Earlier this week some JS community members decided to include advertisement into their packages’ output log. There is no an option to regulate this behavior in popular OSS licenses and we never have had such issues before. Such kind of advertisement seems unacceptable for many users, including Node.js core members (firshrock123, jasnell). It’s poisoning open source community IMO. But it’s not possible to prevent such behavior in the future. And it’s probably just the first precedent. I think it should be solved on the technology level and not social to prevent conflicts and future issues.
I. Free package marker
Mark packages as
free and replace this mark with
non-free if it’s using an advertisement or other kind of hidden monetization.
II. Ask user permission
Ask users if they want to install such package within
npm install call.