I love these questions bc they both can be answered with some slight heuristics, and they are quite surprising!
As of January 2026, there were > 13k npm packages w/ more than 1 Million monthly downloads [1]
Answering "how many total developers does that cover" is a lot harder (more expensive, rather, as I am not going to pay for the query on Google BigQuery to answer it, not after I spent $3k by accident last time doing similar exploration in the past)
I wont try to make a SWAG about how many devs have write access across those repos, but in the npm ecosystem alone I'm comfortable saying it is an order of magnitude more than 100.
Folks saying this offer is in bad faith or not generous enough dont seem to understand how low the bar is here for rewarding maintainers.
I maintain Express.js and Lodash, as well as a number of express direct deps (as a TC member of both Express and Lodash).
OSS has been my fulltime focus for over a year (aka Im unemployed). In 2025 I made $10 from open source, in the form of an amazon gift card for fixing a bug in another random open source project (I think they have VC money).
Call it skill issue on my part, sure valid. But having a form that says “give us your email and handle, we can easily verify your contributions, and in exchange you get $200/month of value and we ask nothing of you” is the most generous gift Ive seen.
Is it enough to fix the well known power dynamics of OSS? Of course not. Is it cheap PR for Anthropic? Yes, as is every other corporate OSS fund initiative. Im not going to give them a standing ovation and a key to the city bc they cleared the extremely low bar.
My point is that, regardless of motives, from this maintainer’s perspective this is a kind offer which is respectful of me and my time. If you fall into the camp that training on OSS is stealing, I can see why youd think that this is a slap in the face. I personally do not see it that way, as my work is a conduit for me to serve millions Ill never meet, and what they do with my labor is not a personal concern. I do what I do because the process itself has value to me.
I might sign up just to stay on top of a market change that I don’t have an employer paying me to learn.
But the two concerns I have are, what happens when someone uses it to make the projects I work on again but with one design change, and it this pulling up the ladder behind us? Will someone still be able to start a project five years from now and do what you’ve done? Or come into existing projects like I have?
I dont want to misrepresent, I am not the original author of any of these projects. I am not JDD of lodash (who is still involved and part of the TC) nor TJ Holowaychuk of express.
I dont know what the future will look like, but IMO open source is the intersection of code and community (aka the squishy bits) and for that reason I dont think AI will make it obselete, not now nor in the future.
Yep, I had the same reaction. It was like. "Huh? What? Actual acknowledgement of contributions? Cannot compute." They even made the requirements just low enough for me to qualify. We'll see if I actually get the deal though but this could be the most generous thing that ever happened to me in the open source sphere. I have a tendency to fall through every possible crack so this is an actual shock to me.
Don't get me wrong, I definitely see the cynical side that Claude may potentially benefit from learning my high quality coding practices as a result of this... This is clearly also a way to source high quality training data. Maintainers of open source projects with 5K+ stars are among the most competent engineers you can find and they're not biased towards unnecessary complexity as most corporate folks are. The reason is simple; if you code for free, there is no incentive to maximize billable hours; it's the opposite. This is a real gold-mine of quality coding data. AI companies should be fighting over us.
But still, I think this is nice in either case. These days, I appreciate people using even cold calculated logic as a motivation for doing the right thing. I'm tired of people being irrational and doing the wrong thing because the wrong thing sounds more marketable to investors.
Slightly off-topic, but I wish more OSS projects and maintainers would advertise cryptocurrency donation addresses. It's probably the easiest way for end users to donate.
I have done that for years, and so far have received the equivalent of $25 (through three mBTC transactions) on my Bitcoin address, and maybe $90 through whatever the token is Brave uses (BAT?).
I still get random donations through an old PayPal email address that's listed on the same page as my bitcoin address, and that totals more like $100 (a year, not over the lifetime).
I dunno, is a free trial really a gift? Especially if the thing they're trialing is built off the data you're giving them? To be fair it does have a pretty significant monetary value (which can't be transferred..), but personally it feels a little off
I currently pay them $200/month out of my own pocket for this already, so for me it is not a free trial but subsizing my usage.
Agreed that $200 USD would be preferable (credits dont pay rent). My comment is directed at the strong words others have left about this being in bad faith on the whole. Even if it is, then their bad faith efforts are better than most.
Opinions here will vary, I wanted to share mine <3
To OPs point, whether you want to call it a gift kinda feels like splitting hairs. As is well established, most software companies have huge dependencies on OSS yet contribute very little so $1200 in free service is a pretty big step up over the fuck-all you'll get from most places.
