DEV Community

loading...

Discussion on: What if we would share code instead of packages?

Collapse
vintprox profile image
Rodion Borisov

You know, I encounter binary builds from time to time on npm, and I start wondering what if build step was even slightly altered by packager. It makes me kind of uncomfortable with the terms of openness, when some step in deployment is a black box, and I can't be sure that I get a 100% genuine experience from source code or some telemetry is taken behind my back.
But at the same time, it's so convenient that everything's built, so I can test it in timely manner.

Extra exhausting would be installing a package AND the build tools required for it to build on machine, because why use package then, LOL? 😆

Collapse
valeriavg profile image
Valeria Author

Yeah, it's scary if you start to think about it. Packages are built out of whatever files you're packaging and there's absolutely no check if it is the same source code provided on GitHub or if it was altered.
What's for the binaries WebAssembly could help with it - it's cross platform and no extra build tools required.

Everything we use in dev (or even live) is based on someone else's work; And its great, we are where we are, because it was refined and perfected over and over. Wouldn't it be nice to be involved in this evolution?

Collapse
vintprox profile image
Rodion Borisov

Well, you still need a build tool to wasm-ify what you just wrote in some readable programming language, but I get the idea.

Nevertheless, even if wasm is somehow readable, it will be more handy if build and packaging in repository were scheduled automatically, without "strings attached". It's more of like an option that raises the credibility of the package.

I dunno what's even beyond of WebAssembly for web today? It's certainly an awesome progress.