If I’m not mistaken, Reflector is the kind of the tool that picks mirrors based on different aspects, not just by which is fastest or close by. And if my memory serves me right, it actually picks mirrors based on their sync date with the upstream rather than speed by default.

You might want to check your configuration and set it to prioritize the mirrors based on the aspects you want.

I guess this highly depends on package maintainers, Node already provides funding in package.json for much less invasive funding requests (and that can also be disabled) and you might also block executing the scripts during package instalation which are sometimes used for advertisement. I think this was a lot worse in days NPM didn’t support funding, especially for projects depending on a huge number of dependencies. But I’m not that old Node/JS dev to tell how things were back then in reality.