[uzername]

I like this approach slightly better than what scarfjs was doing. I first ran into that with react query a few years ago. It was a chilling effect for me at least and I was glad it changed.

The idea of this being an enhanced link shortener is a good metaphor. I think if were ever encountering an image or a download that's not going through a dockerhub or GH link, I might give pause and think about it a bit.

I'm not defending enterprise usage of packages, especially somehow if it's core to the business, but I don't need anyone to come knocking either.

[aviaviavi]

> I like this approach slightly better than what scarfjs was doing. I first ran into that with react query a few years ago. It was a chilling effect for me at least and I was glad it changed.

Glad to hear you like this better, we do too. We built Scarf Gateway in a large part due to the response of the react-query community (and a handful of other projects) to scarf-js. Lots of discussion on GitHub and the Reactiflux discord provided good learnings for us: mainly that mechanisms that phone home, especially at unexpected times, were particularly unpopular. We also heard more acceptance of the idea that the registry/host platforms who already have this information could be sharing it with maintainers.

We want to support maintainers with better data in a way that best suits the OSS community and respects privacy. And so we went back to the drawing board, and Scarf Gateway is the result!

Still, I understand you may still have remaining hesitations here anyway with Scarf-powered download links. Are there any specific privacy concerns we can mitigate?