Why wasn't I warned about this?

[resynth1943]

This package was installed without my Consent. I'd like to ask that you warn users prior to collecting any Analytics on them.

Furthermore, could you please provide me with your analytics endpoint server? I wish to permanently prevent my computer from sending any further unsolicited Data to you.

[aviaviavi]

Hi @resynth1943. Scarf-js does inform the end-user before reporting any telemetry data by printing a message to the console. If you were not notified in the console of this telemetry, then no data was actually sent. Feel free to read through the code to verify this for yourself.

Regarding consent - When you install a package from npm, you are agreeing to install the package's dependencies as well.

You can globally disable scarf-js on your computer with an environment variable:

export SCARF_ANALYTICS=false

see https://github.com/scarf-sh/scarf-js#as-a-user-of-a-package-using-scarf-js-how-can-i-opt-out-of-analytics for more information about opting out of analytics. You can block scarf.sh on your computer if you really want to go that route, but since the URL may be updated later, the environment variable route is the more future-proof way to opt-out.