Remember that we are dealing with developers here, not the average Joe.
We should assume that a developer checks out a project before using it as a dependency.
Also, monetisation when done during the installation process can be tolerated, since it’s a one-time only operation.
I’m in favour of the dedicated sponsor button, though.
I'm strongly agree with you, if developers would check their dependencies, we would never have got to the dependency hell we got today.
And TBH there is no problem with open source monetization because there never had been such social contract. For me it's all about unspoken agreements and what happens when people break them.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.