☝️ Important announcement: Greenkeeper will be saying goodbye 👋 and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io

The devDependency standard was updated from 14.3.1 to 14.3.2.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

standard is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Saw a great recommendation from @iarna on the package.community Discord channel which I just joined.

Decentralized contribution info or no, I'd like npx thanks to point folks where to learn about how to add themselves. So it's less of a "cool kids" thing

Totally agree. I was planning to add this but forgot to do it.

The dependency ora was updated from 4.0.2 to 4.0.3.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

ora is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

🚨 Reminder! Less than one month left to migrate your repositories over to Snyk before Greenkeeper says goodbye on June 3rd! 💜 🚚💨 💚

Find out how to migrate to Snyk at greenkeeper.io

The dependency got was updated from 11.1.3 to 11.1.4.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

got is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

This is an awesome idea and I hope many deserving projects/developers can receive some well earned funding as a result.

One thing that comes to mind is that funds will largely be travelling in a closed circuit between developers, most of whom are likely to pay out of pocket rather than try to convince their employers to pay up.

Now that there's a central location to register funding needs and highlight what could be thought of as a "social injustice", I can't help but wonder whether it's worth utilising some of the same affirmative action techniques used by those claiming to fight social injustices in others areas. The techniques are highly effective in bringing about change even when particular types of injustice have no supporting evidence - and in some cases the evidence is contradictory to the claims.

Underfunding of OSS is backed by evidence and causes measurable harm to both the projects themselves and the companies using the projects (as we're periodically reminded by catastrophes such as Heartbleed).

Is it worth brainstorming ways to extend this particular project into a wider movement that leads to the kind of social changes necessary to properly fund OSS development? If certain groups can make enough noise that even misinformation leads to dramatic societal changes and a viral sense of obligation why can't and why shouldn't the open source community do the same?

𝄢 npx thanks
💜  Fetching package maintainers from npm...(node:50314) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 3): Error: 404 Not Found: latest

We have some dependencies like "nion": "github:patreon/nion#c976b369d75892ef39b3f9eb48fed1c6b6a50d0f", in our codebase, and it tries to look them up on npm using the package name, even if they are not hosted on npm.

This could be fixed by either: detecting that it's a github package OR by handling npm 404s without crashing out.

awesome idea, thanks @feross !

Originally reported here: #50 (comment)

✖ Error: path must be a string or Buffer

Found a bug? Open an issue at https://github.com/feross/thanks

TypeError: path must be a string or Buffer
    at fs.readFile (fs.js:358:11)
    at P (/Users/feross/code/thanks/node_modules/pify/index.js:49:6)
    at new Promise (<anonymous>)
    at /Users/feross/code/thanks/node_modules/pify/index.js:11:9
    at ret (/Users/feross/code/thanks/node_modules/pify/index.js:72:32)
    at readDirectPkgNames (/Users/feross/code/thanks/src/cmd.js:392:24)
    at <anonymous>

$ npx thanks
Error: Cannot read property 'map' of undefined

This line:

See https://twitter.com/drewml/status/961751205272842241

@hughsk, your link (http://hughsk.io/donate/) is down.
You may update it if you are willing to continue to use thanks.

🚨 Reminder! Less than one month left to migrate your repositories over to Snyk before Greenkeeper says goodbye on June 3rd! 💜 🚚💨 💚

Find out how to migrate to Snyk at greenkeeper.io

The dependency open was updated from 7.0.3 to 7.0.4.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

open is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

I have some ~/bin scripts with node shebang and was wondering how to list those --global packages I use.

npm list --global vs thanks --global

I have node installed via nvm, so I tried manually going to node_modules directory. Unfortunately, it does not seem like npm maintains package.json for --globally installed packages and thanks hangs forever in case that file is missing:

$ cd .nvm/versions/node/v8.9.4/lib/node_modules
$ thanks
💙  Reading direct dependencies from metadata in package.json...(node:31267) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 2): TypeError: path must be a string or Buffer
(node:31267) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
💛  Reading direct dependencies from metadata in package.json...^C⏎ 

Hey,

I was thinking with all the discussion around how we can move the donation info to the package.json in #2 I was thinking the next logical step would be to move this behaviour from its own npm package into core npm.

Thoughts?

Jonathan

Trying to run this for the https://github.com/electron/update-electron-app project, I got an error:

~/git/electron/update-electron-app master
$ npx thanks
💜  Reading dependencies from package tree in node_modules...(node:37960) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'includes' of undefined
    at isScopedPkg (/usr/local/lib/node_modules/thanks/dist/cmd.js:205:18)
    at /usr/local/lib/node_modules/thanks/dist/cmd.js:226:21
    at Generator.next (<anonymous>)
    at step (/usr/local/lib/node_modules/thanks/dist/cmd.js:2:221)
    at _next (/usr/local/lib/node_modules/thanks/dist/cmd.js:2:409)
    at /usr/local/lib/node_modules/thanks/dist/cmd.js:2:477
    at new Promise (<anonymous>)
    at /usr/local/lib/node_modules/thanks/dist/cmd.js:2:97
    at _fetchPkg (/usr/local/lib/node_modules/thanks/dist/cmd.js:242:24)
    at fetchPkg (/usr/local/lib/node_modules/thanks/dist/cmd.js:220:24)
(node:37960) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 7)
(node:37960) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

