204 comments

[ 3.0 ms ] story [ 227 ms ] thread
I’d love too but I dislike using payment processors as middlemen for online transactions! I see you’re using Stripe which is one of the worst processors because they opaquely block all sorts of transactions. It would be great to use a system like this to promote and fund open source projects and fuel cottage industry without having to include megacorporations. Make a mail cash option for people who don’t want to show their papers to a payment processor!
thanks for the feedback & you raise a valid point, we'd love to look at additional payment options :)
Thought about this in a conceptual way some years ago [1] and the best option seems to be to let the developers decide how they want to be paid, i.e. have a `thanks.dev` file in the tree of the package with JSON-like data, e.g.

  "payment": "iban", "data": "IBANCODE"` or 
  "payment": "link", "data": "https://..." or
  "payment": "cryptoCoin", "data": "0xb3..." and so forth.
Of course, the problem is there are many different ways of giving thanks, so a protocol is required, that's the hard part actually in this space, standardization.

[1] https://github.com/ly3xqhl8g9/delicense

The best case is that this works.

The worst case here is a lot of fraud for the people who shared their details.

Why would there be fraud? The IBAN/payment link/crypto wallet/etc. is only one way: anyone can deposit, only one can withdraw. Everyone knows the IBAN for donating to Greenpeace, but only one can sue them [1]. As for the file itself, not being changed by a third party, the distributing program can check hashes of current payment method vs. previous and notify accordingly.

[1] https://www.greenpeace.org.uk/news/succession-greg-sue-green...

https://www.theguardian.com/money/2008/jan/07/personalfinanc...

these things are still possible, you don't even have to know as much detail as this person gave out

Funny, but that seems more of a mistake on the bank side, and given that the article is from 2008, I am not surprised. Lots of things went wrong in 2008 on the banks side. Nevertheless, in principle, having a public IBAN is harmless.
> Make a mail cash option for people who don’t want to show their papers to a payment processor!

Consider using Monero for such a purpose. I've gotten paid in Monero. It pretty much just works.

At first I thought "Oh another Patreon/Open Collective" but actually this is kinda neat in how it works.

Slightly offtopic, but every month when my Patreon donations get processed Patreon sends me this STUPID email with "Tweet your receipt!" Honestly, it's so pathetic. It's like giving food to a homeless person while filming it so I can post it on Twitter.

Yes I realise it's an option and I don't have to (nor do I) click it.

Love this! Hope it will take off.

"Webpack receives close to $200k in funding per year via OpenCollective but its direct dependencies receive minuscule amounts of funding, and there are 80+ of them."

thanks for the support, let's hope we find the source code for open source success! :)
First emoji I have seen on HN. I thought it was not possible to use.
(comment deleted)
That's probably because it's an ASCII symbol[0] ♥

Emojis are Unicode, not ASCII (I think, not an expert myself).

We should also be able to use arrows ⇒, the trademark symbol ™, whatever this is ∴, or maybe this ℜ.

But we can test it, maybe HN supports Unicode Emojis but nobody is using them...

EDIT: I was listing some Unicode Emojis here, but you were correct, they were removed after posting. At least the ASCII symbols show up :)

[0]https://www.ascii-code.com/html-symbol

We're trying to do this @ NimbusWS, but the corporate way.

Excuse the crappy looking site (been busy trying to actually deliver all the shit on that page), but I believe that F/OSS can be sustainable:

https://nimbusws.com/#sustainability

All it takes is contributing a small % of revenue back. I'm not decided that 10%-30% will be the final # (can a business give that much and still compete?), but then also some of me feels that it should actually flip at some point (30% for nimbus, 70% for F/OSS project) if most of the value is actually the F/OSS project (i.e. the project is so high quality that all we do is mostly run it and upgrade it happily).

Right now only the Redis service is available (object storage is coming soon (tm)), but kick the tires:

https://nimbusws.com/app (register @ the bottom!)

