Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm package? #28

Closed
sanand0 opened this issue Oct 31, 2022 · 4 comments
Closed

npm package? #28

sanand0 opened this issue Oct 31, 2022 · 4 comments

Comments

@sanand0
Copy link

sanand0 commented Oct 31, 2022

@tofsjonas, thanks for a nifty library!

I'd love to use this as an npm package -- and I believe others would too. If you're open to it, shall I send a pull request for a package.json?

I thought npm install vanilla-sortable might work, since vanilla-sortable is available, and most other variants of sortable aren't. What do you prefer?
@tofsjonas
Copy link
Owner

Hey @sanand0 , thanks for your input! 😊

Is there some advantage to this that I am missing? Why not use the jsDelivr link?

I mean, even if you npm install it, you'd still have to include some kind of link in your code, right?

@sanand0
Copy link
Author

sanand0 commented Nov 1, 2022

Aha! Here are four real-life situations I'm facing -- probably in the order of increasing importance.

Offline access. Next week, I'm on a 4-hour flight to Singapore. I'll be building an app in the flight, without Internet access, and it would be really cool if I could npm install and develop the app, without needing the CDN. I'd rather not download the files locally, because then I'd need to check on Github every week to see if you'd updated the repo with some new feature 🙂

Version control. Let's say you're fixing a bug, and accidentally push the wrong file. (It happens to all of us.) Suddenly, that's on the CDN, my app stops working, and the only way I can fix it is by urgently reaching out for help. Of course, you'd probably be nice about it, but it could be the middle of the night... 🙂

Privacy. I'm building apps for a client who'd rather not share information on the number of times their app is accessed. By requesting from a CDN, they're implicitly sharing this information, making their auditors uncomfortable. So they've told me to npm install or not at all.

Security. I'm also building apps for a cyber-security client. They said, "Look, Jonas sounds like a great guy. But we're in the cyber-security business. Are you asking my clients to believe that we're certifying that CDN link to be safe for all eternity, even if his account gets hacked?" (Well, not exactly that, but something like that.)

So yes, even if I npm install it, I'd have to add <script src="node_modules/vanilla-sortable/sortable.min.js>, etc. But, I can work offline, and not worry privacy or the CDN contents changing without my knowledge.

BTW, thanks for asking this question. I really enjoyed replying 😀

@tofsjonas
Copy link
Owner

Haha, one of those reasons would have been enough.
Sure, go ahead then, and thanks for your explanation 🙏

@dkhgh
Copy link

dkhgh commented Nov 8, 2022

I've been using this in /vendor/assets/sortable@1.x in a production app. This gives me

  • Offline access
  • No risk of unexpected bugs from the jsDelivr
  • Maximum privacy
  • Maximum security.

Even without checking GitHub for updates this has been incredibly helpful. Thanks @tofsjonas.

disclaimer: not a big fan of complicated package manager setups.

@tofsjonas tofsjonas mentioned this issue Feb 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sanand0 @tofsjonas @dkhgh