- Change invocation to /sponsor owner/repo
- Rename 'Sponsor These' to 'Ways to Give Back'
- Soften language: never shame unfunded projects
- Add rule: always be encouraging, never shaming
- Regenerate READMEs
Major upgrade:
- deps.dev GetDependencies: full tree in one call (direct + transitive)
- deps.dev GetVersion: cross-ecosystem package→repo mapping (7 ecosystems)
- deps.dev GetProject: OSSF Scorecard health data per project
- Direct vs transitive column (✅ vs ⛓️)
- Health column from Scorecard Maintained check
- Actionable minimum: '💡 Sponsoring just N people covers all funded deps'
- Graceful fallback to registry APIs if deps.dev unavailable
Inspired by jshchnz/tribute, adds:
- Link verification: every funding URL is fetched before presenting
- Web search fallback: finds funding even without FUNDING.yml
- How Verified column: transparency about data source
- 5 ecosystems: npm, Python, Rust, Go, Ruby (was npm-only)
- Corporate-maintained package detection
- No Verified Funding Found section for unfunded deps
Teaches Copilot how to scan a repo's dependencies and find which ones
accept sponsorship via GitHub Sponsors, Open Collective, etc.
Workflow:
1. Fetch package.json from target repo
2. Resolve each dep to source GitHub repo via npm registry
3. Check npm funding field + .github/FUNDING.yml
4. Group by maintainer, present report with sponsor links
Tested against expressjs/express: found 9/28 deps sponsorable (32%)
across 3 funding destinations.
