Ask HN: What if browsers included common JavaScript packages?
Like it or not, the cat's out of the bag on JavaScript. Lots of the websites we use every day rely on a small number of JavaScript libraries. How many different times do you think your computer and phone have had to download the entirety of React, Vue and jQuery? I've had this idea in my head for a while that browsers should have these libraries included, allowing developers to just import them without the user having to download anything but the actual application code.
`import React from "@browserIncludedReact/v16.9";`
It might feel weird to build this into the browser, but unless you browse with JS turned off, you are downloading these libraries several times a day, if not hundreds. Non-tech people usually leave js on, so the savings, while small for each person, could end up being huge on a macro scale. Curious what people's thoughts are?
Curious what people's thoughts would be?
5 comments
[ 2.7 ms ] story [ 15.7 ms ] threadFurther, we tried this 15 years ago with popular CDNs serving these libraries, but we discovered that having multiple sites sharing the same one raised several security concerns.
That could be accounted for pretty easily, no?
> raised several security concerns.
I'd think that having the file included in Chrome or Firefox would alleviate those concerns though. If you can't trust your browser vendor to bundle the right version of a library
https://developer.chrome.com/blog/http-cache-partitioning/
> However, the time a website takes to respond to HTTP requests can reveal that the browser has accessed the same resource in the past, which opens the browser to security and privacy attacks, like the following:
> Detect if a user has visited a specific site
> Cross-site search attack
> Cross-site tracking
With this suggestion, I guess we can add browser version (and thus, which vulnerabilities can be exploited) to that list. Chrome is trying to freeze the user-agent string, but this would defeat the point.
If you think we can’t improve on React/Angular/Vue then great, but for everyone else it’s a disadvantage.
Since service workers are now commonplace, it would be more helpful to somehow share the caching of commonly used libraries, so once downloaded in one place the browser would let it serve for another. Not sure how it could work, but would need to ensure the libs were identical. Maybe by use of a hash? Mmm ..