thanks.dev does this. I think I saw GitHub Sponsors also started (or will start?) doing something like this, but I'm not sure on the details off-hand.
But yeah, I've argued for this a long time as well: who is going to look up 100 to 2,000 dependencies and see if they accept donations and set that up and cancel when you stop using it, add new ones when you start using them (and many will be transitive deps, so you have to check if it changed every month or something), etc. etc.
You just want to give one organisation $500/month or whatever and let them sort it out. You don't even need SBOMs, just start by sending them your go.mod or package.json or Cargo.toml or Gemfile or whatever.
That the FSF and OSI are doing basically nothing in this regard is why I have trouble taking either organisation serious.
I tried to sign up (as a maintainer) and I never heard back from them. Tidelift also does a lot of other stuff; my impression is they want to have a "curated list" of packages (Or something? I find Tidelift confusing) which is fine I guess, but not really a general solution.
But yeah, I've argued for this a long time as well: who is going to look up 100 to 2,000 dependencies and see if they accept donations and set that up and cancel when you stop using it, add new ones when you start using them (and many will be transitive deps, so you have to check if it changed every month or something), etc. etc.
You just want to give one organisation $500/month or whatever and let them sort it out. You don't even need SBOMs, just start by sending them your go.mod or package.json or Cargo.toml or Gemfile or whatever.
That the FSF and OSI are doing basically nothing in this regard is why I have trouble taking either organisation serious.