EASE '25: Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering,
Juni 2025
Software systems extensively rely on open source software (OSS) libraries, which offer numerous benefits but also pose significant risks. These risks arise when vulnerabilities or attacks emerge, and the OSS community fails to address them promptly due to inactivity or lack of resources. Recent research highlights the strong connection between OSS maintenance activities and financial support. To support the sustainability of the OSS ecosystem, it is crucial for library maintainers to register on donation platforms and link these profiles on the library’s project page accordingly. This allows end users and industry initiatives to provide financial support, ensuring maintainers have access to funding streams. However, a comprehensive investigation on the actual usage of donation platforms in OSS ecosystems is currently missing. This descriptive study analyzes the usage of the most common donation platforms in the PyPI ecosystem. For every available PyPI library, we retrieve its assigned URLs, direct dependencies, and, when available, the owner type and additional donation platform links from its GitHub repository. Using the PageRank algorithm, we analyze the ecosystem for different subsets of libraries looking at both the library and dependency chain perspective. Our study provides several empirical insights regarding the adoption of donation platforms within the PyPI ecosystem. We observe that donation platform links are largely omitted from PyPI project pages, with a strong preference for listing such links exclusively on GitHub repositories. Additionally, GitHub Sponsors emerges as the dominant donation platform, though a notable portion of listed links on PyPI are outdated, highlighting the need for automated link verification. Our findings also reveal significant variations in donation platform adoption across individual libraries and dependency chains. While the analysis of individual PyPI libraries exhibit relatively low adoption rates, libraries used as direct and transitive dependencies show a much higher usage of donation platforms. This widespread adoption of donation platforms among dependencies is a positive sign for developers using PyPI libraries, as these libraries actively seek financial support to sustain ongoing maintenance.