One thing we haven't figured out is how to pay library authors. dunno what to do, but early idea is some % contribution and letting people calculate allotment (ex. 5% of your 20% revenue donation must go to libs, but you pick which libs you depend on get the most).

Much admiration for your stance on giving back.

Much confusion that this domain isn't for the Nimbus weather station.

Ah, the cloud! Is there anything it can't do?

> Much admiration for your stance on giving back.

Thanks for the kind words -- I do have to make it real, and make sustainable profit first before my aims mean anything, but at least I think I'm pointing in the right direction.

> Much confusion that this domain isn't for the Nimbus weather station. > Ah, the cloud! Is there anything it can't do?

Well looks like there might be a name change in the future... That might be a legitimate confusion point.

TIL of the nimbus weather station: https://www.rainbird.com/golf/nimbusii

It's like a Bloomberg Terminal for weather...?

Concerning soending, open-source contributors are not employees. They do contribute to business, but wouldn’t do what you need if you needed it, like fixing vulnerabilities. There should be the same difference as between standard on-the-shelf products and custom products made for the industry, that fit a particular purpose.
> Concerning soending, open-source contributors are not employees. They do contribute to business, but wouldn’t do what you need if you needed it, like fixing vulnerabilities.

I agree, there's value being brought by both sides of this equation -- F/OSS developers for building something valuable, and Nimbus for providing it, making fixes/upstream contributions when necessary, etc.

The problem with the current state of things is that the value capture is ~0% for F/OSS projects. Maybe 15%-30% is too high, but it needs to be appreciably above 0% for F/OSS to flourish.

> There should be the same difference as between standard on-the-shelf products and custom products made for the industry, that fit a particular purpose.

Would you mind expanding on this? Are you advocating for open core? It's not that I want to provide an enterprise version of 10/100ss of software -- more that I think there's value in them as a service (use Postgres, but avoid getting a degree in Postges administration).

The idea is to do just enough hacking that makes the service more reliable and sustainable to run without manual ops burden -- that's the differentiator for Nimbus (along with know-how).

I really want someone to succeed at this and I like the approach but you need to run not walk to making it usable without private source code access. That’s a non-starter.
Absolutely fair point & this is something we're working on to open source. If you'd like to join the community feel free to join our discord https://discord.gg/fQGqvQdWxq For context sponsorships & donations have tax implications in different geographic & implications for our community. We're working to get better clarity on these points with our beta users.
So it looks like the idea is it goes through your GitHub dependencies, and splits your donation up among them.

That’s a pretty neat idea.

I wonder if it would be possible or even desirable to try and get some automatic measure of “how much” you depend on a given project, to weigh the split. Probably that would be really difficult to capture. Anyway the current idea is already pretty cool.

Not automatic, but it already supports a measure of "how much" you depend on a project: boosting. You can boost dependencies up or down by up to a factor of 20 (e^3).

The formula is explained in https://thanks.dev/static/how.

I've been working on this idea (https://www.jvt.me/posts/2022/06/01/idea-supply-chain-moneti...) recently as part of https://dmd.tanna.dev where you can get a meaningful idea of how much your projects use different dependencies, such that you'd be able to feed in a more meaningful weighting of "how much I use that dependency"
Regarding the post generally, using the problem of “how should I re-distribute my donations” to help solve the problem of “am I actually willing to be part of your software supply chain or am I just a hobbyist project, good luck using my code” seems like a nice way of hitting two birds with one stone.
This finally feels like a solution to a problem we all knew we had.
thanks for the validation, it means a lot to us.
Neat idea. Would it be useful to let folks analyze a repository without signing up? I'm thinking a user may want to scan a large repository and get a report (top X sponsor-enabled dependencies). This might be useful data to present during funding discussions.
I'm more than happy to help, just connect with me on https://discord.gg/fQGqvQdWxq we're currently doing this for a few presentations. It just depends on the ecosystem that specific org is managed under.
Nice idea. Like a personalized vanguard index for open source donations.

If this takes off people will be inventivized to make lots of small dependencies that are likely to be needed in tier 1 (or tier 2).

