npm install funding

[feross]

Hey folks! 👋

I've already spoken to a few of you about this idea, but I'd like to share it with the broader community now that standard 14 has shipped.

Background: I think that the current model of sustaining open source is not working and we need more experimentation. This is one such experiment.

What's the experiment? Whenever standard 14 is installed, we'll display a message from a company that supports open source. The sponsorship pays directly for maintainer time. That is, writing new features, fixing bugs, answering user questions, and improving documentation.

What's the goal? My goal with this experiment is to make standard healthier. If we learn that the experiment works, perhaps we can help make all open source healthier, too. For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists). Essentially, we have a public good which is consumed by huge numbers of users, but which almost no one pays for. Fortunately, there exists a funding model that usually works for public goods like this – ads. The goal of this experiment is to answer the question: Can we use ethical ads – ads that don't track users or collect data – to fund open source software?

What does the code do? The code for this experiment is available here: feross/funding. Essentially, it calls console.log() on some text. There is no tracking, data collecting, or unexpected behavior. You can look at the code to verify – indeed, this is the beauty of open source!

What will the funds be used for? The funds raised so far ($2,000) have paid for Feross's time to release Standard 14 which has taken around five days. If we are able to raise additional funds, the next thing I'd like to focus on is out-of-the-box TypeScript support in StandardJS (one of the most common feature requests!) and modernizing the various text editor plugins (many of which are currently unmaintained). If others in the community are interested in taking the lead on any of these issues, I'd like to direct some funds to you.

Feedback welcome!

---

EDIT: This thread is now locked 🔒

For why + next steps, scroll to the end >>

[wmhilton]

Feedback welcome!

I noticed the (fairly large bright bold) banner. It reminds me of the OpenCollective-style banners used by webpack / corejs.

I think it's OK... I do worry that npm install will just become a long trail of banner ads though eventually and it won't scale. Because if every npm package adds ads, the noticeability of each ad will diminish. (Interestingly, the most valuable "realestate" will be packages whose banner is displayed last, so if it becomes a literal "race-to-the-bottom" people might add sleep statements to their post-install scripts so they are displayed nearest the bottom. What a dystopian installation experience!)

Fun fact: yarn does not display the output of post-install scripts. One might say yarn has built-in ad-blocking.

[evantahler]

While I'm totally OK with this on development machines, I think this is strange behavior for staging/production/etc. Perhaps https://github.com/feross/funding/blob/master/index.js should have a NODE_ENV check?

Then again, I don't imagine standard is going to be installed outside of NODE_ENV={test, development} anyway... so it's probably OK!

[mixmix]

I am whole-heartedly behind this experiment.
It's not the perfect end solution, but that's not the point - it's about moving the conversation about how to build healthy relationships between our commons and companies forward.

Thanks for taking leadership on this @feross .

[morgansliman]

Admittedly, I haven't contributed an immense amount to open source code, so I realize I don't have the same perspective on this issue. That being said, I sincerely hope that this solution does not become standard.

I agree wholeheartedly that this is a problem that needs a solution, and I am glad that the conversation is being pushed forward by this experiment. Advertisements in my terminal is not the solution.

For me, yarn or "standard": "^13.0.0" is going to have to be my "standard" until this is removed.

Fifteen Million Installs

[mhogerheijde]

I'm with @morgansliman, of any place I don't want to see ads, my terminal is on the top of that list.

I would a low a "buy me a coffee"-link, but that's about it.

On another note: For me, it was totally not clear that this ad was for a company that donates to standard. So it took me a while to figure out where this ad came from. So I'm not sure what the ad should convey, but I don't think it is the feeling "what is this and how do I get rid of it?".

[ckipp01]

First off, I love standard and use it in all my JS projects. Thank you so much for your hard work in making a fantastic, easy-to-use, and solid linter.

I was really taken off guard seeing this in my terminal today. It's the last place I expect to see an ad, and really the last place I want to. While I get the idea behind it, and I agree that we must think of innovative ways to support open-source, relying on displaying an ad in a place that typically doesn't have them opens up the doors to new behavior of ad spamming when I simply want to install a dependency.

I'm not saying this is the case here, but let's say that this really frustrates a percentage of developers and they decide to no longer use the project/tool/library, but the project does see an uptick in sponsorship. More than likely they'd see that as a win, and this could slowly shift the focus from a community-driven project to a sponsorship-driven project (and not as in individual sponsors, but company sponsorship). Again, I'm not saying this is the case here, but you can sort of see how that could happen if this becomes a normal practice in how we try to support open-source projects.

