[whatwg] Browser Bundled Javascript Repository

And Clover and-py at doxdesk.com
Mon Jul 13 13:36:49 PDT 2009

I honestly can't see the benefit of bundling common libraries at all. It 
requires a bunch of infrastructure to manage it and quickly becomes out 
of date. Not worth it to save a few tens of K as a one-time download - 
not a significant amount at all in today's terms.

What would help is if more people could link a script from a common 
location so that it was already cached by the standard browser 
mechanisms. This is already happening to some extent.

But linking external scripts does have a problem in that you have to 
trust the site you're linking not to change the script (or get 
compromised) to add malicious features. A cryptographic hash of the file 
you expect could be used to mitigate this issue, perhaps for other types 
of file too. And such a feature could fall within HTML5's purview.

For example:

     <script type="text/javascript"
     <link rel="stylesheet" type="text/css"

And Clover
mailto:and at doxdesk.com

More information about the whatwg mailing list