The trick will be to find a bug in a first dep of webpack for example, fork it and fix some bugs there then convince webpack to switch to you.

Algorithmic decisions can be gamed.

I suggest instead the app lists the deps, and you choose how much to give each one.

You're absolutely right. When you login you can actually see a list of dependencies & make your own adjustments. While thanks.dev makes a recommendation based on what's analysed, sponsors are able to boost or exclude beyond our recommendations. It's not perfect & has a lot of room to improve but we hope it's a good starting point :)
Thanks quickthrower2!

Re gaming the system you're totally right. Although slightly unintuitive, we've also heard the opposite from maintainers. That they'll be motivated to remove the silly one line packages from their dependency trees due to the imbalance of value they provide vs extract.

We also prune self dependencies, circular dependencies and a few other cases to keep things level. Hopefully we'll be at a stage to open source our codebase soon and can better leverage community feedback in this space :)

This is a great idea! Now I can finally pick a contribution level and have it automatically donate to my favorite projects.

Thanks for building this!

Thanks for your kind words and trying it out @djaouen! Please don't hesitate to ping me if you need anything (email in profile).
Genius idea. I try to donate to open source software I've used for long time, especially if I cannot contribute any code back. This site seems to automate the process of finding out which dependencies of your software are accepting donations.

Unfortunately, I cannot use this right now, because Maven dependencies can't seem to be found, and neither can Cargo dependencies. I decided to test it with an app that uses a mix of ClojureScript and Rust. There is a shadow-cljs.edn file at the root level of the folder, but those dependencies are not picked up. Neither are stuff in a package-lock.json. There is a Cargo.lock file in a subfolder, but that does not seem to be scanned either.

However, I am able to verify there exist dependencies, in each of these files, that are actively seeking for funding and use GitHub sponsors.

Hi Koito17 Thanks for trying it out! Are you able to ping me your github handle so I can get to the bottom of it (email in profile).

Alternatively, for multi-project repos you can add a thanks.yaml file to the root of the repo with a `maxDepth: 2` value inside it. Unfortunately, deep scanning the entire repo looking for files would be prohibitive due to GH rate limiting hence this approach.

Please keep me posted. I'm also available on Discord if you need anything.

Hi. First of all, thanks for the quick response, and more importantly, working on this cool idea!

I see on the website that CLJS isn't supported; that's fine. But the NPM dependencies not being detected does intrigue me. I'm going to follow up with you on Discord if that's fine

It's still early for GitHub's Sponsor feature but I'm a bit surprised this is not part of it already.

- They already understand what kind of code base it is and already do dependency scanning for security issues

- They have payment details

- They have the "verified" payment method of a person / project (If sponsoring is enabled)

I can't say much about Github but I can say that we're working to open source our project ;)
The UI imposes a 5% minimum (and 15% default) value for "Tip thanks.dev" under "How much would you like to donate each month?" on https://thanks.dev/settings

This implementation is clearly for-profit. I want to directly tip open source projects using a system that doesn't involve other third parties taking a significant cut.

Absolutely appreciate & respect your perspective. We're passionate about making open source sustainable & understand that there can be multiple ways of achieving this goal. The more ways money is channeled to the community the better...
I think it would be easier to defend taking a cut if the cut was calculated in the same way as for the dependencies, e.g. next.dev being automatically added to the list.
Obviously I meant to write thanks.dev
Maybe 5% is the wrong number, but how do you expect the lights to stay on?
They could give the ability to sponsor their own service with donations in the exact same way they do it for third party FOSS projects.
They're trying to solve the problem, not add to it.
If their solution is good, it should also be applicable to them
The difference being that this service has real tangible costs such as card fees for every transaction. That's not really comparable with "it would be nice to be paid for my time" when pushing your code to GitHub. I haven't used the site but it seems reasonable that one solution won't apply to all kinds of projects.
They could break out the transactions explicitly. That would help reduce the feeling that they're taking more than their share, if they're not doing that.
They could also sing a song, do a little dance and tweet a word of praise for your generosity.

