Embed the index.js bundle inside of npm releases

Question

Embed the index.js bundle inside of npm releases

mensfeld opened this issue 3 years ago · 3 comments

Hey, I noticed, that part of apl-viewhost-web is being downloaded. This causes a problem when trying to install offline / from cache because part of the code is being fetched from: https://d1gkjrhppbyzyh.cloudfront.net/apl-viewhost-web/6990ED81-A690-4946-8ACC-63B243C19388/index.js

Is there a chance to bundle this inside the upcoming releases?

Answer 1 · 2022-11-08T15:54:34.000Z

Hi,

I would like to +1 this request since this is attempting to downloading an opaque artifact without customer knowing constituting a security risk. Could you model this dependency properly using npm?

Thanks,

Answer 2 · 2022-12-20T20:44:20.000Z

Thanks for reaching out to us. That index.js contains the WebAssembly pre-compiled binary of APL Core Engine. We hear your concern, and will look into this.

Answer 3 · 2023-01-17T14:11:26.000Z

I'm not an expert on the APL Core Engine and what language is written in, but in Rust there are already existing solutions that could be leverage to generate a proper npm package: https://rustwasm.github.io/wasm-pack/book/commands/pack-and-publish.html

Once it's modeled as an npm package, you should be able to depend on it and remove that download from the Internet.