GithubHelp home page GithubHelp logo

bot's Introduction

jsDelivr - Open Source CDN

jsdelivr-logo
A global super-fast and production-focused CDN, tightly integrated with NPM and GitHub
with support for on-the-fly optimizations, ES modules, detailed download stats and more

www.jsdelivr.com

Website Repo · Public API · Blog · @jsDelivr · Discord

We are looking for contributors. Please check open issues in the above repos if you think you could help, or open a new one if you have an idea you'd like to discuss.

jsDelivr is a free CDN for open-source files. We are tightly integrated with Github and npm, allowing us to automatically provide a reliable CDN service to almost every open-source project out there.

We offer a stable CDN that can be used in production on popular websites with huge amounts of traffic. There are no bandwidth limits or premium features, and it's completely free to use.

How does it work - A simple infographic

Why jsDelivr?

Ready for production

Our public CDN is built to be used in production by even the largest websites. Everything is optimized and constantly improved to offer all users maximum speed and uptime. Performance is monitored at all times, and we are always looking into new technologies and providers that may further improve our CDN. Downtime, timeouts, or slow responses are simply unacceptable.

We do everything possible to ensure our CDN will NEVER break any websites, regardless of the use case. If a file is available via our CDN, we assume it's used in production and ensure it will continue to work no matter what.

This includes dynamic endpoints such as /npm/, /gh/ and /combine/. When a file is first accessed, it gets permanently stored in a reliable file system. This means that even if a npm package gets deleted or an existing file gets removed by a developer, jsDelivr will continue to serve the stored copy forever without breaking any websites or causing any issues.

On top of that, we also do version fallback. This means that if a file used in version 1.0.1 is no longer available in 1.0.2 and a user requests the non-existent file, we will fall back to the previous 1.0.1 version and serve it instead of failing with a 404 error.

Multi-CDN

Unlike the competition, jsDelivr uses multiple CDN providers, resulting in the best possible uptime and performance. We currently use CloudFlare, and Fastly.

If a CDN goes down, websites that use jsDelivr won't have any issues because all traffic will be instantly redirected to remaining operational providers.

Smart Load Balancing

jsDelivr uses real user performance data (also known as RUM) to make its routing decisions. These metrics are gathered from hundreds of websites and are used in our load-balancing algorithm to make accurate decisions for serving content.

All providers (CDNs and custom servers) are tested millions of times per day by real users from all over the world. Based on this information, jsDelivr knows what provider is the fastest for each user. Each user gets a unique response based on his or her location, ISP, and the providers' uptime in real-time.

This system also responds immediately to performance degradation and downtime of providers. If a CDN is under a DDoS attack, and its performance drops in some locations, in a matter of seconds, the algorithm will pick up the change and start serving a different provider to all affected users.

Failover

We have multiple layers of failover to protect our users from any downtime.

We use 2 DNS providers at the same time. For jsDelivr to go down, both of these companies would have to go down at the same time.

Both of our DNS providers monitor our load-balanced endpoint, and if they detect problems, they will automatically switch all traffic to a single CDN provider.

Our load balancer monitors the uptime of all CDN providers using both RUM and synthetic data. If any of those detect downtime or performance degradation, that CDN provider will be removed immediately without any impact on our users.

Our origin consists of multiple servers in different data centers. If a server goes down, the CDNs will automatically switch to using the remaining healthy servers.

In total, we have one of the most resilient systems out there, ready to be used in production by even the biggest companies.

China

jsDelivr has multiple locations close to Chinese urban centers to ensure low latency and high performance for all Chinese users.

Usage Documentation

jsDelivr provides mirrors for npm, GitHub, WordPress plugins, and custom endpoints for several other projects with special requirements. If our regular endpoints don't work for your use case, let us know and we'll figure something out!

If you are a package author, check our tips for package authors to make using your package as easy as possible.

Root endpoint is always https://cdn.jsdelivr.net

npm

jsDelivr can instantly serve any file from any npm package in the public registry. New versions pushed to npm are instantly available via our CDN as well. No maintenance is required.

If a package, version, or file gets removed from npm, then jsDelivr will continue to serve that file from our permanent storage without breaking any websites using it.

We use a permanent S3 storage to ensure all files remain available even if npm goes down or a package is deleted by its author. Files are fetched directly from npm only the first time or when S3 goes down.

