Great more EULA not to read
Well its better than CLI ads i guess, just dont see what value it adds to a package manager, dunno about everyone else but the only time i ever examine the meta data of a package is when i want to know where the packages project is hosted...
Still i guess if you view like spam, in so much that it only takes one person to respond per million emails sent to call it a sucessful campaign, then it might help, just think things like github sponsors is a more natural fit for this sort of thing.
Also whats the betting that in the next 6 months el reg reports on packages getting hacked to change the funding link to one not controlled by the authors, and whats the betting NPM's response is any more effective than shrugging and going meh??