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out. There is value in feedback, especially when you don't agree.

Not when that feedback is 100% predicable because it's nothing but our inner two year old being triggered to whine when everything doesn't go 100% his or her way.

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it. In discussing a problem whose solution is necessarily going to impart a cost it doesn't need to be stated that those who need to shoulder said cost are going to find it less preferable than having it at no cost. This inner alt-right perspective is expected.

Anyway, the solution to monetizing an artist's reproducible work has already been solved. It's called copyright. We the People have expressly removed our liberty to freely copy an artist's work and granted that right solely to the creator in order to give the artist the ability to financially support his artistic output. To place a copyleft licence on the work and then complain that you can't monetize it because people are copying it for free is an... interesting complaint.

@evandentremont

This comment has been minimized.

@j-f1
Copy link

@j-f1 j-f1 commented Aug 24, 2019

@evandentremont I read through the thread again, and it seems like the OP was trying it out by installing it --save-dev, but the funding package’s behavior should be the same regardless of how it’s installed.

@taysco

This comment was marked as off-topic.

@j-f1

This comment was marked as off-topic.

@modeco80

This comment was marked as off-topic.

@with-heart
Copy link

@with-heart with-heart commented Aug 24, 2019

@gc @modeco80 I didn't mean to suggest that anyone disagreeing was acting as part of a mob. It was meant to apply specifically to those people treating a github issue like it's a place for trolling, nasty comments, etc. My apologies if it came off that way.

@j-f1
Copy link

@j-f1 j-f1 commented Aug 24, 2019

Either way, the name of the package has nothing to do with the discussion at hand.

@plbyrd
Copy link

@plbyrd plbyrd commented Aug 24, 2019

Google, et. all, love this because not only are they getting work from you during the day, they are getting more work from you when you get home that they didn't have to pay for.

Pretty unfair dig at Google, who not only bankroll a lot of open source projects (Android, Chromium, Kubernetes, etc.), but also have programs like Google Summer of Code and Google Code-in, and donate to organisations like MetaBrainz, which hosts MusicBrainz and other services.

Not unfair at all. How much has Google paid to the credits listed in chrome://credits?

@s-thom
Copy link

@s-thom s-thom commented Aug 24, 2019

For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists).
@feross

It seems like a lot of your frustration comes from this part:

and it never reaches packages which are transitive dependencies

So how many projects does standard rely on?

$ npm i -S standard

... the ad ...

+ standard@14.0.2
added 233 packages from 125 contributors and audited 504 packages in 47.527s
found 0 vulnerabilities

So, uh, how much of the $2000 you got is going to those 125 other contributors? For those interested, here's an npm ls on a brand new project with only this package installed. There's 322 lines of output (because some packages are used multiple times).

@modeco80
Copy link

@modeco80 modeco80 commented Aug 24, 2019

For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists).
@feross

It seems like a lot of your frustration comes from this part:

and it never reaches packages which are transitive dependencies

So how many projects does standard rely on?

$ npm i -S standard

... the ad ...

+ standard@14.0.2
added 233 packages from 125 contributors and audited 504 packages in 47.527s
found 0 vulnerabilities

So, uh, how much of the $2000 you got is going to those 125 other contributors? For those interested, here's an npm ls on a brand new project with only this package installed. There's 322 lines of output (because some packages are used multiple times).

As far as I know currently, the money generated by the funding package seems to only benefit Standard, and not any of the dependencies (including the major one, ESLint) used by it.

@plbyrd
Copy link

@plbyrd plbyrd commented Aug 24, 2019

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it.

No, not all humans have this reaction. The reaction you are projecting on all humans infers that all humans are greedy, inconsiderate thieves.

@Hamuko
Copy link

@Hamuko Hamuko commented Aug 24, 2019

Not unfair at all. How much has Google paid to the credits listed in chrome://credits?

Probably hard to say since that'd require all of them to have their financials disclosed. I had a random look at some projects to see what they disclose and libjpeg-turbo sponsors page has Google's logo on it and says that it requires at least a donation of at least $1000 to get their logo there. And some of the projects there are actually Google projects, so the people working on those were probably paid by Google.

@s-thom
Copy link

@s-thom s-thom commented Aug 24, 2019

@s-thom you forgot the 5 funding itself relies on.

Since funding is one of the dependencies, it's in the list.

@sserdda-liamE

This comment was marked as off-topic.

@evandentremont

This comment was marked as off-topic.

@evandentremont

This comment has been minimized.

@Toxoid49b

This comment was marked as off-topic.

@gc
Copy link

@gc gc commented Aug 24, 2019

@sserdda-liamE Do you mind refraining from ad-hominem attacks? Calling people triggered whining two-year olds doesn't contribute to this discussion constructively.

@evandentremont

This comment has been minimized.

@broberson

This comment was marked as disruptive content.

@standard standard locked as too heated and limited conversation to collaborators Aug 24, 2019
@mixmix
Copy link

@mixmix mixmix commented Aug 25, 2019

Next steps

Hey all, it's great to see people care as much about the future of Open Source as we do.
There have been a bunch of great questions and suggestions raised here, but this is turning into a mega-thread with a lot going on in it.

I've taken some of the themes I've seen emerging and started some threads for more focused conversations:

traverseda referenced this issue in feross/funding Aug 25, 2019
@feross feross unpinned this issue Aug 25, 2019
@feross
Copy link
Member Author

@feross feross commented Aug 29, 2019

Hi everyone,

I appreciate the thoughtful discussion and feedback. I just ended the experiment. I shared some thoughts about how the experiment went from my perspective on my blog: https://feross.org/funding-experiment-recap/

@feross
Copy link
Member Author

@feross feross commented Sep 4, 2019

On August 28, 2019, I released standard 14.1.0 which removed the funding dependency. See changelog here: https://standardjs.com/changelog.html#1410---2019-08-28

@feross feross closed this Sep 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Linked pull requests

Successfully merging a pull request may close this issue.

None yet