At some point the dance isn't worth the peanut.

Well, if they're there to secure a good chunk of peanuts for themselves, for being the intermediator, many would find this shady and wont want to deal with them.

Sorry, someone donating $10,000 to their favorite FOSS doesn't want an intermediator to take in $500 just for making the transaction.

Even more so when the actual transaction infrastructure is not going to be their's anyway, but some banks or Stripe or whatever.

> Sorry, someone donating $10,000 to their favorite FOSS doesn't want an intermediator to take in $500 just for making the transaction.

This phrasing is just inappropriate, and the situation you cite is an extreme.

> many would find this shady and wont want to deal with them

What's the point of armchair prognostication? We'll find out, and their pricing isn't fixed in stone?

humble bundle suggests a tip and sliders with a 3 part system : what goes to the dev, what goes to charity, what goes to humble bundle.

Nothing stops you there to put 100% into one of those and 0% on the others.

That seems to be different from this article[0]:

> Thanks.dev presently supports itself through a voluntary tip percentage that, if more than zero, gets deducted from donation amounts along with a Stripe payment processing fee prior to distribution.

I also think they should allow manual addition of projects. E.g. I use Syncthing but that won't be found in my Github/Gitlab scans. I can donate via Github too but would be easier if I can have one place to control all such donations.

[0]: https://www.theregister.com/2023/04/07/thanksdev_open_source...

Thanks for the feedback & suggestion. This is something we’d love to incorporate in our roadmap.
The irony of "someone should build something for free" when complaining about a donation system for helping open source projects get paid for their work.
Why would this be irony? If anything it's irony that they're offering a for profit service to facilitate donations vs adding themselves as a donor recipient on their platform.
No, the idea of having a simple payments system for open source devs to use to get paid for their "free" software should be "free". Let the merit of the software dictate. That's the whole point of open source. To build things freely and openly to make the best possible software that we (humans) can make. We should also expect the same in the tools we rely on to do that work. It's not a hard ask. It's a philosophy of not wanting a corporation to own the keys and profit from others work. Stripe already takes 2.9%+. I don't want someone else taking 10%-30%. Then I have to give the government 30%.
> the idea of having a simple payments system for open source devs

A payment system is never simple and if it's more than a standardized "funding.txt" format it will have running costs and someone has to cover these. How much this system should charge is debatable, but it should probably be higher than 0%.

> Let the merit of the software dictate

What does this mean? Using this service is letting the merits dictate. It doesn't stop anyone building a competitor.

> To build things freely and openly to make the best possible software that we (humans) can make.

This only works in a system where humans do not need money to live. This is not our system. In a capitalist system, for better or for worse, if you don't own a means of production you must work to get money because you need money to live.

We should recognize the value of work, and if it is useful, pay for it. It is only normal in such a system. I wish we were in a commons-based society, that all resources and production would be decided by workers in quantity and distributed based on needs, but that's not our system.

It works exceedingly well in our current system.

The problem comes from people believing they should be paid for willingly giving away the fruits of their labor.

I only use FLOSS and don’t feel I’m missing out at all.

Have you not read the too many stories of open source developers struggling to make ends meet ? Of the gpg guy saying he might give up because it's just too much ? Of all the devs on the edge of burnout because of all the stress and the demands of people not here for participating but only for their own service ? Of the very article we're talking about ?

I would love to live in a system where everyone is actually free to do whatever they want with their time, all day long, all year long, but that's not where we live today. What kind of people has enough time and energy to devote hours of their lives to something that is not their primary way of earning money ?

I too use only FLOSS, and only put out project under copyleft licenses, but that doesn't mean I'm blind to the structures in which we live in.

The "free" in FOSS is about being able to use the software as you see fit, without restrictions. Not that you don't have to pay a dime. Sure in practice the software is usually "free as in beer" but that's a side-effect, not a goal (or guarantee).
I'm aware what the "free" in FOSS is.
That seems reasonable to me. I assume they are using stripe for payments, so that's already 2.9% gone to facilitate you giving money to the project.
Not to mention hosting costs :)

Sponsors have a slider that allows them to adjust their tip from 5% to 100% of their monthly donation. We figured minimum 5% would cover our compute & merchant fees but left it to the community to decide what we should get. We thought this was the most aligned approach with open source. Totally open to other ideas and suggestions though.

