I think like you, their finance and lawyers are not stupid. They did the maths or already know.
Doing actual scientific study might be more risky, proving product is not good. Producing clean stuff might be impossible or too expensive, too risky to go there if regulation doesn't require it. They may have to pay reparation to existing customers.
They are going to court - science is a very different bar. Even if the science shows it is safe, someone will testify that it isn't and sway the jury with how bad life is for the heirs of someone who died from cancer. Of course in reality science gives probabilities not absolutes and so the jury gets told this causes cancer in .0001% of cases but this person was that one even though there is no way to determine that and cancer has many different causes. What matters is what you can convince a jury who doesn't have a background in science or statistics.
I'm guessing they want to avoid characters being removed by systems in the stack between the one generating the object and the one transferring bits over network. Could be more robust if everything (response and p) is re-forwarded through API Gateway or any API Orchestration logic.
As you pointed out, whitespace probably is technically superior, adding a useless field might be more convenient in their current stack and can help clients securing their own systems.
Tell that to the average JavaScript dev who uses npm to download a library with 12 dependencies in order to use a function that returns the number of words in a string.
As a company, it's your responsibility to set and enforce a clear policy on using third party code. License is only one part of the problem.
On one hand projects developed by 2 passionate devs ; on the other hand a team of entry to mid level devs working on someone else's project for the money.
That team changes every 6 month when another company offers more money. If only one or two people are working on a project, that's a high risk for the company.
If you got one or two highly skilled people in that team of 10, you are lucky. Managers don't want them to work alone on their project, they want them to help the team grow.
I create multiple movies, one works well and I think to myself I pay too much taxes this year. I sell the next one for 0 dollars to my cousin so I can write it off immediately. If the movie works, money stays in the family, if it doesn't I already got deductions and it was a no-op for my cousin.
Oh no, you are presenting a simple problem that would take you, cryptonym, all of 30 seconds to figure out a solution to since you are obviously smart enough to think things through. In fact, you could even cheat by looking at the other responder who responded before you suggesting a public auction which is what I was alluding to by saying "anybody" as in you must allow all people (within reason) to compete to purchase, not choose a specific person.
Can you try to spend 30 seconds countering whatever problems you came up with and only then propose non-trivial problems? I promise I gave the idea more than 30 seconds of thought and did think of the obvious problems, it is just tiring to exhaustively list out and pedantically enumerate a complete proposal instantiated for this specific domain. That is also why I explicitly said it solves the central 90% and would require tuning and mechanisms to reduce abuse since I do, in fact, know the proposal is incomplete, just that the problems I am aware of with this class of solution generally appear to be quite amenable to solutions that should be at least as robust as the status quo.
