Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why is web3.min.js not provided anymore? #2623

Closed
carsonwah opened this issue Apr 1, 2019 · 25 comments
Closed

Why is web3.min.js not provided anymore? #2623

carsonwah opened this issue Apr 1, 2019 · 25 comments
Labels
2.x 2.0 related issues Enhancement Includes improvements or optimizations Stale Has not received enough activity

Comments

@carsonwah
Copy link

Description

No web3.min.js available since v1.0.0-beta.38.

Expected behavior

A web3.min.js file should be pre-packed and is ready to use directly.

Actual behavior

The collaborator said "he" always use webpack to bundle the js files.
#2475 (comment)

Versions

  • web3.js: >=1.0.0-beta.38

Can someone explain the reason behind this decision? It is too troublesome to use a bundler in order to use this library. I don't see why we can't have a web3.min.js. Many people are sticking with v1.0.0-beta.37 because of this.

(You may view this issue as a question or a feature request)

@carsonwah carsonwah changed the title Why web3.min.js is not provided anymore? Why is web3.min.js not provided anymore? Apr 1, 2019
@nivida nivida added Enhancement Includes improvements or optimizations Discussion labels Apr 1, 2019
@nivida
Copy link
Contributor

nivida commented Apr 1, 2019

I've removed the minified file because I thought the frontend space is using a build chain anyways. Sorry for the troubles. I will add a minified file for each module back to the npm packages asap.

@nivida nivida removed the Discussion label Apr 1, 2019
@carsonwah
Copy link
Author

@nivida Thank you. I think providing a minified js will be very helpful especially for many people that are using Truffle as their starting point, which does not include a frontend bundler usually.
Thanks for the quick reply.

@GHLover
Copy link

GHLover commented Apr 1, 2019

Yes, please provide this. Many users cannot even install web3 with npm. Web3 uses a deprecated version of scrypt npm module instead of native node.js functions. As a result of this dependency it cannot be installed as this module has difficulties installing under many modern linux distributions.

You can see this module is deprecated here: https://github.com/barrysteyn/node-scrypt

There is even potential issues of malicious code injection: barrysteyn/node-scrypt#186

@fulldecent
Copy link

Reference to #2013 to explain the security problem with this issue.

@smiled0g
Copy link

smiled0g commented Apr 3, 2019

@nivida Any ETA on this issue? I found that installing web3 via npm doesn't even compile correctly with create-react-app. With different build systems out there, it'd be more difficult to make sure that web3 package would work with all of them.

@OFRBG
Copy link

OFRBG commented Apr 5, 2019

@smiled0g I've used web3 with create-react-app many times, and I've never had a problem. Maybe add more information? create-react-app uses webpack, and it has no problems with web3 as of now.

@smiled0g
Copy link

smiled0g commented Apr 6, 2019

@smiled0g I've used web3 with create-react-app many times, and I've never had a problem. Maybe add more information? create-react-app uses webpack, and it has no problems with web3 as of now.

In web3.js 1.0.0-beta.51, it did break. Particularly the transactionSigner.constructor.name was evaluated as'TransactionSigner' in development build, but evaluated as 't' in uglified, production version that webpack generates.

The issue was fixed in 507d2b0#diff-0ad486d5fb5fd6cb067665b271b692d8L183

@shawenbin
Copy link

I've removed the minified file because I thought the frontend space is using a build chain anyways. Sorry for the troubles. I will add a minified file for each module back to the npm packages asap.

yes, web3.min.js is very useful in many project.

@princesinha19
Copy link
Contributor

@nivida I think this should also be added to 1.0 milestone.

@kevinsimper
Copy link

Using the bundled version is super great for quick demos and small POC that can just be made in the browser.

I often go to https://www.jsdelivr.com/ and find the bundle version.

I can agree with that fronend most uses tools, but until the ecosystem has built the tools that exist for react for example a bundled version is super great!

