Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Package an unminified version of terser #55

Closed
wants to merge 1 commit into from

Conversation

casperisfine
Copy link

This started in #4 but couldn't see a reason why.

Minification makes it harder to debug issues and also makes it much harder to review the gem changes on upgrade.

AFAIK this gem is only used with exec-js for which minification doesn't impact performance much.

This started in ahorek#4 but
couldn't see a reason why.

Minification makes it harder to debug issues and also makes it
much harder to review the gem changes on upgrade.

AFAIK this gem is only used with `exec-js` for which minification
doesn't impact performance much.
@ahorek
Copy link
Owner

ahorek commented Apr 2, 2024

hey, feel free to review unminified js changes for each version here on GitHub
obrazek

this gem is based on uglifier that is also shipped with minified sources. If you want to debug the js part, I would prefer to do it directly in the source repo terser with nodejs. Or you can locally build an unminified version of the gem for debugging purposes, but I don't see sufficient advantages in utilizing an unminified version for the production release.

@casperisfine
Copy link
Author

hey, feel free to review unminified js changes for each version here on GitHub

No offense but I prefer to check the diff directly in the published package for security reasons. (I think the recent XZ backdoor shenanigans in a good demonstration as of why). https://my.diffend.io/gems/terser/1.2.0/1.2.1/page/2

I don't see sufficient advantages in utilizing an unminified version for the production release.

Again, not to be argumentative, but I don't really see an advantage to the minified version either.

@ahorek
Copy link
Owner

ahorek commented Apr 2, 2024

well, the source code is available, anyone can review it and build it. Of course, the maintainer could slip something in the minified code that makes it harder to find, but the same applies to any binaries. Are you sure Ruby is built from the original sources? How could you compare diff of a binary?

@casperisfine
Copy link
Author

Are you sure Ruby is built from the original sources?

Yes, because I build it from source.

But I'm not sure why we're getting in this argument. If you don't want you don't want, it's fine. But I'm really curious what the argument for packaging the minified version is. I really can't find a single argument in favor, hence why I opened this PR.

@ahorek
Copy link
Owner

ahorek commented Apr 2, 2024

with the same argument, you can build the gem from the original sources as well rake terser:build

I'm still skeptical, but ok, let's do this #56

@ahorek ahorek closed this Apr 2, 2024
@casperisfine
Copy link
Author

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants