@OvermindDL1 The dangers you outline highly depend on how will Hex creators handle it mid- and long-term. Private packages are only useful for organizational development teams since it’s very costly in terms of both money and development hours to roll your own package repository. Nothing wrong in outsourcing that expense to Hex itself.
Additionally, many organizations would much prefer to refactor out useful / value-adding components as public and OSS packages, so not even all companies would use the private packages functionality.
The main motivation I see behind paid private packages are mostly because of the potential very long-term investment a company might make in Elixir; I needn’t remind anybody around here that there are still banks that hire COBOL consultants for $400 an hour to fix 25+ year old systems. In the same lane of thought, organizations might have 50+ private packages measuring tens or hundreds of megabytes big and they might use them for 20+ years as well.
Hosting costs money, we all know it. When it’s for the public good, many people choose to benefit the society for free and I commend them for that. However, when you have a big company like the above theoretical one, their servers might pull private packages tens or hundreds of times a day for their CI process. That would be a lot of load. If the load keeps growing without Hex having the budget to cover hosting expenses, then Hex won’t last long.
Lastly, companies like the idea of paying for a service and being rid of the responsibility to maintain the thing, plus it gives them the peace of mind that the service won’t just shut down next year.
That being said, CI processes pulling public/free packages from Hex thousands of times daily is also a reality and I don’t know how the maintainers handle it. Maybe making a federated network of copies of Hex is a good idea for the future; all mirrors except the main node will only ask for differences through IDs / checksums and will periodically suck the updated packages (or simply employ a normal CDN). That might help Hex’s free version remain free forever. But that’s long-term.
(Edits #1 and #2: typos or grammar.)