I'd much rather see an innovative solution that tries to encourage individual community members to give more to projects they want to support rather than relying on sponsorship ads.

Finally, I also agree with @mhogerheijde, when I first saw this I was confused, and my initial thought was to immediately find the package and to remove it since it wasn't clear at all where this was coming from or why an ad was in my terminal.

EDIT: spelling

[mixmix]

Great point that it could be more clear why the ads there, and specifically that it's making the tools you love maintainable. I think if you're not into it, then the obligation is in you to put some work in to come up with more aligned solutions. Enthusiastic verbal support does not help maintainers thrive. At the moment many of them are generously giving and experience a few breadcrumbs of thanks in return. I want to live in a world where maintainers have enough to pay rent, eat food, have health care, save money, dream about big future projects.

…

On Fri, 23 Aug 2019, 04:02 Chris, ***@***.***> wrote: First off, I love standard and use it in all my JS projects. Thank you so much for your hard work in making a fantastic, easy-to-use, and solid linter. I was really taken off guard seeing this in my terminal today. It's the last place I expect to see an add, and really the last place I want to. While I get the idea behind it, and I agree that we must think of innovative ways to support open-source, relying on displaying an add in a place that typically doesn't have them opens up the doors to new behavior of add spamming when I simply want to install a dependency. I'm not saying this is the case here, but let's say that this really frustrates a percentage of developers and they decide to no longer use the project/tool/library, but the project does see an uptick in sponsorship. More than likely they'd see that as a win, and this could slowly shift the focus from a community-driven project to a sponsor-driven project. Again, I'm not saying this is the case here, but you can sort of see how that could happen if this becomes a normal practice in how we try to support open-source projects. I'd much rather see an innovative solution that tries to encourage individual community members to give more to projects they want to support rather than relying on sponsorship adds. Finally, I also agree with @mhogerheijde <https://github.com/mhogerheijde>, when I first saw this I was confused, and my initial thought was to immediately find the package and to remove it since it wasn't clear at all where this was coming from or why an add was in my terminal. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1381?email_source=notifications&email_token=AAUK3HVSVRIKOQRBTT2VO2TQF22BFA5CNFSM4INH7WL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD45SDTI#issuecomment-523968973>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAUK3HTGZ2JHVTQG6C4XLADQF22BFANCNFSM4INH7WLQ> .

[mhogerheijde]

This isn't about having our cake and eating it too. Selling ad-space is not innovative. And it's particularly unhelpful in my logs.

I don't fully agree with @ckipp01 on the sponsorship driven OSS. It is a risk, but it already exists outside of selling ad-space in logs.

For me, the issue is more that I don't want stuff that doesn't help me in my logs. I wholeheartedly agree with putting your "supported by company X" in the readme. That helps me understand, it does resonate with me when I see certain companies donating money to OSS.

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out. There is value in feedback, especially when you don't agree.

EDIT: PS: I too want to live in a perfect world where every developer can live, pay rent and only work on projects they like. That perfect world for me does not include ads in my terminal.

EDIT2: PPS: Support of my peers for me is a big reason to work on stuff. I know others that earn enough in their day-job that they enthusiastically spend time on OSS in their free time as a hobby and get value out of verbal support from their peers. That support is more often than not shown in a verbal/written way.

[vweevers]

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out.

Fact of the matter is, OSS maintainers need money today. Better solutions may come along; putting up with ads in the mean time is a small price to pay. While I don't particularly like seeing ads in this space, I understand its necessity and fully support it.

I do agree that:

it could be more clear why the ads there, and specifically that it's making the tools you love maintainable.

[ArcanisCz]

That reminds me of the article https://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041/ . Basically, our hated ads-driven business model of internet (google, facebook, ...) was forced to original publishers by people.... (posting it as a slight OT because when people dont know history, they tend to make same mistakes and desicisons)

[brodybits]

Hi @feross, I would favor advertisements for services that you would be willing to offer, either personally or from a company that you own and run.

[mhogerheijde]

@vweevers Nobody is denying that money needs to flow to OSS maintainers. I don't mind putting up with ads anywhere else than in the logs of my build. There is plenty of space in things like README's and landing pages for links to sponsors and patreon(-like) solutions. Logs for me are a way of doing my job. I will (try to) weed out anything that negatively impacts my ability to do work.

