Skip to main content

On mobile? Send a link to your computer to download HTTP Toolkit there:

No spam, no newsletters - just a quick & easy download link

On mobile? Send a link to your computer to download HTTP Toolkit there:

No spam, no newsletters - just a quick & easy download link

open-source

announcements

business

HTTP Toolkit is joining the Open Source Pledge

The Open Source Pledgeopens in a new tab is a new push to make companies commit to funding the maintainers of the open-source software they depend on, and to publicly recognize the ones that do.

HTTP Toolkit has donated back to maintainers for a few years now, but joining the Open Source Pledge today means formally committing to that, and to doing so publicly with a sustainable minimum level ($2000 per full-time developer, or higher) indefinitely into the future.

What is the Open Source Pledge?

HTTP Toolkit (and effectively 100% of other software businesses) depends on a huge quantity of open-source code for much of its fundamental functionality & infrastructure. Most of this is tirelessly maintained by volunteers, completely for free.

Astonishingly, that basically works, and we've built an entire software industry on top of it.

But it's not a fair deal, and over the years it has become increasingly clear that businesses replying on people maintaining their critical dependencies for free is not a good or sustainable approach (for either the businesses or the maintainers' mental health). Plenty of important open-source projects have been abandoned as maintainers moved on with their lives, while some have been actively removed entirelyopens in a new tab or even replaced with malicious contentopens in a new tab. For businesses these are big problems, but for maintainers it's not reasonable to expect that they'll continue actively supporting their projects for free indefinitely just because your business chose to use it.

There have been many attempts to fix this, from the organizational (internally forking key dependencies, avoiding dependencies entirely where possible) to the purely technical (dependency locking & mirroring, security scanning of new releases). At the end of the day though, the only real solution to open source sustainability is to fund the maintainers you depend on.

The Open Source Pledge aims to commit businesses to doing this, and to build a wider culture where that becomes the norm.

The actual mechanism for this is that businesses must donate at least $2,000 per full-time developer employee per year, and must publicly self-report the payments they're making and where that goes. In return, the business gets:

  • Public recognition, as a well-behaved business that supports the maintainers it depends on (good marketing for anybody who either sells to developers, or recruits them, or both).
  • Healthier dependencies, which are significantly more likely to continue to develop and stay actively maintained if they're well funded.
  • Better engagement with the maintainers they depend on, making it far more likely they can get the support they need, if required.

This is very new! It's being driven by Sentryopens in a new tab, and it's not formally launching until October this year, but HTTP Toolkit along with a selection of other open source-focused businesses like Astralopens in a new tab, Scalaropens in a new tab and Val Townopens in a new tab are signing up in advance as part of the first wave.

(Does this sound like something your organization might be interested in doing? Is it possible you already fulfill the pledge requirements and your business just needs to be recognized for it? You can join the pledgeopens in a new tab too!)

HTTP Toolkit's contributions

Let's talk about the money. In total, so far HTTP Toolkit has paid $11,030 to open source maintainers.

Of course, $11k doesn't compete with the total impact of some notably committed larger organizations (Google, Microsoft, Sentry, et al) but HTTP Toolkit is a tiny project with literally one full-time employee (meopens in a new tab). For a single individual, I think this is not too shabby.

Absurdly, I suspect that this total is still significantly more overall contribution than the majority of larger organizations. As a supporting datapoint, these contributions make HTTP Toolkit one of the top 10 funding organizations for Electron on Open Collectiveopens in a new tab (with $620 USD in total). How many Electron projects are there out there, and how much profit have they made from its existence? All but 10 of them have donated less than $620 back to the project. Now think what that looks like further down the long tail of smaller projects.

Open-source projects provide huge value to us as developers and to software businesses everywhere. We can do better than this.

All numbers here are purely financial contributions to open source. On top of that, all of HTTP Toolkit's own code is 100% open source, I personally maintain plenty of other projects (I'm one of the maintainers of Node.js, plus various smaller libraries like loglevelopens in a new tab) and there's been a long series of code contributions from HTTP Toolkit back to upstream projects along the way too.