It is a gift of six months of the service. And I don’t think being built using OSS matters here? For example, if AWS gave Linux maintainers free EC2 instances it wouldn’t feel off.
I think what you’re getting at involves more data that was scraped illegally. Like if Anthropic gave free Claude access to writers since it just lost a lawsuit related to copyrighted books, that would be kind of a slap in the face. But OSS software is not published with an expectation of payment.
You can churn this stuff out in about an hour these days though, seriously. Thats part of the problem, the asymmetry of time to create vs time to review.
If I can write 8 9k line PRs everyday and open them against open source projects, even closing them let alone engaging with them in good faith is an incredible time drain vs the time investment to create them.
We are seeing a lot more drive by PRs in well known open source projects lately. Here is how I responded to a 1k line PR most recently before closing and locking. For context, it was (IMO) a well intentioned PR. It purported to implement a grab bag of perf improvements, caching of various code paths, and a clustering feature
Edit: left out that the user got flamed by non contributors for their apparently AI generated PR and description (rude), in defense of which they did say they were using several AI tools to drive the work.
:
We have a performance working group which is the venue for discussing perf based work. Some of your ideas have come up in that venue, please go make issues there to discuss your ideas
my 2 cents on AI output: these tools are very useful, please wield them in such a way that it respects the time of the human who will be reading your output. This is the longest PR description I have ever read and it does not sound like a human wrote it, nor does it sound like a PR description. The PR also does multiple unrelated things in a single 1k line changeset, which is a nonstarter without prior discussion.
I don't doubt your intention is pure, ty for wanting to contribute.
There are norms in open source which are hard to learn from the outside, idk how to fix that, but your efforts here deviate far enough from them in what I assume is naivety that it looks like spam.
Daniel Stenberg of curl gave a talk about some of what theyve been experiencing, mostly on the security beg bounty side. A bit hyperbolic, and his opinion is clear from the title, but I think a lot of maintainers feel similarly.
The author has run into the same problem that anyone who wants to do analysis on the NPM registry runs into, there's just no good first party API for this stuff anymore.
It seems this was their first time going down this rabbit hole, so for them and anyone else, I'd urge you to use the deps.dev Google BigQuery dataset [0] for this kind of analysis. It does indeed include NPM and would have made the author's work trivial.
Drop in a lint rule to fail on skipped tests. Ive added these at a previous job after finding that tests skipped during dev sometimes slipped through review and got merged.
The 30th anniversary post has an overview of events in the game’s history (content updates, community, server upgrades) that was very interesting. Congrats on the beefy 486/100 server with 64M of RAM upgrade in ‘94!
Maybe I came into this article knowing too much about the solution, but I dont agree with commenters saying this is a poorly designed interview question. Its a blog post as well, not the format that would be presented to a candidate.
I think it has clear requirements and opportunities for nudges from the interviewer without invalidating the assessment (when someone inevitably gets tunnel vision on one particular requirement). It has plenty of ways for an interviewee to demonstrate their knowledge and solve the problem in different ways.
Ive run debounce interview questions that attempt to exercise similar competency from candidates, with layering on of requirements time allowing (leading/trailing edge, cancel, etc) and this queue form honestly feels closer to what Id expect devs to actually have built in their day to day.
Same here. I thought that this specific problem is not that uncommon. On top of my mind: say if the endpoint you're hitting is rate-limited. It doesn't even have to be an API call. I think I've probably written something with the same pattern once or twice before.
I do agree that this is quite javascript specific though.
We actually have this pattern in our codebase and, while we don’t have all the features on top, it’s a succinct enough thing to understand that also gives lots of opportunity for discussion.
I could write a solution to this pretty quickly, I’m very comfortable with callbacks in JavaScript and I’ve had to implement debouncing before. But this interviewer would then disqualify me for not using AI to write it for me. So I don’t understand what the interviewer is looking for.
I love these questions bc they both can be answered with some slight heuristics, and they are quite surprising!
As of January 2026, there were > 13k npm packages w/ more than 1 Million monthly downloads [1]
Answering "how many total developers does that cover" is a lot harder (more expensive, rather, as I am not going to pay for the query on Google BigQuery to answer it, not after I spent $3k by accident last time doing similar exploration in the past)
I wont try to make a SWAG about how many devs have write access across those repos, but in the npm ecosystem alone I'm comfortable saying it is an order of magnitude more than 100.
[1] - https://gist.github.com/jonchurch/1dd845f4d26823fce5590af1aa...
reply