Also, consider the effect that letting people know that you've got sponsoring can diminish the amount of support you get from your peers, as Matthias Wandel points out in one of his videos: https://www.youtube.com/watch?v=SToyIb9tNiY

@ArcanisCz interesting read!

@brodybits you mean you prefer ads for services from @feross over 3rd party ads? I agree, I probably wouldn't make this much a fuss if the advertisement was a single line with a link to buy them a cup of coffee or a side-project.

[brodybits]

@brodybits you mean you prefer ads for services from @feross over 3rd party ads?

Yes.

[arcanis]

As maintainer of Yarn I'm strongly against this pattern, although not for the reasons you might think. Post-install scripts deoptimize packages and break workflows.

When a package has postinstall scripts, we (package managers) cannot assume anymore that it's safe to share its directory between projects. Even worse, we must extract it on the disk (in case there's a build step) even if it's actually completely unnecessary (because you only print things). We've been exploring a lot of optimisations in this space lately (Yarn 2 will keep your packages within their archives by default), and this kind of pattern will prevent your users from exploiting them to full benefits.

(Note that I'm not saying the postinstall scripts are deprecated - just that they should be reserved to the use case they were designed for, which is building a package against a local environment)

Fwiw, as is mentioned somewhere in this thread, Yarn already doesn't print the build logs unless they make the installs crash, so this post-install script wouldn't have any visible effect for our users. Still, I value the health of the ecosystem a lot, both from the point of view of maintainers and users, and I would be happy to discuss how we could satisfy this use case in a more integrated and less intrusive way (for example by adding a specific field to the package.json). I've actually opened an issue against the OpenCollective repo to discuss that, but it got no traction until now.

[tommck]

I agree with a bunch of folks here that the goal here is great, but I already have enough trouble getting devs to pay attention to warnings like "unmet peer dependencies" when an npm install is finished. Having screens of ads go by makes it impossible to see them.
('core-js' comes to mind begging for money AND a job for the lead dev)

[Update: spelling]

[CalinLeafshade]

Companies should sponsor OSS projects because they use them. Not to get ads in front of the project's users.

Also, this kind of thing is easily blocked so it's unlikely to be a good revenue stream anyway.

[ljosberinn]

I'm all for (better) compensation of OSS developers but I will go lengths to avoid ads, just any ads in general. Ads are a toxic pest in modern days, wherever you go you're slammed with them. The console is not intended for this either.

If this means I have to change a dependency or library to not have ads, I will do it, not because you don't deserve money, but because you're intruding an area you're not supposed to intrude by design.

_Edited a word. _

[bunchopunch]

If a company is advertising in my terminal, even if they're technically sponsoring a project as means to do so, I will do everything I can to avoid that company. Whether or not they know it, I'm pretty sure this is the exact opposite of the sort of publicity these sponsors would want among developers.

[Grandclosing]

My terminal is the one last stronghold, the one last haven of peace that doesn't endlessly serve me ads from corporate overlords all day long. I vehemently oppose this idea as I believe it is fundamentally opposed to the open source ethos we've built up over decades.

Yes, it's important to help out open source contributors and project owners - but ads are not the solution.

[brodybits]

-1 for that kind of non-permissive licensing, it does not even seem to fit the definition of "open source" ref:

• https://opensource.org/osd#persons-or-groups
• https://opensource.org/osd#fields-of-endeavor

+1 for offer of services from the primary author, which is sometimes needed to help with open-source sustainability

-1 for promotion of third-party products or services (noisy, distracting, etc.)

[lightswitch05]

The package maintainers are welcome to do as they see fit. However, I would like a way to opt-out entirely from this package ever being install into my system. As far as I can tell, that is not possible with NPM.

https://npm.community/t/blacklist-entire-packages/9659

[Jhawins]

This does 2 things, 1 is objectively bad and one is subjective.

1. Encourages users to run with --silent as an adblocker
   • Bad because it means users won't see critical errors, security warnings etc
   • If we can agree it's bad to encourage users to ignore key warnings, we inherently agree that polluting the output of install is bad for the exact same reason.
2. It's the most annoying thing you could possibly do as a package maintainer other than remove your package.

Regardless, NPM will undoubtedly decide to block any method of serving advertisements through the terminal. It doesn't matter what Standard chooses to do.

