In terms of making money - we're thinking about paid promotion of packages: allowing maintainers (companies and individuals) to promote their packages, we found there's a big need for that. We want to limit it to a single (clearly marked) promoted package for each category.
Obviously, we would just surface the promoted package, but the package reviews, insights, and metrics are obviously untouched.
As an individual, I don't think I'd ever pay for promotion of a package unless I had moved my career to providing support for open source packages.
I can imagine companies using it as a marketing exercise for their open source efforts. That might not be a bad thing as packages backed by companies tend to be better, more mature, have better support.
However I can see this then being abused by SaaS companies using this as a way to advertise their service. i.e. they provide a package that integrates with their service, so while the package is open source they are making money on the use. I can imagine this significantly degrading the quality of packages.
Yeah, I assume the vast majority of paying maintainers would be SaaS companies (for services like monitoring or logging), API companies, infrastructure companies (DBs, etc.)
I do think the vast majority of these companies already have packages, since they need developers to integrate with their services.
Why not charge the maintainers themselves to advertise validation by your brand (once you have established that trusted brand)?
I mean, I see that you are attacking this problem from the analysis and search perspective, which is great and well needed, but there is an intersecting need for security validation and preventing malicious package updates. There is more liability that way, but imo there is greater incentive for enterprise customers and/or maintainers to pay for packages you distribute.
That's a really interesting thought, we've never thought of this direction!
Are there any successful products/companies with such business model (providing testing and certificates for money)
I think the reference examples would be certificate authorities, ratings agencies, Underwriters Laboratories, ISO9000 or SCAMPI inspectors/auditors, organic/kosher/halal/GMO-free food stamp companies etc.
Selling quality marks can be quite lucrative, but you'd definitely need to think about exactly what people buy. And definitely think hard about deep insurance.
Awesome, I'm honestly not deeply familiar with most of those industries (let alone maybe credit rating agencies), but this is definitely a model that we need to explore. Thanks!
The parent comment said it well. This could be a good backup model to work with that could serve as a pivot if it turns out that most developers, like myself, tend to be pretty good at finding a package that fits their needs, but aren't going to read through the entire package to see if it's safe or if it opens connections to some random IP address in the install script.
Some use cases where package maintainers might be willing to pay to promote their packages:
* API companies that want to promote their product, mainly newcomers to the market that look for developers' mindshare, but probably incumbents as well.
* DB and other infrastructure companies that have packages (drivers, libraries, tooling)
* SaaS companies who's users are developers (e.g. monitoring, logging, analytics)
* Some indie developers who are willing to pay a few bucks to get those first thousand users to their package and get it off the ground.
* Software development firms/agencies that build packages as a means of showcasing their expertise, use the package as a way to build reputation and get more clients