I think your approach is reasonable. There will always be comments from people who think everything should be "free" without considering costs.

In a perfect world, Stripe and the credit card companies could waive the fees for donations, but that is not the case.

Someone has to actually cover those fees.

Under "Why don't the sum of my individual donations total to the amount I've donated?" you list stripe processing fees as #1...

So no, if you're taking a minimum of 5%, then any reasonable person is going to assume that you've already deducted the processing fees, not covering them out of that 5%.

I don't think you're being open and honest here.

I don't see any dishonesty here. They are in fact covering the fee out of the 5%. That means they are taking less than what "reasonable" persons think in your opinion.

The text may be imprecise, but it's a long way from dishonesty. In my opinion dishonesty requires a motive, and I don't see it here. If the 5% did not include fees, it would perhaps be different.

I work for a > 100 people company where the business model is entirely based on donations. We are using stripe for payment and it costs us money, but you can still use our service freely if you want to.

I agree it is not simple, but it proves it is doable.

https://thanks.dev/faq says:

  What are your fees?
  Tips at time of donation. You decide.
If payment is required to use a service then that payment is not a "tip" - it is a "fee". Anything over the required payment would be a "tip". This FAQ answer implies that the required payment is zero, which, it turns out, is false.

There is absolutely nothing wrong with charging a fee for a service, but there is something wrong with lying about it.

How do you suggest we can better word/explain it?
"We charge a 5% minimum fee on each payment. If you like what we do, you have the option of leaving a tip."
Actioned. Thank you helpfulclippy! :)
You're right @fmx. Have now updated the FAQ per helpfulclippy's suggestion. Thanks for pointing this out!
> There is absolutely nothing wrong with charging a fee for a service

Agreed, but percentage-based fees can quickly become an unfairly large part of payments. I love the idea of this project, but I'd prefer there to be a 5% or X dollars minimum, so that if 5% is more than X dollars, then it doesn't force 5% minimum. If I'm donating $500 to 45 projects, then each project on an even split is getting $11, but thanks.dev is getting $25 even though their service isn't actually in use by my app/service. Seems unfair to me.

My guess is that more than half of that $25 goes to the payment provider (Stripe etc.). Maybe more.

The remaining ~$10 will go to thaks.dev to cover operational costs, administration and other expenses.

I don't expect them to work for free. If you think it's unfair, contact the developers directly to see if you can wire them money (to avoid PayPal fees). If it's too much work, you can pay services like thanks.dev that does the work for you.

Then they should call it what it is: A fee (to cover operational expenses). It's still not honest to call it a tip.

(And now I'm realizing that American tipping culture may be playing in to differing expectations here...)

EDIT: I see they have now updated their wording.

Why on earth would you think that a payment provider is taking 50%? They take ~3% + 30 cents

It's literally public information

Please take more time to read the context. If you read the post that I replied to instead of jumping to conclusions, you will find that you are incorrect

$25 refers to the 5% fee of the total amount ($500) that the site takes. I said that more than half of that fee is used to pay Stripe.

(comment deleted)
> half of that $25 goes to the payment provider (Stripe etc.)

Surely they are not making a transaction for every patron/maintainer combination, but rather batching the payments.

Otherwise yes this is a Stripe charity :)

Try this perspective: As an open source dev, I don't mind taking them 5% of the donation I recieve from their platform.
For every OpenSource project I donate to, I check, whether they provide a SEPA IBAN, then I just set up a monthly transfer of a small amount that I can afford instead of a bigger single donation. Whenever possible, I try to avoid any instances in-between which take some % of the cake.
The service also completely blocks VPN users with a 403. That seems like blocking a pretty good chunk of your target audience to me. I will absolutely be looking elsewhere to support projects I benefit from.
We don’t intentionally block anyone but we’re looking to see what could be the problem. Thanks for letting us know.
Jumping on the top comment, something bothers me about this thread.