[mzzfederico]

If it will change the name of this project to something sensible, I will greet them with open arms

[kinow]

Dang it. Just enabled it the other week, already going to have to raise another PR to remove from the project now 😞

[steve-perkins]

Given that this package is essentially a config file and thin wrapper script for ESLint, I am curious how much of this revenue will be shared with the upstream ESLint developers.

[osmarks]

We are going to need adblockers for npm install output now...

Now I'm actually wondering how that might work... maybe just blocking specific packages' postinstall scripts would do it. For now. It's not like there's some easy way to detect sponsored messages.

[gc]

@with-heart People disagreeing with you aren't a mob, they're real people that just so happen to have a different opinion than you on the matter. There may be one or two people acting inappropriately, as I have seen myself on both sides, but for the majority people are just sharing their views.

I don't think anyone, either for or against this experiment, should not have their opinion heard. That very much too goes for people who support the proposal and I hope everyone can share their feedback.

[vojtechkral]

@vweevers @with-heart You guys seriously don't see what this guy is doing? He's trying to push his ESLint config as a "standard" and monetize it. This is not a "FOSS project", it's a publicity/advertisment stunt. How do you reconcile your views with the fact that this guy plans to get paid pretty much for someone else's work (ESLint)?

[modeco80]

@with-heart People disagreeing with you aren't a mob, they're real people that just so happen to have a different opinion than you on the matter. There may be one or two people acting inappropriately, as I have seen myself on both sides, but for the majority people are just sharing their views.

I don't think anyone, either for or against this experiment, should not have their opinion heard. That very much too goes for people who support the proposal and I hope everyone can share their feedback.

Some people treat differing opinions as a "mob" to make themselves feel better. Unfortunately, that tends to reveal their insecurities and shill views even more.

[tedivm]

I don't want to have to view advertisements in my CI logs, and I hate what this would mean if other packages started doing this. Some JS packages have dozens, hundreds, or even more dependencies- can you imagine what it would look like if every package did this?

[sserdda-liamE]

By the way, just stating that "if you don't like it, come up with a better solution" is a cop-out. There is value in feedback, especially when you don't agree.

Not when that feedback is 100% predicable because it's nothing but our inner two year old being triggered to whine when everything doesn't go 100% his or her way.

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it. In discussing a problem whose solution is necessarily going to impart a cost it doesn't need to be stated that those who need to shoulder said cost are going to find it less preferable than having it at no cost. This inner alt-right perspective is expected.

Anyway, the solution to monetizing an artist's reproducible work has already been solved. It's called copyright. We the People have expressly removed our liberty to freely copy an artist's work and granted that right solely to the creator in order to give the artist the ability to financially support his artistic output. To place a copyleft licence on the work and then complain that you can't monetize it because people are copying it for free is an... interesting complaint.

[evandentremont]

@j-f1

It makes the whole thing seem a lot more reasonable

If you read the whole thing it's with a special dev flag.

[j-f1]

@evandentremont I read through the thread again, and it seems like the OP was trying it out by installing it --save-dev, but the funding package’s behavior should be the same regardless of how it’s installed.

[taysco]

What an awful and misleading name for a eslint config. I wonder how many poor newbs have thought this is official.

[j-f1]

@taysco https://standardjs.com/#but-this-isnt-a-real-web-standard

[modeco80]

It is still a misleading name, no matter how it is spinned by the developers.

[with-heart]

@gc @modeco80 I didn't mean to suggest that anyone disagreeing was acting as part of a mob. It was meant to apply specifically to those people treating a github issue like it's a place for trolling, nasty comments, etc. My apologies if it came off that way.

[j-f1]

Either way, the name of the package has nothing to do with the discussion at hand.

[plbyrd]

Google, et. all, love this because not only are they getting work from you during the day, they are getting more work from you when you get home that they didn't have to pay for.

Pretty unfair dig at Google, who not only bankroll a lot of open source projects (Android, Chromium, Kubernetes, etc.), but also have programs like Google Summer of Code and Google Code-in, and donate to organisations like MetaBrainz, which hosts MusicBrainz and other services.

Not unfair at all. How much has Google paid to the credits listed in chrome://credits?

[s-thom]

For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists).
@feross

It seems like a lot of your frustration comes from this part:

and it never reaches packages which are transitive dependencies

So how many projects does standard rely on?

$ npm i -S standard

... the ad ...

