Comments (6)
If some other developer can't fork your project and develop/build it himself with the same provided toolset (for the equal productivity) as you then I doubt it should be called "Open Source". For the same reason we don't call obfuscated sources "Open Source" because editing obfuscated code can't compete in productivity with editing original code. I'm not a guru of open source philosophy, I can mistake, but that's how I get it.
I guess, "being open to competition" -- that's how it may be called.
from j-toml.
Line 12 in ebcd61c
It seems you are using dist/ESM/.j-toml.js
for packing, which is a middle packed edition for further packing. Module '.Error'
just means global variable Error
itself, without any other magic. Dot module won't appear in final dist runtime code.
Line 14 in ebcd61c
dist/ESM/j-toml.js
edition (without start dot in filename) is the format that people usually use to pack for the time being, you can use that for simplicity.
It's also possible that you are reading the source.
Line 1 in ebcd61c
Just remeber, module id starting with a dot means that's a global variable in most cases; and if it does not exist in js spec, it's my personal util (only very small and very common use util that not worth to be independent package to publish, like '.throw.TypeError'
, which means function throwTypeError (msg) { throw TypeError(msg); }
, which allow throw error in expression input.match(REG_EXP) || throwTypeError('...')
e.g.).
.j-toml.js
tool support is currently not published for public, but I can explain ahead.
For example, Object.prototype.hasOwnProperty
is slow and mutable and can not be minified, so I write const hasOwnProperty = Object.prototype.hasOwnProperty
instead in almost all project.
But that has a problem, if my downstream project packed a lot of upstream packages, then here will be a lot of repeating of same thing. So in .j-toml.js
edition, I remained all reference as import hasOwnProperty from '.Object.prototype.hasOwnProperty';
style. Module ID starts with .
means that's a global variable.
'.Error'
is the same. That also helps for avoiding accidental global variables reference (I do not allow any bare global reference in my project), and make it easy to use or remove polyfill (like '.Reflect.apply'
means directly use, '.Reflect.apply?'
means typeof Reflect==='undefined' ? undefined : Reflect.apply
, '.Reflect.apply?=customPolyfillExpression'
means typeof Reflect==='undefined' ? customPolyfillExpression : Reflect.apply
, and '.Reflect.apply?='
means default polyfill; and the polyfill part will be skipped if same project reference same feature without polyfill syntax).
Welcome to discuss.
from j-toml.
.j-toml.js tool support is currently not published for public[...]
So I can't reproduce the build and verify the dist package. Without verification the usage of your code is risky.
Also I would like to work with some popular module bundler (rollup, webpack) because this way it will be easier to verify your code.
Not that I verify every npm package with sources, I almost never do it, but I feel more trust to packages that can be verified by a community.
from j-toml.
Of cause! That's necessary.
In fact the bundler tool I use is a custom edition rollup (approximate rollup + dot module plugin + terser).
I just have too many package in publishing process, including bundler tool. People won't accept what you worried, me too.
Thank you for communication!
from j-toml.
I found a temporary way to confirm the dist safe, by easily search in the dist file:
- The dist code only includes one
require('fs').readFileSync
in theparse
, which only called forsourcePath
parameter parse
is not called in the dist code self- There is no any more
require
orimport
called - There is no net API called
- There is no
eval
reference, noFunction
reference, and only twoconstructor
property access which only lead todelete
behaviour, which won't referenceFunction
indirectly.
Line 1939 in ebcd61c
Line 384 in ebcd61c
Line 494 in ebcd61c
@ilyaigpetrov Hope this would help.
from j-toml.
Since 1.17.0, @ltd/j-toml
removed internal require('fs')
for TOML.parse({ path })
, so the temporary way to confirm the dist safety is easier now:
- There is no any
import
orrequire
[^1] reference - There is no any net API reference
- There is no any native API override
- There is no any
eval
reference, also noFunction
reference, and only twoconstructor
property access which only lead todelete input.prototype.constructor
behaviour for library data, which won't referenceFunction
indirectly
[^1]: Remain one place in TOML.parse
for users before 1.17.0 lacking options.require
compatibility.
from j-toml.
Related Issues (20)
- Safari crashes with SyntaxError HOT 1
- How can I define custom typescript type for parsed data? HOT 1
- [feature?] Multiline in stringify HOT 4
- [Feature] Option to use double quotes for strings HOT 1
- Section equivalent for arrays? HOT 4
- Logical nullish assignment (??=) is not supported in Node <15 HOT 1
- Controlling spaces in list output HOT 6
- Configure double quotes or single quotes output HOT 5
- Status of Single-line and Multiline Comments HOT 5
- Stringify of the same JSON created via parse does not produce a valid TOML back HOT 6
- Can't Parse a Stringified example. HOT 2
- bug: npm bundle is invalid with version 1.35.0 HOT 3
- Cannot use with Cypress - requires es2019 or lower? HOT 2
- NULL prototype thing causes trouble HOT 1
- Is there a simple demo code to provide pretty format? HOT 2
- Maintain "style" HOT 2
- 使用的时候遇到了一个报错 HOT 1
- https://www.longtengdao.com/ is down HOT 1
- v1.16.0 breaks bundled javascript HOT 5
- use in browser HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from j-toml.