I'm seeing comments from two separate accounts, but when you look at their about, they seem to be the same person:

https://news.ycombinator.com/user?id=qwerki https://news.ycombinator.com/user?id=armini

My Name is Armin Nehzat (aka armini), my brother is Ali Nehzat (aka qwerki). Feel free to also look us up on linkedin if that helps. Here's a podcast of my brother talking about how he started the project https://podcast.sustainoss.org/148
Donations are not a perfect mechanism, there's significant friction.

tea.xyz will not have fees once it goes live with its funding protocol for open-source software.

There is some overhead in collecting money. When you use a charge card a small percentage goes to the credit card and processing companies.

There are some gas stations in Massachusetts that have a slightly lower cash price because they don’t have to pay that fees and pass along the savings. Most businesses nowadays just fold that fee into the price.

If they are upfront about how much I’m ok with it. Otherwise you can send a check, but no one is using that option.

Came across this platform before that takes no commission and depend solely on donation.

https://en.liberapay.com/

The platform itself is also a project on the platform, where the donation happens

https://en.liberapay.com/Liberapay

Lp is refreshingly absent of bullshit. It's a very simple website that does donations, and donations well.

GitHub sponsors isn't too bad, they take a 3% cut (and the CC takes another 3%). But you're effectively donating to Microsoft, which feels icky.

How do I convince the management that it's worth spending a fraction of what 1 developer costs to give back to OSS?
Make it as organized/structured as possible. Go through the social initiatives arm of the firm, if they are big enough to have one. To them "our social responsibility initiatives" or "open source community contributions" sounds better and webpage-worthy than "we pay project X, Y and Z" (even though that is basically what it boils down to).

On the other hand, for a smaller firm, this might probably be just a one-to-one talk/convincing an executive. If you can't convince one, try another. If you can't convince any, take it as a flag with the color of your choosing.

I've thought about exact same thing for a long time. Except instead of just analyzing dependency list, create plugin for vscode/npm/etc and analyze how much each dependency is really used by you. Great that somebody finally built tool like that, good luck!
I just started using GitHub Sponsor for some repos. How is this different?
Hi Animesh! The biggest difference would be that TD answers both "who should I sponsor AND how much?". It continually calculates the weight of each dependency in your codebase and distributes your monthly budget accordingly.

The next biggest difference is that it distributes micro-payments up to 3 levels deep into the dependency tree. We've noticed majority of people sponsor the top of mind projects, but the deep nested dependencies don't get any love. This automated approach should fix that.

Don't hesitate to ping me if you have any other questions please (email in profile).

Thank you for the clarification. I will consider it in a near future.
Plot twist: This was the endgame of all those 1000s of trivial npm packages.
Why Array.isArray() when you can require("isarray").isArray()? (Node.js 0.10.0, Fx 4.0)

deep-equal has 43 packages (& 17m weekly downloads) that are mostly (is|has)-* packages or redundant wrappers like for-each and object-keys (https://npmgraph.js.org/?q=deep-equal) and you’ll find this package included in a lot of upstream libraries. Ask for a banana and get a gorilla and forest... Luckily many have moved to fast-deep-equal (0 dependencies), but there are a lot of other examples of this sort of thing.

I created openlist.dev, where developers could add small banners of products they love to their GitHub profiles and get paid if users click the banner. Looking for companies to become early users
The dependencies(open source libraries) will figure out a way to game the system. I don't know how but maybe someone will try.
More money in the ecosystem will naturally create more competition but I’m sure the community will adapt & evolve accordingly. There’s no shortage of smart people in this space.
I'm on the receiving end of donations from sourcegraph using this. It's around $10 per month from that single donation and is for the only Go HTML santizer, which you use when you have user generated / untrusted input that you need to display as HTML. https://github.com/microcosm-cc/bluemonday

For me the library has been good enough for my own use for a very very long time. I mostly neglect it unless there's some critical issue (which there hasn't been for a very long time — but clearly infosec world knows this lib exists as when I do make changes with crap commit messages I get emails asking what the implications are). I don't improve it at all as my time is better spent on my day job.