+ standard@14.0.2
added 233 packages from 125 contributors and audited 504 packages in 47.527s
found 0 vulnerabilities

So, uh, how much of the $2000 you got is going to those 125 other contributors? For those interested, here's an npm ls on a brand new project with only this package installed. There's 322 lines of output (because some packages are used multiple times).

[modeco80]

For complex reasons, companies are generally hesitant or unwilling to fund OSS directly. When it does happen, it's never enough and it never reaches packages which are transitive dependencies (i.e. packages that no one installs explicitly and therefore no one knows exists).
@feross

It seems like a lot of your frustration comes from this part:

and it never reaches packages which are transitive dependencies

So how many projects does standard rely on?

$ npm i -S standard

... the ad ...

+ standard@14.0.2
added 233 packages from 125 contributors and audited 504 packages in 47.527s
found 0 vulnerabilities

So, uh, how much of the $2000 you got is going to those 125 other contributors? For those interested, here's an npm ls on a brand new project with only this package installed. There's 322 lines of output (because some packages are used multiple times).

As far as I know currently, the money generated by the funding package seems to only benefit Standard, and not any of the dependencies (including the major one, ESLint) used by it.

[plbyrd]

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it.

No, not all humans have this reaction. The reaction you are projecting on all humans infers that all humans are greedy, inconsiderate thieves.

[Hamuko]

Not unfair at all. How much has Google paid to the credits listed in chrome://credits?

Probably hard to say since that'd require all of them to have their financials disclosed. I had a random look at some projects to see what they disclose and libjpeg-turbo sponsors page has Google's logo on it and says that it requires at least a donation of at least $1000 to get their logo there. And some of the projects there are actually Google projects, so the people working on those were probably paid by Google.

[s-thom]

@s-thom you forgot the 5 funding itself relies on.

Since funding is one of the dependencies, it's in the list.

[sserdda-liamE]

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it.

No, not all humans have this reaction. The reaction you are projecting on all humans infers that all humans are greedy, inconsiderate thieves.

Not letting your inner two year old rule you does not mean he is not present. His complaints are predictable, and those who are voicing complaints from him are not needed.

[evandentremont]

@sserdda-liamE

The existence of this issue infers the obvious must be stated.

[evandentremont]

I just recieved this response.

Hello,

We definitely understand your objection to an advertisement of this nature. This ad was not paid for or solicited by Linode. There is an open issue/thread regarding this advertisement on the package's Github repository.

We appreciate you voicing your concerns about this ad, and I've passed along your feedback to our team who will be investigating this matter. If you have any other questions or concerns please let us know.

Best Regards,
Tim H.
Linode Senior Support

---

Response from feross:

I expect this was merely a misunderstanding on the part of this support agent. He probably wasn't aware of the facts.

They have public tweets (1, 2) where they say they've "reconsidered":

Linode has been very supportive at exploring new ways to support open source. It's a bummer that this didn't work out, but I understand and don't hold it against them.

[Toxoid49b]

We humans are opportunists. Any time a cost to us is >0 we will not like that cost and we'll complain about it.

No, not all humans have this reaction. The reaction you are projecting on all humans infers that all humans are greedy, inconsiderate thieves.

Not letting your inner two year old rule you does not mean he is not present. His complaints are predictable, and those who are voicing complaints from him are not needed.

Please take your pseudo-intellectual garbage elsewhere

[gc]

@sserdda-liamE Do you mind refraining from ad-hominem attacks? Calling people triggered whining two-year olds doesn't contribute to this discussion constructively.

[evandentremont]

I hope the feedback in this thread will prompt you will explore different approaches to seeking the compensation you're entitled to for your hard work.

what compensation exactly are open source authors entitled to?

[broberson]

I don't install npm packages for entertainment. I'm working. Deliberately inserting ads into my workflow in the hope that I'll stop working and go screw around on the web and maybe buy something is absolutely predatory.

@feross should be ashamed of himself.

[mixmix]

Next steps

Hey all, it's great to see people care as much about the future of Open Source as we do.
There have been a bunch of great questions and suggestions raised here, but this is turning into a mega-thread with a lot going on in it.

I've taken some of the themes I've seen emerging and started some threads for more focused conversations:

• What's wrong with Open Source right now
• What do we want Open Source to look like in 10 years
• Process for Evaluating this version (of funding)
• Other ideas we could experiment with
• I'm angry and I want to yell some