JavaScript information for website
Bernhard M. Wiedemann
bernhardout at lsmod.de
Tue Jul 28 07:01:44 UTC 2020
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Am 24.07.20 um 22:10 schrieb John Scott:
> I'm not subscribed, please keep me CC'd.
>
> I'm working on adding metadata to the JavaScript on
> reproducible-builds.org so software like LibreJS can know it's free
> and where the source code can be obtained.
>
> However, modernizr.min.js, popper.min.js, and run_prettify.js are
> minimized and don't say what version they are. Would anyone be able
> to identify this so I can locate the corresponding source?
On that topic: did someone test if JS-minifier code is deterministic?
and is there continuous testing somewhere to verify that published
non-source minified versions correspond to the respective sources?
links I found on that topic in our blog posts:
https://blog.bitpay.com/npm-package-vulnerability-copay/
https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
https://diff.intrinsic.com/
https://extensionworkshop.com/documentation/publish/add-on-policies/
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTykslvYmKwlIQesLNdovN53d8CLgUCXx/NWAAKCRBdovN53d8C
LqAVAQCZPpAwpK3UexeJCESiH9bqtUTS4KcPUtSBxyr7ShLKdQEAtp5vrt4D5bvW
58iy/cioaDOYrusMcnR697F73kvCtQ8=
=fJhd
-----END PGP SIGNATURE-----
More information about the rb-general
mailing list