Let's break down these financial contributions further and get into the details:

2024 so far

In 2024 so far, HTTP Toolkit has paid $4162 to open-source maintainers. Extrapolating out, that suggests by the end of 2024 the total should hit around $5,500.

Payment delivery is split pretty equally between GitHub sponsors and Open Collective, and spread out into quite a long tail of different projects:

2023

In 2023, HTTP Toolkit paid $4267 to open-source maintainers:

2022

In 2022, HTTP Toolkit paid $2582 to open-source maintainers:

2021

In 2021, the project was just getting proper traction, and these donations were just starting off, so there was just one first donation right at the end of the year: $20 to the openapi-directoryopens in a new tab.

What's next?

As you can see from the numbers above, this has been steadily ticking upwards, and I'm intending to continue that as far as possible.

So far I've focused on steady monthly donations towards core dependencies (projects that HTTP Toolkit uses directly, for essential functionality) rather than a broader trickle down approach that would cover subdependencies or less-notable minor packages. There's an interesting debate about these kinds of approaches, but in HTTP Toolkit's case there's quite a few smaller projects and individuals in that list who are important to HTTP Toolkit and would otherwise receive very little funding indeed (e.g. Node-Datachannel, Fast-XML-Parser and UAParser.js all directly power specific product functionality, and AFAICT HTTP Toolkit is their #1 funding source). This will likely continue, but I may explore other tools like thanks.devopens in a new tab who aim to spread donations far more widely across the entire upstream project base in time.

Even in future, it's very unlikely that funding from HTTP Toolkit alone is going to fund any of these maintainers enough to quit their day jobs. That said, payments like this really could snowball into sufficient funding for maintainers to work on open source full time if just a small percentage of other organizations did the same, and even small payments help show maintainers that their work is valuable & appreciated.

Joining the Open Source Pledge is an important step to take this further. It's a way to publicly commit to doing this both now and in future, and to help redefine industry norms: companies that build on top of open source should fund maintainers.

If that sounds like something your organization might be interested in, I'd encourage you to sign up too! You can find out more at osspledge.comopens in a new tab, or check out the steps to join hereopens in a new tab. Organizations joining before September 15th will be part of the first launch group, and included in an outdoor advertising launch campaign that Sentry will be running later this year.

Alternatively, if you just want to hear more and get involved, you can follow the project on GitHubopens in a new tab or join the discussion on Discordopens in a new tab.

Suggest changes to this pageon GitHubopens in a new tab

Share this post:

Blog newsletter

Become an HTTP & debugging expert, by subscribing to receive new posts like these emailed straight to your inbox:

Related content

funding

EU Funding for Mobile App Traffic Interception

HTTP Toolkit has been selected to receive another round of open-source funding from the EU! This aims to improve interception of HTTPS traffic from mobile apps, making it easier for both security/privacy researchers and normal technical users to inspect & manipulate the data that any app they use sends & receives. This funding will directly support work to improve the precision & usability of mobile app interception, on both iOS and Android. In a couple of clicks, you'll be able to target any app installed on a connected device (on either platform) and inspect all its traffic. That means no background noise from full system interception, automatic certificate unpinning, and no fiddly manual setup required.

funding

EU Funding for Dev Tools for the Decentralized Web

Through the Next Generation Internet (NGI) initiative, HTTP Toolkit has been selected for funding from the EU's Horizon research & innovation program, to expand beyond HTTP and offer the same interception, debugging & testing functionality for applications built on top of the decentralized web. This is going to be a huge opportunity to invest in expanding HTTP Toolkit to support some very exciting new technologies, and extending existing core functionality to do so along the way.

javascript

Build an HTTPS-intercepting JavaScript proxy in 30 seconds flat

HTTP(S) is the glue that binds together modern architectures, passing requests between microservices and connecting web & mobile apps alike to the APIs they depend on. What if you could embed scripts directly into that glue?