$ node -v
v8.11.1

$ cat package.json | json dependencies
{
  "electron-is-dev": "^0.3.0",
  "github-url-to-object": "^4.0.4",
  "is-url": "^1.2.4",
  "ms": "^2.1.1"
}

$ cat package.json | json devDependencies
{
  "jest": "^22.4.3",
  "standard": "^11.0.1",
  "standard-markdown": "^4.0.2",
  "travis-deploy-once": "^4.4.1",
  "semantic-release": "^15.1.7"
}
```

GitHub is rolling out their sponsors program.

Adding a check with github's api to see if found developers have sponsorships enabled would save them having to know about this project.

If the idea appeals, I might look into implementing it in the near future.

☝️ Important announcement: Greenkeeper will be saying goodbye 👋 and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io

The dependency minimist was updated from 1.2.0 to 1.2.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

minimist is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Via @noffle's suggestion here: https://twitter.com/noffle/status/961785877524398080

The devDependency standard was updated from 13.0.0 to 13.0.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

standard is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hi! @feross I have reviewed and appreciate your repo. I wanted to design a logo for this repository which is popular enough. I designed a powerful idea in a minimalist way. I hope you like it. I'd be happy to send a pr if you want to use it. What do you think? I will wait for feedback. Have a nice day!

Readme view;

The dependency open was updated from 7.0.0 to 7.0.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

open is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Feel free to close it if this tool is only made for the maintainers and projects listed in https://github.com/feross/thanks/blob/master/index.js

The feature request is to support "thanks": "url" field in package.json so that all packages with this field set can be displayed in the thanks table. 😄

This is more involved, but it'd be cool if all contributors to a project got pulled in as well as the last npm publisher!

Prompted by #2, but since this suggestion should probably not be the primary means of determining a payment URL (favouring something explicit in package.json would be better in my opinion) I've moved it to this issue to avoid adding noise to #2.

In the wild there's a microformat to make payment URIs discoverable within a webpage. The gist is that any link or anchor with a rel="payment" contains a payment href (and ideally also a title attribute to describe it) which resolves to a means to donate. I've made a scraper for these in this module (only checks HTTPS pages by default).

The package file contains a couple of opportunities to use this. The homepage field would be useful for project-level donations, and author info which includes a URL could be used for personal donations.

Pending the outcome of #2, and if you think it's an idea worth persuing, I'd be happy to open a pull request.

I'm looking at the output of thanks and trying to decide how to allocate monetary donations to the individuals, teams, and organizations on the list:

Author                Where to Donate                                                    Dependencies
sindresorhus          patreon.com/sindresorhus                                           del, supports-color, strip-ansi, ansi-regex, camelcase, chalk + 137 more
hzoo                  patreon.com/henryzhu                                               @babel/core, @babel/preset-env, @babel/types, @babel/parser + 64 more
feross                patreon.com/feross                                                 browserify, standard, resolve, safe-buffer, is-buffer, util, buffer + 29 more
thlorenz              patreon.com/thlorenz                                               browserify, resolve, util, convert-source-map, readdirp, deep-is + 21 more
hughsk                hughsk.io/donate                                                   browserify, flat, resolve, util, component-emitter, is-typedarray + 20 more
yoshuawuyts           patreon.com/yoshuawuyts                                            browserify, standard, resolve, util, path-browserify, vm-browserify + 17 more
balupton              balupton.com/donate                                                browserify, resolve, util, path-browserify, vm-browserify, assert + 16 more
lukechilds            blockchair.com/bitcoin/address/1LukeQU5jwebXbMLDVydeH4vFSobRV9rkj  browserify, resolve, util, assert, module-deps, stream-splicer + 2 more
zeke                  zeke.sikelianos.com/donations                                      browser-date-formatter, check-for-leaks, count-array-values, hubdown + 4 more
juliangruber          patreon.com/juliangruber                                           isarray, balanced-match, component-emitter, brace-expansion + 3 more
gr2m                  railsgirlssummerofcode.org/campaign                                @octokit/rest, before-after-hook, universal-user-agent + 4 more
nzakas                paypal.me/nczonline                                                globals, doctrine, eslint-scope, estraverse, eslint, espree + 1 more
marijn                patreon.com/marijn                                                 acorn, acorn-walk
typicode              patreon.com/typicode                                               husky, please-upgrade-node
shellscape            patreon.com/shellscape                                             csv-parser
bevryme               bevry.me/donate                                                    domain-browser
olstenlarck           paypal.me/tunnckoCore                                              formidable
andrewnez             en.liberapay.com/andrew                                            node-sass-middleware
hueniverse            patreon.com/eranhammer                                             qs
jayphelps             patreon.com/jayphelps                                              symbol-observable
babel (organization)  opencollective.com/babel                                           @babel/core, @babel/preset-env, @babel/types, @babel/parser + 62 more
jest (organization)   opencollective.com/jest                                            @jest/types, @jest/test-result, @jest/fake-timers, @jest/transform + 5 more
debug (team)          opencollective.com/debug                                           debug
vfile (team)          opencollective.com/unified                                         vfile