Load any project hosted on npm:
/npm/package@version/file
Load exact version:
/npm/[email protected]/dist/jquery.min.js
Use a version range instead of an exact version:
/npm/jquery@3/dist/jquery.min.js
/npm/[email protected]/dist/jquery.min.js

NOTE

If you use this feature and a file you requested is not available in the newest version of the package, the link will keep working thanks to our version-fallback feature. We'll continue to serve the file from the older version of the package instead of failing with a 404 error.

Load by tag (Not recommended for production usage):
/npm/jquery@beta/dist/jquery.min.js
Omit the version completely or use "latest" to load the latest one (not recommended for production usage):
/npm/jquery@latest/dist/jquery.min.js
/npm/jquery/dist/jquery.min.js

NOTE Requesting the latest version (as opposed to "latest major" or "latest minor") is dangerous because major versions usually come with breaking changes. Only do this if you really know what you are doing.

Add ".min" to any JS/CSS/SVG file to get a minified version - if one doesn't exist, we'll generate it for you. All generated files come with source maps and can be easily used during development:
/npm/[email protected]/github-markdown.min.css

NOTE Minifying a large file can take several seconds. However, we store all generated files in our permanent storage, so this delay only applies to the first few requests.

Omit the file path to get the default file. This file is always minified:
/npm/[email protected]
/npm/jquery@3
/npm/jquery
Get a directory listing:
/npm/[email protected]/
/npm/[email protected]/dist/

GitHub

We recommend using npm for projects that support it for better UX - npm packages are searchable on our website, and package pages show additional useful information, such as descriptions and links to homepages.

We use a permanent S3 storage to ensure all files remain available even if GitHub goes down or a repository or a release is deleted by its author. Files are fetched directly from GitHub only the first time or when S3 goes down.

Load any GitHub release, commit, or branch:
/gh/user/repo@version/file
Load exact version:
/gh/jquery/[email protected]/dist/jquery.min.js
/gh/jquery/jquery@32b00373b3f42e5cdcb709df53f3b08b7184a944/dist/jquery.min.js
Use a version range instead of an exact version (only works with valid semver versions):
/gh/jquery/jquery@3/dist/jquery.min.js
/gh/jquery/[email protected]/dist/jquery.min.js

NOTE If you use this feature and a file you requested is not available in the newest release, the link will keep working thanks to our version-fallback feature. We'll continue to serve the file from older release instead of failing with a 404 error.

Omit the version completely or use "latest" to load the latest one (only works with valid semver versions): (not recommended for production usage)

Falls back to the master branch if there are no tagged releases.

/gh/jquery/jquery@latest/dist/jquery.min.js
/gh/jquery/jquery/dist/jquery.min.js

NOTE Requesting the latest version (as opposed to "latest major" or "latest minor") is dangerous because major versions usually come with breaking changes. Only do this if you really know what you are doing.

Add ".min" to any JS/CSS/SVG file to get a minified version - if one doesn't exist, we'll generate it for you. All generated files come with source maps and can be easily used during development:
/gh/jquery/[email protected]/src/core.min.js

NOTE Minifying a large file can take several seconds. However, we store all generated files in our permanent storage, so this delay only applies to the first few requests.

Get a directory listing:
/gh/jquery/[email protected]/
/gh/jquery/[email protected]/dist/

Combine multiple files

Our combine endpoint allows you to load several files from npm and GitHub endpoints in one request:

/combine/url1,url2,url3

All features that work for individual files (version ranges, minification, main modules) work here as well. All combined files come with source maps and can be easily used during development.

Examples:

/combine/gh/jquery/[email protected]/dist/jquery.min.js,gh/twbs/[email protected]/dist/js/bootstrap.min.js
/combine/npm/[email protected]/dist/css/bootstrap.min.css,npm/[email protected]/dist/css/bootstrap-theme.min.css

NOTE Combining large/many files can take several seconds. However, we store all generated files in our permanent storage, so this delay only applies to the first few requests.

Publishing packages

All packages hosted on npm and tagged releases on GitHub are automatically available on jsDelivr. If you are a package author, here are a few tips to make using your package as easy as possible:

  • Use semver for versioning (this is enforced by npm but not by GitHub)
  • If a file listed as main in package.json isn't meant to be used in a browser, set a browser or jsdelivr field
  • If you distribute minified JS/CSS files, also include source maps for those files
  • If you don't want to provide minified files, it's fine - we'll handle that for you

Configuring a default file in package.json

For packages hosted on npm, we support serving "default" files with shorter URLs. The default file can be configured by setting one of the following fields in package.json, with jsdelivr having the highest priority:

  1. jsdelivr
  2. browser
  3. main

We will first attempt to locate a minified version of the file provided here (by removing the extension and looking for the same file .min.js). If we can't find one, we will minify ourselves.