@sshelton76
Copy link

+1000 on this. Releasing a pre-built bundled version especially if it can be signed would greatly increase the visibility of the project. It also makes a great reference point to see if something that broke is broke in the "official build" or just some quirk in your own build process.

@tangelo313
Copy link

I just registered to Github to say that many dev friends and I are really missing the web3.min.js. We build web apps without using npm and other fancy things. Please put it back as we stuck on beta37 for a while.

@kevinsimper
Copy link

One thing to add would also be to add integrity checks for any CDN script tags loading. web3.js would be a target as it will enable you to hit a larger percentage of dapps.

<script src="https://example.com/example-framework.js"
        integrity_no="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#Examples

@wbt
Copy link
Contributor

wbt commented Apr 30, 2019

Beta.53 was just released and still no "dist" which was going to be added "asap" following its drop in -beta.38. Having a known constant reference version instead of a build pipeline helps reduce variance and give simpler steps to reproduce for reporting bugs and resolving issues.

The project should also not be reopening security issues and then leaving them unfixed as part of steps toward 1.0; that feels like another step backward.

I support moving this issue back to a priority position which we should have recognized as an April Fool's joke.

Thanks for your work on the project!

@mrehanabbasi
Copy link

Still waiting for the bundled version.

@nivida nivida added the 1.x 1.0 related issues label Jun 20, 2019
@wbt
Copy link
Contributor

wbt commented Jul 1, 2019

@nivida Thank you for the kind thoughts and words. However, "the minified file will be added back asap” has been the status for >3 months now and there is no credible indication this will change anytime soon. The issue remains marked as an Enhancement in the “To Do’s” category and you’re swamped with other tasks & contributions.

@andy0130tw was clearly just trying to help, stepping up to fill a gap as that’s how open-source is supposed to work. I applaud those efforts and hope they aren’t so readily dismissed/closed off in the future, especially on the basis that “asap” somehow takes on its usual meaning in the context of this project.

@wbt wbt mentioned this issue Jul 2, 2019
11 tasks
@CryptoJanne
Copy link

Still nothing? been waiting for this for like 4 months now

@nivida
Copy link
Contributor

nivida commented Sep 30, 2019

The minified file is existing here in the repository on branch 1.x.

@CryptoJanne
Copy link

Ah yes sorry. Does this mean that 2.x will not get web3.min.js?

@pydlv
Copy link

pydlv commented Oct 11, 2019

really would like web3.min.js for 2.x

@github-actions
Copy link

github-actions bot commented Jul 4, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions

@github-actions github-actions bot added the Stale Has not received enough activity label Jul 4, 2020
@wbt
Copy link
Contributor

wbt commented Jul 4, 2020

I don't think this should be marked as stale.

@github-actions github-actions bot removed the Stale Has not received enough activity label Jul 5, 2020
@github-actions
Copy link

github-actions bot commented Aug 4, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. If you believe this was a mistake, please comment.

@github-actions github-actions bot added the Stale Has not received enough activity label Aug 4, 2020
@dzimbeck
Copy link

dzimbeck commented Jan 18, 2024

I downloaded main branch and don't see anything for easy deployment. A signed release of min would be recommended in the main package. Is it that nobody wants liability of signing production release? The releases don't contain anything built, cdn shows older version I was able to find newer releases at cdn web3@latest/dist/web3.min.js which was mentioned in a comment in the repo but it should probably be made more clear where to find them or include a signed release in the main build. Because its a bit of a hassle for security to have to audit the entire package instead of auditing a single file.

@wbt
Copy link
Contributor

wbt commented Feb 26, 2024

Look in the dist/ folder for a web3.min.js and corresponding map+license.
https://npm.runkit.com/web3/dist/web3.min.js?t=1708960641472

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2.x 2.0 related issues Enhancement Includes improvements or optimizations Stale Has not received enough activity
Projects
None yet
Development

No branches or pull requests