Help users fund the dependencies their projects depend on

[Changaco]

• [ ] implement importing dependency lists from librairies.io
• [ ] implement trickling down a share of a user's income to dependencies (this is currently blocked by payment processor limitations)

Note: we don't have to implement both of those at the same time.

[andrew]

@Changaco you could potentially use the @librariesio API to get all the dependency information for an github repository: https://libraries.io/api

For example https://libraries.io/github/liberapay/liberapay.com#dependencies and be loaded as json here: https://libraries.io/api/github/liberapay/liberapay.com/dependencies

[Changaco]

Indeed an automated import of dependencies from libraries.io would be great. I've added that to this issue's TODO list.

[Changaco]

Other platforms now have tools to help potential donors find and fund their dependencies: OpenCollective has https://backyourstack.com/, Tidelift has https://tidelift.com/subscription/dependency-analyzer.

[arthurlutz]

And backyourstack is open source https://github.com/opencollective/backyourstack so maybe it can be modified to look for projects and teams on liberapay.

[Eisiem]

How would it work? A project would automatically split its income to its dependencies, or could an account's administrator change percentages, add and delete benefited?

[Changaco]

Another potential source of data for a project's dependencies is a software bill of materials (SBOM), for which there are currently two open standard schemas: CycloneDX and SPDX.