cheerio (team)        opencollective.com/cheerio                                         cheerio
unified (team)        opencollective.com/unified                                         unified
sinon (team)          opencollective.com/sinon                                           sinon
nodemon (team)        opencollective.com/nodemon                                         nodemon
remark (team)         opencollective.com/unified                                         remark
preact (team)         opencollective.com/preact                                          preact

thanks already highlights the direct dependencies (displayed here in green) which is pretty helpful:

Looking at the output of thanks, I recognize many of the package names because I explicitly installed them. But others I don't recognize by name. For example:

preact (team)         opencollective.com/preact  

I didn't know we were using preact!?

$ npm ls preact
└─┬ [email protected]
  ├── [email protected] 
  └─┬ [email protected]
    └── [email protected]  deduped

Ah I see it's a dependency of our Algolia search client. Knowing where that dependency came from is useful.

I'm wondering if there's a way that thanks could display npm ls-style hierarchy in its output.

Some part of me wants to know who's maintaining our more direct dependencies. That seems more personal to me. Like one degree of separation. But maybe the degree of separation doesn't actually matter? Should all dependencies, no matter how many levels deep, be treated with equal regard when it comes to dividing and disbursing "thanks"? 🤔

It happens for thanks global install and npx thanks run:

TypeError: Cannot read property 'includes' of undefined
    at isScopedPkg (/home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:205:18)
    at /home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:227:21
    at Generator.next (<anonymous>)
    at step (/home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:2:221)
    at _next (/home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:2:409)
    at /home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:2:477
    at new Promise (<anonymous>)
    at /home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:2:97
    at _fetchPkg (/home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:243:24)
    at fetchPkg (/home/adam/.npm-global/lib/node_modules/thanks/dist/cmd.js:220:24)

The dependency open was updated from 6.0.0 to 6.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

open is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

The dependency read-package-tree was updated from 5.2.2 to 5.3.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

read-package-tree is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Awesome project (and nice re-use of the name thanks)!

Now that it's getting so popular, it might be hard to scale the set of donation links since you would have to keep merging PRs every day. Instead, maybe it makes sense to also check packages for a donation field in their package.json, which would just contain the URL.

I'm not sure how you would do author links this way though.

Hi,

Amazing library, would be nice if the command line were asking if we want to star the repositories, enter a github token and then perform the action !

Regards

The dependency term-size was updated from 2.1.0 to 2.1.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

term-size is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

The dependency pkg-up was updated from 3.0.1 to 3.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

pkg-up is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Hey! Firstly, this is a great idea, thanks for doing it!

I was looking at index.js and it all seems to be individuals listed there. Is this intentional or just a coincidence?

I'm wondering if it's worth adding projects here that have a shared Patreon for the project itself.

Thanks again!

I see Pull Requests to thanks are not merged for a while. Can I help?

As the creator and maintainer of BackYourStack, I have some experience in the field and I can work on some data exchanges between the projects. I already issued a PR but had no feedback: #115

I would like to propose my help maintaining the project: update data, merge PRs, review dead links, issue new versions.

The dependency registry-auth-token was updated from 4.0.0 to 4.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

registry-auth-token is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Hi there !

This project reminds me of https://github.com/symfony/thanks . Was it inspired from it ? If so it should thank it !

Great job bringing thanks to the npm world !

You're not responding to any of PRs a couple of months already.

As I mentioned in #119 many links are 404 and it will be even worse with time.

If you don't have time to maintain this repo, consider archiving it

When you archive a repository, you are letting people know that a project is no longer actively maintained.

The dependency pkg-dir was updated from 4.1.0 to 4.2.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

pkg-dir is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

@feross, while you are doing great work to ease financial support for us, open source developers, I spend weeks, reviving a "dead" dependency in one of your major projects: webtorrent-desktop.

I send you pull request (webtorrent/webtorrent-desktop#1240) in September 2017, replacing the module. Which has been ignored since then.

In the mean time webtorrent-desktop reached the point where old musicmetadata is actually causing an error, preventing audio files to be played (webtorrent/webtorrent-desktop#1320).

I won't sign up for any financial contribution, but I would appreciate if you ensure my contribution, and the contribution of other brave developers, is no longer ignored.

🙌 Thanks! ✨

The dependency ora was updated from 3.2.0 to 3.3.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

ora is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

A string transformer that does not replace or escape all occurrences of a meta-character may be ineffective.

root/bin/cmd.js

`${registryUrl()}${pkgName.replace('/', '%2F')}`
This replaces only the first occurrence of '/'.

https://lgtm.com/projects/g/feross/thanks/alerts/?mode=tree&ruleFocus=1506222917439

Just posted this to @producthunt to get it in front of makers who use OSS in their products. ✨

Check it out and consider leaving an upvote: https://www.producthunt.com/posts/thanks ❤️