Be advised that you must include the file extension in the values, for example:

"main": "./index" // this will NOT work
"main": "./index.js" // this is the correct way

For projects having both a JS and a CSS file, use one the above fields for JS and a style field for the CSS file (example).

Restrictions

  • Packages larger than 150 MB or single files larger than 20 MB (in the case of GitHub) are not supported by default. We recommend removing files that are not needed from your package when possible. If you need to set a higher limit for your package, open an issue in this repo.
  • HTML files are served with Content-Type: text/plain for security reasons.

WordPress

Our WordPress endpoint works for plugins and themes hosted in the WordPress.org plugin directory and Wordpress.org theme directory, and mirrors the WordPress.org plugins SVN repo.

Load any plugin from the WordPress.org plugins SVN repo:
/wp/project/tags/version/file
Load exact version:
/wp/wp-slimstat/tags/4.6.5/wp-slimstat.js
Load the latest version (not recommended for production usage):
/wp/wp-slimstat/trunk/wp-slimstat.js
Load any theme from the WordPress.org themes SVN repo:
https://cdn.jsdelivr.net/wp/themes/project/version/file
Load an exact version of a file:
https://cdn.jsdelivr.net/wp/themes/twenty-eightteen/1.7/assets/js/html5.js
Add ".min" to any JS/CSS file to get a minified version - if one doesn't exist, we'll generate it for you. All generated files come with source maps and can be easily used during development:
https://cdn.jsdelivr.net/wp/themes/twenty-eightteen/1.7/assets/js/html5.min.js

Caching

Our caching logic and headers are optimized for production use and apply to all non-custom endpoints.

  • Static Versions and commit hashes - Effectively forever. The caching headers are set for 1 year but we also permanently cache the files in our S3 storage. So all future requests that bypass the CDN will hit our S3 storage with no option or way to update the contents of that file.
  • Version aliasing - 7 days. This also includes latest versions. They are cached on our CDN for 7 days with the option to purge the cache using our API to speed up the release of your project to your users.
  • Branches - 12 hours.

In certain cases, purgeable files can get updated faster due to low-cache hit ratio or forced CDN purge from our side for maintenance reasons.

We use permanent S3 caching even with dynamic URLs, such as version aliasing, meaning once we download your tagged files, there is no way for you to update them. If there is a critical issue in your latest release the best course of action is to tag a new semver valid release with the fix and purge the CDN URLs using our purge API.

Purge cache

jsDelivr has an easy-to-use API to purge files from the cache and force the files to update. This is useful when you release a new version and want to force the update of all version-aliased users.

Please note:

  • It will not work for static files as explained above.
  • Valid semver releases must be used for purge to work
  • Rate-limiting applies to all users

To avoid abuse, access to purge is given after an email request (for now - [email protected]).

Custom CDN Hosting

We can work together and set up a custom configuration for your project. This way, you can have full control over your files and the ability to utilize the full power of jsDelivr.

This kind of custom hosting can be suitable for:

  • Binary hosting. Windows executable files and zips.
  • Frequently updated files.
  • Projects that can't follow jsDelivr file structure.
  • Some other use that will blow all of our minds.

Simply send an email to [email protected] with a request for more information.

Current OSS projects using custom configs:

Privacy Policy

cdn.jsdelivr.net

jsDelivr might use information about downloaded files to build download stats per project and per file.

jsDelivr does not store any user data and does not track any users in any way.

Here are the relevant policies of our CDN providers:

The bus factor

bot's People

Contributors

as-com avatar davidchambers avatar jimaek avatar jsdelivrbot avatar megawac avatar peterdavehello avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

peterdavehello adonm davidchambers cloudxtreme as-com polyglotness frederickfogerty fabricionaweb mattlk13 starmanman isabella232 seanpm2001

bot's Issues

Stop complaining about unescaped UTF-8

The whole point of a global CDN like jsdelivr is that it allows anyone around the world to load content quickly and conveneintly. This feature will attract projects from all around the world. Some of those projects might come with translations in multiple languages. Others might be designed to cater to users in some locales but not others. Both of these involve putting non-English strings in source files. And yet the bot complains about it.

