• Ullallulloo@civilloquy.com
    link
    fedilink
    arrow-up
    29
    arrow-down
    1
    ·
    1 year ago

    Doesn’t npm have this already? I’ve definitely gotten requests for donations and various political messages when installing dependencies.

    • besbin@lemmygrad.ml
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      That’s probably cause you or your packages use CoreJS. It’s basically a one man project that’s holding up the whole modern Internet infrastructure. You can look up the story online, but it was a pretty small donation request for a really relatable individual.

    • SpacingBat3@szmer.info
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I guess this highly depends on package maintainers, Node already provides funding in package.json for much less invasive funding requests (and that can also be disabled) and you might also block executing the scripts during package instalation which are sometimes used for advertisement. I think this was a lot worse in days NPM didn’t support funding, especially for projects depending on a huge number of dependencies. But I’m not that old Node/JS dev to tell how things were back then in reality.