
Show HN: Thanks – See which NPM dependencies are seeking donations - feross
https://github.com/feross/thanks
======
rmason
Terrific job! Seeing is believing:

[https://twitter.com/feross/status/961745970080792576](https://twitter.com/feross/status/961745970080792576)

~~~
feross
Thanks. I agree. The GIF of `thanks` in action really tells the story better
than a description ever could.

------
faizshah
I'm really happy that there's increasing efforts to help fund the people who
write the OSS we depend on. I was really happy looking at Evan You (the
creator of VueJS) being able to reach his patreon goal, but I really wish some
of the massive companies making use of Hapi would help with Eran Hammer's
patreon goal:
[https://www.patreon.com/eranhammer](https://www.patreon.com/eranhammer)

It bewilders me how companies make so much money and depend on something like
Hapi for its "enterprise" quality but won't give a little bit back to the
person who developed their open source software for free. I hope github
considers adding some kind of integration with patreon and other platforms to
help bring more attention to maintainer's funding drives.

------
feross
Author and submitter here, happy to answer questions :)

~~~
timlyo
Did you consider the approach of scanning through the readme and looking for
urls to known donation sites? Maybe this could be done separately to add to
the list?

~~~
feross
Yes, but fetching full npm package metadata (which includes the readme) for
100s of packages was really slow. I'll see if there's some other approach
(perhaps getting the readmes from GitHub, or perhaps pre-processing all
package readmes) that might work.

~~~
michaelbazos
Couldn't you use unpkg.com for this?

unpkg.com/:package@:version/:file

~~~
feross
Sure, that would work. Then we'd be getting the readme version for the latest
version, ignoring updates to the readme that have been made since the last
publish. Will consider that approach.

------
bruce_one
Seeing `puppeteer` in the example makes me feel odd about this.

Isn't it an official Google project by paid Google employees? Eg I thought
Paul Irish was a paid Goole employeee, so it seems odd to suggest donating
money to him in the context?

(I might be wrong; and am also very thankful for what he does and don't
begrudge anyone donating him money nor him asking for it. Just... Odd...)

~~~
feross
So, that's my fault.

To get things started, I added a bunch of authors who had accounts on Patreon
and Librepay so `thanks` wouldn't start out completely empty. Specifically, I
used the "Find My Friends" feature and just used the list that came up. (Paul
had a LibrePay account receiving $0/month.)

So, in the specific case of Paul it might not make sense to suggest donating
to him for a Google project. Though, to be fair, he has a lot of packages on
npm, some of which appear to be his own work
([https://www.npmjs.com/~paulirish](https://www.npmjs.com/~paulirish)), so
suggesting that you donate to him for time he's put into his own packages
outside of work is fine in my book.

The broader question is: how should we determine who to donate to?

We could have packages declare explicitly if they're seeking donations and, if
so, who to donate to. There's a proposal to do this here:
[https://github.com/feross/thanks/issues/2](https://github.com/feross/thanks/issues/2).
For simplicity in this V1 product, I just used the list of maintainers who had
npm publish permission at the time of the last release. As a concrete example,
take a look at this JSON response from the registry:
[http://registry.npmjs.com/standard/latest](http://registry.npmjs.com/standard/latest)
We're just using the list of users in the "maintainers" key. If any of those
users is in this list
([https://github.com/feross/thanks/blob/master/index.js](https://github.com/feross/thanks/blob/master/index.js))
then we suggest donating to them.

Open to suggestions if you have better ideas.

~~~
aepiepaey
Use the couchdb instance at
[https://skimdb.npmjs.com/registry](https://skimdb.npmjs.com/registry) to
scrape all readmes, parse them for URLs to known donation services, and seed
the db using that.

[https://skimdb.npmjs.com/registry/_all_docs](https://skimdb.npmjs.com/registry/_all_docs)
will return a list including the project IDs, then you can send a GET to
[https://skimdb.npmjs.com/registry/<id>](https://skimdb.npmjs.com/registry/<id>),
which returns a json object which includes the readme.

For projects on Github, you could use OAuth to verify that a user owns a repo,
and let them manually submit a donation URL. Not sure if npm provides OAuth,
but if it does, use that instead.

------
styfle
I like this way (thanks) of promoting donations much better than the post-
install script[0] I've seen going around (open collective post-install).

[0][https://news.ycombinator.com/item?id=16335970](https://news.ycombinator.com/item?id=16335970)

