Thoughts on pkg analytics with Scarf.sh

[ahmadawais]

@sindresorhus what are your thoughts on Scarf.sh? It's been helpful to figure out which companies use my packages to help with the funding. But there're growing concerns where people don't want anything like that.

What do you think about this and do you believe if there's a better alternate?

[sindresorhus]

I generally like companies trying to make open source sustainable, but adding analytics to packages doesn't sound like a good idea and would be a privacy issue, regardless of them stating it's opt-in and anonymous. People simply don't trust companies to do the right thing, for good reason. I would personally not use or depend on a package that has the Scarf package in its dependency tree.

The best alternative would be for GitHub (which owns npm) to provide anonymous aggregated stats on Node.js versions, OS versions, etc.