Look into lifting package at Tidelift?

[voxpelli]

Tidelift connects companies who wants SLA:s and assurances for their dependencies with maintainers who wants to get assistance in handling eg. security issues and who could make use of funds for that maintenance.

I looked up the ua-parser-js module and Tidelift says that its currently eligible for $71.39/month, which is twice the estimated yearly budget ($35.61) on Open Collective, so 24 times the Open Collective money in total: https://tidelift.com/lifter/search/npm/ua-parser-js

You can then also defer security reports to Tidelift and have them coordinate the response, which can be a great help. See eg. how @sindresorhus have it set up here: https://github.com/sindresorhus/type-fest/security/policy

Screenshot:

Link there goes to: https://tidelift.com/docs/security

I'm not in any way affiliated with Tidelift, but I do like their idea of establishing relations with the long tail of dependencies in eg. the JS ecosystem and to work on enabling the funding of maintenance for that entire long tail by packaging it appealingly for companies and enterprise organization while at the same time giving support to maintainers. A typical win-win that will get better the more maintainers and companies who sign up 👍