Add free/non-free badges for packages in the registry

Earlier this week some JS community members decided to include advertisement into their packages’ output log. There is no an option to regulate this behavior in popular OSS licenses and we never have had such issues before. Such kind of advertisement seems unacceptable for many users, including Node.js core members (firshrock123, jasnell). It’s poisoning open source community IMO. But it’s not possible to prevent such behavior in the future. And it’s probably just the first precedent. I think it should be solved on the technology level and not social to prevent conflicts and future issues.

Proposal

I. Free package marker

Mark packages as free and replace this mark with non-free if it’s using an advertisement or other kind of hidden monetization.

II. Ask user permission

Ask users if they want to install such package within npm install call.