Should we try to please the bot by replacing all of our non-English strings with backslash-escaped hex codes? Those things are impossible for humans to read.

UTF-8 is the de facto standard of internationalization on the web. Anything encoded in valid UTF-8 should be kosher.

Better error when wrong file name

A user added info.txt instead of info.ini and he got this error

Might be nothing but I have some concerns about the files in your submission...

    string indices must be integers, not str

We need to add a better error explaining better what is wrong.

JSON incorrectly passing

The bot considers this as correct

{
  "packageManager": "github",
  "name": "jdenticon",
  "repo": "dmester/jdenticon",
  "files": {
    "basePath": "dist/",
    "exclude": "jdenticon.js"
  }
}

while its not and libgrabber will fail.
The correct is "exclude": ["file"]

Too restrictive homepage url validation for info.ini

Creating a PR for adding files of version 2.0.5 of the bigscreen is rejected because the already existing
info.ini file uses http://brad.is/coding/BigScreen/ as homepage which is reported as invalid because it does not fit to the expected hostname schema.

Error response from bot:

Looks like the info.ini or update.json has some problems hostname 'brad.is' doesn't match either of 'www.ampersandnbspsemicolon.com', 'ampersandnbspsemicolon.com'

Add Exception for @2x suffix for image files.

It would be good if the bot doesn't consider @2x as the illegal character as it's a suffix for Retina Optimized Images and it's a requirement for the browsers to automatically pull the optimized version of the images.

Here's one PR which had these type of images and the bot thought it's an issue. Thanks!

Letter Case

Are we going to enforce Letter Case? For example, jsdelivr/jsdelivr#782. The original file is called sigma.layout.forceAtlas2.min.js but the bot would prefer sigma.layout.forceatlas2.min.js. I'd probably prefer to stick with the original naming of the files, but what do y'll think?

Trying to figure out what this means and what to do about ti

First time I have tried to submit and the bot reported this issue 1044

Might be nothing but I have some concerns about the files in your submission...
 Unescaped unicode characters in angular-all.min.js (at pos 41664) 
 Unescaped unicode characters in angular-all.min.js (at pos 42871)

This is an uglified file but I don't see anything suspicious at that location etc.

I have looked at a few other people that had the same message and can't see anything wrong with their submits either.

What's the genesis of this issue and what should I do about it?

Ideas for tests

  • files/$projectName should contain only 1 file. info.ini
  • mainfile parameter should be correct. The file specified should actually exists.

I will add more later as more PRs come in and I see the mistakes :)

Validate json

It would help a lot if the bot could validate update.json and comment any errors it finds.

detect minified files

ref
Phase 1 Check sourceMappingURL
/(\/\*+[\s\S]*?sourceMappingURL\s*=[\s\S]*?\*\/)|(\/\/.*?sourceMappingURL\s*=.*?[\r\n])/g
If there is a .map file pointed to, then likely this is a minified file.
Other tests should be skipped if true.

Phase 2: remove comments (where possible without trashing code)
This RegEx test should work: /(^(\/\*+[\s\S]*?\*\/)|(\/\*+.*\*\/)|^\/\/.*?[\r\n])[\r\n]*/gm on this test code:

Match full line & blank newlines after: 
//! https://github.com/tomByrer/web-engeneering-notes/blob/master/banner-tips.md#mini-banner

hunk
/**
* usage: https://github.com/jsdelivr/bot/issues/1#issuecomment-42943418
**/
junk
/*! script.node.js github.com/owner/scriptjs 0.7.0 (c)2014 License GPL */
funk
End line comment=! /*** I like stars ***/

left/*middle*/right
trunk
// project-legacy.js github.com/owner/project 0.1.0 (c)2014 @licence MIT
stunk
/* @preserve this comment please? */
sunk
// @License to @Preserve: none
bunk
/* important info but not enough to keep in minified code */
punk
// comment
edge-case (works if have space between **)
/**/
space
/*
*/

Unsure what to do:
//# sourceMappingURL=jquery.mobile-1.4.2.min.map
var x=y;// Great coding!  Have to keep this comment because of above example...
var twitterHandle = '@preserve';  //oops

Should Fail:
https://user:[email protected]/is-url.js
/!escape
<!-- remove this comment -->
"/*"

True; EOF test:
/* test */

Bonus: grabs newlines after comment.

