GitHub today launched Sponsors, a new tool that lets you give financial support to open-source developers through recurring monthly payments. Developers will be able to opt into having a “Sponsor me” button on their GitHub repositories and open-source projects will also be able to highlight their funding models, no matter whether that’s individual contributions to developers or using Patreon, Tidelift, Ko-fi or Open Collective.
The mission here, GitHub says, is to “expand the opportunities to participate in and build on open source.”
That’s likely to be a bit controversial among some open-source developers who don’t want financial interests to influence what people will work on. And there may be some truth to that as this may drive open-source developers to focus on projects that are more likely to attract financial contributions over more esoteric projects that are interesting and challenging but aren’t likely to find financial backers on GitHub.
“Today, GitHub Sponsors will be launching in beta to get ahead of such concerns,” GitHub told me when I asked for comments. “Through this beta we’re actively listening to how folks are using the new program. We want to better understand how the program evolves and how we can best scale the framework of the program to enable opportunities for everyone to participate in and build on open source.”
The program is only open to open-source developers. During the first year of a developer’s participation, GitHub (and by extension, its corporate overlords at Microsoft) will also match up to $5,000 in contributions. For the next 12 months, GitHub won’t charge any payment processing fees either (though it will do so after this time is over).
GitHub tells me that developers will be able to set up multiple sponsorship tiers with benefits that can be set by the developer, too. In many ways, then, this isn’t all that different from sponsoring a Twitch streamer, for example, with monthly payments and special benefits depending on how much you pay.
Payouts will be available in every country where GitHub itself does business. “Expanding opportunities to participate on that team is at the core of our mission, so we’re proud to make this new tool available to developers worldwide,” the company says.It’s worth noting that this isn’t just about code and developers, but all open-source contributors, including those who write documentation, provide leadership or mentor new developers, for example. As long as they have a GitHub profile, they’ll be eligible to receive support, too.
To make this work, GitHub is also launching a “Community Contributors” hovercard to highlight the people who built the code your applications depend on, for example.
It will definitely be interesting to see how the community will react to Sponsors. The idea isn’t completely novel, of course, and there are projects like Beerpay that already integrate with GitHub. Still, the traditional route to get paid for open source is to find a job at a company that will let you contribute to projects, either as a full-time or part-time job.
In addition to Sponsors, GitHub is also launching a number of new security features. The company today announced that it has acquired Dependabot, for example, a tool that ensures that projects use the most up-to-date libraries. GitHub Enterprise is getting improved audit features, which are now generally available, and maintainers will now get beta access to a private space in GitHub to discuss potential security issues so that their public chats don’t tip off potential hackers. GitHub is also taking token scanning into general availability, which is meant to prevent developers from accidentally leaking their credentials from services like Alibaba Cloud, Amazon Web Services, Microsoft Azure, Google Cloud, Mailgun, Slack, Stripe and Twilio.
GitHub’s enterprise edition is also getting a few updates, including more fine-grained permissions, which are now generally available. Also generally available are Enterprise accounts, while new features like internal repos and organizational insights are now in beta.
Note: We updated this post after it was published with more details based on answers from GitHub to a number of questions we asked ahead of publication.