Show HN: Scarf – Platform to help open-source developers monetize their work

I replied to a few comments, and will post my own now.<p>For those questioning the FOSS-ness of Scarf. Start with Wikipedia, then read a few more things for background.<p>Scarf itself is BSD3 licensed. You can do whatever you want with it. Even fork it and remove all the things it was designed to do.<p>There is nothing not-FOSS about this project. The goal (and I&#x27;m not affiliated with it in any way, nor do I know the author) is to <i>support</i> FOSS developers. If you&#x27;re a FOSS developer, you want that, right? And if you&#x27;re not, do you know how at risk you are because FOSS devs are <i>not</i> compensated consistently and well? That&#x27;s the message we need to get out. Projects like Scarf are important, and this is a new space, because we need to raise awarenes about this issue and <i>solve</i> it.<p>Will there be bad actors? You bet. Are there already bad actors? You bet. It&#x27;s not about creating a perfect solution, but creating a better solution than what we have now. Which means creating <i>any solution at all</i> for this particular problem at this point in history.<p>For every project that acknowledges and addresses this problem, I applaud you. We need stepping stones.

Money is more likely to flow to open source developers if it is framed from the perspective of the person&#x2F;company that is paying:<p>&quot;Scarf de-risks your product by helping you pay a small monthly amount to ensure that your open source dependencies remain alive and healthy.&quot;<p>versus<p>&quot;Platform to help open source developers monetize their work.&quot;

So from a developer point of view the more popular your package is financially the less insight into its use you get?<p>And a user point of view is that my usage data is now a bargaining chip to be used by an intermediary between me and a developer I think made a decent stab at a library I need.<p>I&#x27;m sorry I&#x27;m really failing to see any benefit for anyone in the deal apart from the middle man who will invariabley scrape all the usage stats and sell it

I like the idea; if someone wants to make some money off of customers who are more willing to pay than to make efforts to avoid paying, it&#x27;s nice to have an easy way to do that.<p>But whereas &quot;auto-magic&quot; is a good characteristic in software, it&#x27;s kind of off-putting in financial matters.<p>As far as the software goes, if it &quot;just works&quot;, that&#x27;s great. When it comes to the money, I don&#x27;t want to know if it &quot;just works&quot;. Within 2 minutes of arriving at the Scarf site, I want to know how much goes in one end, how much comes out the other end, how to set and change the prices, and how much (if any) leaks to the Scarf service. I&#x27;d like to know this by the second paragraph of the first page. Having skimmed the site, I still have no idea.

I understand where this is coming from, and it&#x27;s definitely from a good place, but honestly I think the solution is a bit naive. Developers are not going to be able to sustain themselves by simply having their software connected to a package manager that charges them when they install a package. You might as well just sell proprietary software at that point. We as a community need to be look at solutions like Tidelift [1] that will draw in real, serious and interested ENTERPRISE customers. That is where the revenue will come from and that it what will make it viable enough as a long term solution for both the developers AND consumers of FOSS. Note: I am in now way affialiated with tidelift other than thinking they are smart dudes who are approaching this very pressing issue correctly. [1] <a href="https:&#x2F;&#x2F;tidelift.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;tidelift.com&#x2F;</a>

I like the idea of Scarf allot. This solves a very good problem of getting analytics on features that get released. And these insights would certainly help improve the software.<p>However, please correct me if I&#x27;m wrong but is this truly open source. If the developer intends to open-source his software then in-app purchases defeat the entire purpose?<p>Also, if the developer does want to release his software with the intent to make money, he can simply release a premium version with the added features.<p>I don&#x27;t want to sound very harsh but as an open-source developer, this kinda defeats the ethics of what open-source software truly is.<p>Would love to hear alternative views...

Some site feedback:<p>It would be cool to see popular packages on the front page. Otherwise it looks like there are zero.<p>Also, searching then searching again messes with back navigation.

I haven&#x27;t tried this yet, but poking around the site, I&#x27;m wondering what mitigations you have for potential abuse? I&#x27;m concerned specifically about transparency to the end user about the costs of the packages that they&#x27;ve installed.<p>Thinking aloud:<p>* My user chooses to install my package with scarf, either because I force them to (by not making it easily available elsewhere) or because they want to support me (yay!)<p>* I make money from their install, and&#x2F;or their use of the package (is this correct?)<p>In that case, as Mallory, as a bad actor, I:<p>* Want to make a package that looks affordable but pulls in dependencies<p>* I want to make those dependencies cheap at first, but then I&#x27;m going to make them expensive later, when you are, well, dependent (ahem)<p>* I want those deps to be, as much as possible, me and my friends<p>I&#x27;m not even going to get into the abuse potential I can imagine would obtain by preying on naive good actors; e.g. convincing some well-intentioned dev to use my dep and then effectively taking rents from all of their downstream users.<p>I haven&#x27;t had a chance to play with Scarf yet but I&#x27;d love to hear about how you handle scenarios like this on its website. Because I&#x27;m pretty sure these scenarios are why something like scarf hasn&#x27;t shown up before.<p>(Personal belief&#x2F;stance informing this worry: FOSS got big by providing easily-reasoned-about costing structure in an industry that had hitherto been beholden to things like on-site auditors, per-seat licensing, hidden costs, submarine patents, etc; our value prop was &quot;you always know your cost is gonna be $0, plus installer and maintainer salaries&quot;, which is much better than &quot;We decided this now costs double&quot;. We didn&#x27;t so much cost less as cost <i>predictably.</i>)

nice work! I have a similar project <a href="https:&#x2F;&#x2F;ligit.dev" rel="nofollow">https:&#x2F;&#x2F;ligit.dev</a> we took the approach of letting the developer do everything as they usually would except for the license.<p>How are you guys thinking about Github&#x27;s new package registry?

So the high level monetization model is:<p>- Free: metrics get sent to the scarf service<p>- Paid: no metrics get sent to the scarf service<p>Is that correct?

If the software is open-source, it will just get forked in a branch that removes usage metric uploading. If you want to make money with software, just release proprietary software, not sure what&#x27;s so difficult about this.

This reminds of the internet explorer toolbars which counted installs, collected other stats and phoned that home. Those companies put wrappers around installs. Scarf also installs a wrapper around your package. Imagine if every npm package did this in a single project. You&#x27;d have 100s of sub-sub dependencies phoning home.<p>&gt; [captured data] Sub-commands and flags that are passed on the command line<p>So it&#x27;s parsing the command line which can have environment variables with passwords. eg `foo run -e CONTAINER_PASSWORD=&quot;&quot;`

Just wanted to mention that the site does not show anything at all with 1st-party JavaScript or 3rd-party JavaScript (stripe) disabled. It would be nice if there was some plain-old HTML ;).

This is awesome. I love open source projects and the developers behind them all. This is really cool and I&#x27;m installing now!

Your search URLs return a JSON instead of HTML. I get this even when I press Enter in a search box.<p><a href="https:&#x2F;&#x2F;scarf.sh&#x2F;packages&#x2F;search&#x2F;framework" rel="nofollow">https:&#x2F;&#x2F;scarf.sh&#x2F;packages&#x2F;search&#x2F;framework</a>

Nearly every open source package that sees use will be added to free-as-in-beer repositories. I don&#x27;t see how this gets any uptake.

Does Scarf use Scarf?

This is a terrible idea. I like the idea of paying money to not be spied on--I wish more companies adopted that model--but turning your opensource project into spyware and holding privacy ransom is just so evil. It&#x27;s also incredibly naive and detached from reality. Most people are not going to be okay with this, so what will happen is that they will either fork you or create an alternative that respects your privacy rather than pay up.