Phase 3

If ( comments-removed.match(/\n\r/g).length > ( comments-removed.length / 80 ) {
  not mified 
}

Unable to update package because of case sensitivity?

jsdelivr/jsdelivr#8511

There have been significant changes in ScrollReveal v3.0.0, and the desired filename is now all lowercase. I have updated my PR to reflect these changes, but I am still encountering errors.

I figured I’d leave the camelCase v2.3.2 filename for legacy support, but perhaps its causing a problem?

Please advise!

2 commit rule

We can create a warning when the user has more than 2 commits and then show him the correct command to squash his commits.

2 because = info.ini + update.json to allow users to use the web interface

adding new min.js file leads to a reject

Hi,

just added a new version of piwik JS to jsdelivr repo and got an reject from the bot, complaining about changing the structure.

But if there was no min.js file, how should one add it without changing the structure?

UTF-8 encoded files seems be interpreted as binary

After forcing the usage of UTF-8 format in all JavaScript files I get messages like in the pool request:

Expected js/i18n/grid.locale-ja.js to be static content; found binary
Expected js/i18n/grid.locale-ja.min.js to be static content; found binary
Expected js/i18n/grid.locale-ja.min.map to be static content; found binary

and the merging of the new version will be done many days later.

I suppose that it's a bug in jsdelivrbot, which seems to be incompatible with the --charset "UTF-8" option of closureCompiler. It seems to have problems even with the source JavaScript files in UTF-8 format.

If it's not a bug, then I would like to know what can I do to prevent stopping of automatic pull request by jsdelivrbot.

Thanks in advance.

Bot failes very often

Lately a lot of PRs are not checked at all by the bot. I think it happens when multiple PRs arrive at the same time but it could be something else completely.

Either @megawac or @MartinKolarik please check because its very important. We heavily rely on this bot to merge

add feature to ignore old directory/file structure before certain version

Because the structure may be changed, we can't control or make sure the structure will be the same forever, once it changes, e.g. rename javascript to js, CI bot will not success and fail in all the after version, but that doesn't make sense, we still need a human begin to check the CI message, I think we should support this feature to ignore the old structure before a certain version, so it won't make all the after version not pass CI bot, and the version may be set in info.ini

Link to this repo

Add a small note in the bot's comments linking to this repo to allow people to report bugs.

Scan files for malicious code

As mentioned in the Gitter chat room...

Here are some ideas to start with:

  • Scan for domains listed on blacklists (such as this, this, this, this, this or just Google it)
  • Complain when it detects obfuscated code (eval(function(p,a,c,k,e,r){...}), eval(function(p,a,c,k,e,d){...}), eval(function(w,h,a,t,e,v,e,r){...}) or even just eval(function(...){...}))
  • Run code through this service

Comment commands

It would be great if the bot could react to commands in comments.
For example:

jsDelivr mod: @jsdelivrbot: squash commits and all commits in that PR will get squashed into a single one

Scenario: The bot created an update PR for a project. All mods are asleep.
The developer of the project that is getting updated can comment:
Author: @jsdelivrbot: merge this PR

I can't update my file

Hi,

There is an issue with my pull request (jsdelivr/jsdelivr#1002) : it's saying I cannot update a file I've uploaded. However there is an issue with that file (JS compressor that didn't do correctly its job) and I need to fix it.

Can you help please?

Thanks

Allow the bot to merge libgrabber's commits

If its possible it would help a lot to add a parameter to update.json.
Something like "auto-merge": true.
It can be enabled per project and if the bot sees it then it will automatically merge the PR for that project without waiting for a mod.

A modular library issue

The AniJS library it's composed by a Core and others modules which We call helpers, like scrollReveal, and now DOM. Please we need also add these important modules.

Please take a look to jsdelivr/jsdelivr#1631

Best Regards, Dariel

hostname doesn't match fastly.net

I just submitted a PR for my human-date library and got this error:

Looks like the info.ini has a few problems:
    hostname 'www.npmjs.com' doesn't match either of 'a.sni.fastly.net', 'a.sni.global-ssl.fastly.net'

I didn't see anything about fastly anyhwere in the CONTRIBUTING section or here in existing issues. Please advise on next course of action.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.