> We can only guestimate the impact:
> 1,500 downloads every single week
> Being conservative, maybe 20% are actively in use
> That's about 300 organizations
> Each one probably sending what, 10-50 emails daily?
> We're talking about 3,000 to 15,000 emails EVERY DAY flowing straight to giftshop.club
Those figures seems crazy to me.
They assert that behind a single download from NPM is a unique organization.
That's insane.
A download from NPM is just someone (most often something) doing _npm i_.
Given how most CIs are (badly) configured in the wild, they'll _npm i_ at least once per run. If not per stage.
So those 1,500 downloads per week can come from just 2 organizations, one with a dev POCing the tool, and one with a poorly configured CI.
And the official repo has 1 watch 0 fork and 2 stars: https://github.com/ActiveCampaign/postmark-mcp
Sure the issue raised around MCP and supply chain is big, but the actual impact of this one is probably close to 0.
> A download from NPM is just someone (most often something) doing _npm i_.
> Given how most CIs are (badly) configured in the wild, they'll _npm i_ at least once per run. If not per stage.
Indeed. By the same calculus, it should take less than a year for everyone on the planet (including children and the elderly and a whole lot of people who might not have computers, let alone any idea what Python is) to get a personal copy of many of the most popular Python packages (https://pypistats.org/top).