Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resolve npm imports #303

Merged
merged 36 commits into from
Dec 4, 2023
Merged

resolve npm imports #303

merged 36 commits into from
Dec 4, 2023

Conversation

mbostock
Copy link
Member

@mbostock mbostock commented Dec 2, 2023
edited
Loading

This resolves the exact version of any imported npm module at build time. This improves performance by allowing cache-control immutable for imported modules and by preventing duplicate loads of the same library. (For example, the npm:d3-dsv needed for file.csv() is now the same as the one you get if you import npm:d3.) It also improves security and stability by ensuring that new releases won’t break your existing project, while still automatically giving you the latest version at build time. We could further improve security using subresource integrity.

I’ve staged this as a PR on top of #294 because it depends on some upstream changes, but I also didn’t want to add yet more new functionality to that already-large PR!

TODO

  • resolve the exact npm version
  • use a cache to avoid duplicate requests and ensure consistency
  • resolve implicit stylesheet versions (Leaflet, KaTeX, and Observable Inputs)
  • resolve DuckDB dependencies
  • resolve SQLite dependencies
  • mock jsDelivr during tests to be polite, improve performance, and keep the snapshots stable
  • clean up the PendingTranspile complexity somehow

Fixes #135. We can fix the Inputs stylesheet after #29.

@mbostock mbostock requested review from Fil and cinxmo December 2, 2023 22:48
@mbostock mbostock force-pushed the mbostock/resolve-npm-import branch from 84ebb50 to 95cfd37 Compare December 2, 2023 23:29
@mbostock mbostock marked this pull request as ready for review December 3, 2023 04:13
@Fil Fil mentioned this pull request Dec 4, 2023
Open
@Fil
Copy link
Contributor

Fil commented Dec 4, 2023

This will be useful also for #20. I've opened an issue for SRI (#306).

Base automatically changed from mbostock/stdlib to main December 4, 2023 21:02
@mbostock mbostock merged commit 2a0fdb9 into main Dec 4, 2023
1 check passed
@mbostock mbostock deleted the mbostock/resolve-npm-import branch December 4, 2023 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fil Fil Fil approved these changes

@cinxmo cinxmo Awaiting requested review from cinxmo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve, and perhaps control, versions of imported libraries?
2 participants
@mbostock @Fil