You know, I encounter binary builds from time to time on npm, and I start wondering what if build step was even slightly altered by packager. It makes me kind of uncomfortable with the terms of openness, when some step in deployment is a black box, and I can't be sure that I get a 100% genuine experience from source code or some telemetry is taken behind my back.
But at the same time, it's so convenient that everything's built, so I can test it in timely manner.
Extra exhausting would be installing a package AND the build tools required for it to build on machine, because why use package then, LOL? 😆
Yeah, it's scary if you start to think about it. Packages are built out of whatever files you're packaging and there's absolutely no check if it is the same source code provided on GitHub or if it was altered.
What's for the binaries WebAssembly could help with it - it's cross platform and no extra build tools required.
Everything we use in dev (or even live) is based on someone else's work; And its great, we are where we are, because it was refined and perfected over and over. Wouldn't it be nice to be involved in this evolution?
Well, you still need a build tool to wasm-ify what you just wrote in some readable programming language, but I get the idea.
Nevertheless, even if wasm is somehow readable, it will be more handy if build and packaging in repository were scheduled automatically, without "strings attached". It's more of like an option that raises the credibility of the package.
I dunno what's even beyond of WebAssembly for web today? It's certainly an awesome progress.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You know, I encounter binary builds from time to time on npm, and I start wondering what if build step was even slightly altered by packager. It makes me kind of uncomfortable with the terms of openness, when some step in deployment is a black box, and I can't be sure that I get a 100% genuine experience from source code or some telemetry is taken behind my back.
But at the same time, it's so convenient that everything's built, so I can test it in timely manner.
Extra exhausting would be installing a package AND the build tools required for it to build on machine, because why use package then, LOL? 😆
Yeah, it's scary if you start to think about it. Packages are built out of whatever files you're packaging and there's absolutely no check if it is the same source code provided on GitHub or if it was altered.
What's for the binaries WebAssembly could help with it - it's cross platform and no extra build tools required.
Everything we use in dev (or even live) is based on someone else's work; And its great, we are where we are, because it was refined and perfected over and over. Wouldn't it be nice to be involved in this evolution?
Well, you still need a build tool to wasm-ify what you just wrote in some readable programming language, but I get the idea.
Nevertheless, even if wasm is somehow readable, it will be more handy if build and packaging in repository were scheduled automatically, without "strings attached". It's more of like an option that raises the credibility of the package.
I dunno what's even beyond of WebAssembly for web today? It's certainly an awesome progress.