[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

 ❦  2 septembre 2015 09:32 +0300, Lars Wirzenius <liw@liw.fi> :

> However, I want to raise the point that upstreams do not always make
> sensible decisions, and if they don't, it's good to raise that with
> them. For example, there was recently an ITP bug for
> node-number-is-nan. Upstream source code is at
> https://github.com/sindresorhus/number-is-nan, and the whole package
> boils down to these four lines of code:
>     'use strict';
>     module.exports = Number.isNaN || function (x) {
>             return x !== x;
>     };
> (https://github.com/sindresorhus/number-is-nan/blob/master/index.js)
> If something or someone needs this, we should package it, and it seems
> Grunt needs it. However, it doesn't seem sensible to have a package
> for every one-liner Javascript function, either in Debian or upstream.
> That's going to be a lot of packages, and that alone makes things
> harder to manage for everyone. It'd make sense for the Javascript
> community to produce a more general library to make ES5 look more like
> ES6, which would include a number of such functions.

It exists. For polyfills:


And for the syntax:

Alas, how love can trifle with itself!
		-- William Shakespeare, "The Two Gentlemen of Verona"

Attachment: signature.asc
Description: PGP signature

Reply to: