After banning adverts in command-line terminals, NPM floats idea of Patreon-style donations to open-source devs

Cash-burning biz sees itself following in the footsteps of GitHub Sponsors

NPM, Inc., the overseer of the widely used npm JavaScript package registry, hasn't been particularly supportive of worker complaints, but the would-be enterprise biz wants to lend a hand to open source contributors.

Following a software developer's recent experiment with ads delivered to the command line via npm-hosted packages – a testament to longstanding concerns about labor compensation and exploitation in the open source community – NPM said it intends to develop a funding platform for open source developers by the end of the year. The announcement comes as the biz revised its policies to forbid packages that "display ads at runtime, on installation, or at other stages of the software development lifecycle…"

In a blog post on Friday, CEO Brian Bogensberger said over the past few months, company engineers have been working on registry infrastructure so the biz can support services of this sort. This week, he said, company leaders "will be reaching out in order to get the expertise around the table with a goal of being able to share the framework by late September."

The project, undertaken at a time the cash-strapped biz is trying to build its enterprise business, appears to be not very far along.

NPM's entry into a market already served by Patreon, GitHub Sponsors, OpenCollective and Librapay elicited mixed reactions. While at least one NPM employee has said, evidently unbidden, that he's "stoked" about the project, those outside the company sound a bit more skeptical.

"Given that they also just [forbade] any funding prompts on installation by policy (if I recall correctly), even if the intent was good, it comes off as an attempt by NPM, Inc. to use they power over the Node.js ecosystem to rent-seek maintainers making money from their packages," software developer Linus Lee wrote in a tweet.

The Register asked NPM when it began work on its funding platform and whether it intends to generate revenue from it, but the company has not responded to our inquiries since mid-June when we reported on the company's initial refusal to settle labor complaints brought by three employees.

CJ Silverio, principal engineer at Eaze, former CTO at NPM and among the first ousted after Bogensberger took the helm last year, dismissed the funding initiative.

"NPM's announcement is a big nothingburger – we’re supposed to stay tuned for some later capital-E 'Enterprise' proposal," said Silverio in a message to The Register. "I’ll pay more attention if they ever announce anything concrete."

"The company is up against a problem they’ve been dancing around since their founding, which is how to get people to pay for something the industry taught them to expect for free," she elaborated. "NPM taught everyone that you can use a package manager to download and install software for free, so why would you pay for it?"

Silverio pointed to the rise of Linux as a cautionary tale, noting that it has outlived all the Unix versions that cost money. "Linux’s freeness killed them all," she said. "Does the industry ever go backwards from free to paid?"

As long as software developers improve open source projects at no cost and allow companies to exploit their labor without compensation, perhaps not. But the issue, which has simmered since open source development began, has come to a boil over the past year or so as companies that coalesced around open source projects like MongoDB and Redis have expressed resentment about how cloud platform giants like Amazon, Google and Microsoft profit from their code without compensating the developers who created it.

Ads on Times Square. Photo by Allen G via Shutterstock editorial use only

Developer reconsiders npm command-line ad caper after outcry


The unfairness of it all has not been lost on individual open source project maintainers who face demands for continuing code improvements without monetary recognition.

On Tuesday, Kat Marchán, former tech lead/architect for the NPM CLI, now working for Microsoft on the NuGet package manager, offered her vision for a more equitable and humane system that combines payment mechanisms with alternative software licenses like the Parity License to address what she calls an open source sustainability crisis.

In an explanatory post on, Marchán wrote, "maintainers are burning out, overwhelmed by the demands of an increasingly large community on a project they are usually only allowed to work on in their 'spare' time, while simultaneously being punished for any attempts at implementing more sustainable models, such as the recent advertisement-based funding controversy."

Via Twitter, she elaborated, "I want to see a world where free software contributors and collaborators, as well as maintainers, get paid for the labor they put into these projects that help drive so much of our economies. The current 'open source' system has to end, and it must be replaced by a more fair one." ®

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022