I've often thought that there's room for improvement such as a DOM style sanitizer to validate HTML input rather than just a SAX style sanitizer, perhaps formatting of output in addition to sanitising input, transformation rules to allow a safe embedly type thing, etc.

When I got the initial donation I was surprised, first ever bit of support for open source software I'd written (as this was not written on company dime).

Even at $10 per month it is motivating enough to think someone values it. If it accrues into something significant then I may actually feel motivated to improve it rather than just support it.

Interesting is that I'd regard this OSS lib as successful by usage as sourcegraph says 803 projects use it — but given that a fair number of those are things like Hugo which in turn have thousands of forks and many more thousands of instances of use, well it does appear that this sanitizer is to safe HTML in Go what https://xkcd.com/2347/ illustrates. Originally it was written for my own use and it's now used by virtually everything in the Go world that makes a website.

Perhaps people don't know this and libraries like it exists though? Perhaps they import some web framework and this came with it? Well, for that awareness thank you to thanks.dev

Of the models I've seen so far for supporting individuals who create OSS code this one stands out by highlighting dependencies. Likely the solution is a blend of things... a commission type system for rare engineers and skills (i.e. https://words.filippo.io/pay-maintainers/ ) and thanks.dev for the long-tail of those who have done things and you want to use it long-term. There are also companies who create OSS software, and if you value their work and don't want what they produce to go behind Enterprise differentiation then perhaps pay for their services too.

reading this comment made my day :) thanks for your contributions to open source, the least we could do is recognise & reward you for your work. What people often forget is the people aspect of open source. I've done countless interviews with open source maintainers & you are all just awesome https://www.youtube.com/@thanks_dev it's a pleasure working with you & I love hearing your stories
I use like 50 different software heavily. Each of these has like tens of developers.

I can donate to some and rotate each month, but how about the rest, and dependencies?

Good point, using thanks.dev you can adjust to scan multiple levels into the dependency tree. That ensures you can reach as many people as possible.
I use like 50 different software heavily. Each of these has like tens of developers.

I can donate to some and rotate each month, but how about the rest, and dependencies?

There is just so much software there that seems hopeless (although there are also billions of users).

IIRC the model of thanks.dev ensures that those dependencies get some money too.
That's actually how most of my donations on Thanks come from - being a dependency of something the person donates toward.
Our take on this is that funds should distribute across the dependency tree. We currently facilitate trickling your budget 3 levels deep. https://thanks.dev/static/how covers this in more detail.
That seems like a pretty sensible way of doing things.

I wonder: will people find a way to exploit it? E.g. create a simple but useful dependency that uses 100 sub-dependencies, all by the same author? Will larger, more self-contained dependencies lose out to small ones?

Exactly. Many OSS developers work for free. Myself included (I develop some OSS software). And the way I try to be a good OSS citizen is by being constructive and supportive in various OSS communities I care about. You're not going to get my money. But you might get my time, attention, and skills. For free.

The way the OSS communities works is not money but value creation. There are all sorts of value people get out of creating things for each other. People like the recognition and appreciation they get for their work, the satisfaction they get out of doing a thing, the interactions with others, etc. Plenty of ways to get value from creating stuff for others. And sometimes people actually get paid directly or indirectly to work on a thing. It's fine. I'm not against that. Just don't expect/demand me to pay for a thing. And I won't do so either. That simple promise is why OSS works. We both end up getting some value if we work together. And we might even get paid indirectly. For example I have a consulting career and I dabble in startups. So my motives are not entirely altruistic.

Would be interesting if you could use code coverage tests to weight your donations to dependencies.
Thanks for taking the time to share this idea. We have added it to our drawing board.
What are everyone's budgets (corporate or otherwise) for paying for open source work?