I get the frustration and there’s a lot of free software that is so vital to our modern way of life that it’s crazy that it’s always one dude in Nebraska maintaining it for the last 60 years for free as a hobby.
That said, I think you should consider the great landscape of dependencies and who the competition is.
For example, I’ve open sourced a bunch of things in my life and I have a library used to make testing more ergonomic. I worked very hard on it and I like it. There are other libraries that solve this problem to, I’m biased, but I like mine the best. I like when I can help people write higher quality software with nicer tests.
My “competition” isn’t commercial offerings it’s other free offerings. Now in the grand scheme of things, it doesn’t really matter if anyone ever uses the thing I wrote, but since I wrote it and put it out into the world I get to decide how I want to interact with the wider community of people that use it or might think about using it.
If I take a hardline stance, everyone has to be committed, but the right quality bars, do things the right way, etc. I’m free to do that. The most likely outcomes are two fold. One, I’ll have a very high quality thing to my standard. Two, probably not a lot of people are going to be using it because I’ve made it too hard to participate and they will go off and use an inferior solution. Again, if it solves my problem no big deal. But I might be missing out on someone that, if they had been allowed to participate more easily, could have made my thing better, faster, more secure.
So that’s the bargain. Do you have strict controls and limit your exposure to the good and bad out there in the open source community. Do you have lax controls and expose yourself to all the good and bad. Most maintainers end up shooting for the middle, open enough that good contributors can come and flourish but strict enough to keep bad contributors out. It’s a spectacularly difficult problem though, so I’m always happy to hear how other people think about it.