NPM has to decide between either being a friendly place for hobbyists to explore their passions or being the backbone for a significant slice of the IT industry.

Every time someone pulls/messes with/uploads malware to NPM, people complain and blame NPM.

Every time NPM takes steps to prevent pulling/messing with/uploading malware to NPM, people complain and blame NPM.

I don't think splitting NPM will change that. Current NPM is already the "100% use at your own risk" NPM and still people complain when a piece of protestware breaks their build.

It's a bit more complicated than that. The ecosystem around node is just weird. It's not clear what role NPM wants to have.

Lots of people chase downloads on NPM. It's their validation, their youtube subscribers, or their github stars if you will. That's how they get job offers. Or at least they think they do, I don't know if it actually works. There's tons of good software there, but the signal to noise ratio is still rather low.

Given that, I'd rather get paid for including your software as a dependency to my software, boosting your downloads for a long time.

Just kidding, of course. On that last part. But it wouldn't surprise me the least if something like it actually happened. After all, you can buy stars on github just like on any other social media. And that does strange things to the social dynamics.

If you are going to put up hurdles and give us extra jobs, you need to start paying us.

Alternatively, we can accept that there will be fewer libraries because some volunteers won't do the extra work for free. Arguably there are too many libraries already so maybe a contraction in the size of the ecosystem would be a net positive.

I agree with you here, it feels like management said: "well, we have to do SOMETHING!" and this is what they chose: push more of the burden on to the developers giving away stuff for free when the burden should be on the developers and companies consuming the stuff for free.

Not looking forward to the mandatory doxxing that would probably come along if this was introduced today.

Yes! I despise how the open source and free software culture turns into just free labour for freeloading million-dollar and billion-dollar companies.

The culture made sense in the early days when it was a bunch of random nerds helping each other out and having fun. Now the freeloaders have managed to hijack it and inject themselves into it.

They also weaponise the culture against the devs by shaming them for wanting money for their software.

Many companies spend thousands of dollars every month on all sorts of things without much thought. But good luck getting a one-time $100 license fee out of them for some critical library that their whole product depends on.

Personally I'd like to see the "give stuff to them for free then beg and pray for donations" culture end.

We need to establish a balance based on the commercial value that is being provided.

For example I want licensing to be based on the size and scale of the user (non-commercial user, tiny commercial user, small business, medium business, massive enterprise).

It's absurd for a multi-million company to leech off a random dev for free.