Comments (10)
@Georg-Git please don't delete your comments, they are an important part of the discussion and future readers will want to reference this down the road I'm sure.
Now to your point about a non-minified version. While I understand where you are coming from and in principle I agree transparency is critical, building a non-minified file doesn't achieve that and actually opens doors for greater harm. It is quite easy to build a minified file that has little or nothing in common with a non-minified file from the same build process, but now everyone feels safe and secure because they can review the non-minified file, leading to lax security practices. We want to encourage sustainable best practices and not foster a false sense of security.
from lz-string.
@Rycochet You should do like compress
and compressToUTF16
keep everything existing remain unchanged.
just add new methods or use a flag to turn on or off V2
no need to have any breaking change.
for example, LZString.version = 2
or LZString.fixBase64 = true
to indicate using the fixed version.
This has to be manually turned on.
Even the existing users suddenly updated the script to latest version, there should have no change as they do not turn on the setting.
from lz-string.
I completely agree with @cyfung1031 in that there are plenty of ways to make the change non-breaking. That said, the fact that the Base64 is buggy should not bother anyone. The server side ports of this lib already handle the bug and there is no harm done. And the fact that it's proper Base64 is irrelevant
Moreover, the compressToBase64
is pretty much useless in that I don't see a valid use case for it. compressToEncodedURIComponent
works fine for putting data in a URL. It is the same size and would work fine for all usages of compressToBase64
.
That said, I understand the urge, it's itching me as well :-)
from lz-string.
@Georg-Git Nothing here is done in my name, you must be confused. People own their stuff and no one claimed to have done anything in my name.
from lz-string.
Thank you for this library!!!
After a break of almost 8 years, very few people will even notice the revival and this question. 🤣
But please carry on!
from lz-string.
@Georg-Git 10 million downloads a week on npmjs - so people will notice
from lz-string.
Of course - when the breaking changes will hit the npm fan. 😉
I am talking about the few answers here on github. 😉
It was pure luck that I noticed the upcoming renovations.
But I really appreciate the new team's efforts!!
Many thanks 👍
from lz-string.
An important and widely distributed library for compression,
and new collaborators earn over some years the trust of the owner.
And when asking for a non minified file at the end of the new build process of the upcoming version 2 this request was blocked by the new collaborators. 😏
I hope everybody had read the news about the backdoor in XZ Utils:
https://www.akamai.com/blog/security-research/critical-linux-backdoor-xz-utils-discovered-what-to-know
Interesting parallels....
@pieroxy:
I hope you still keep an eye on what is being done here in your name.
😉
EDITED:
Human communication without body language can lead to misunderstandings and there were probably too few smilies in my text.
Otherwise I would have liked to take this even further by pointing to the recent issue that Chrome is already giving a virus warning when using LZ String: #239 😊
Now seriously:
I have no indication that anything wrong is going on with this project.
But once suspicion has been triggered, counter-statements are of little use.
(And @Rycochet way of answering doesn't encourage trust either.)
Especially out of respect and gratitude to @pieroxy for this repository, I would like to avoid leaving unjustified suspicion in the room. Also, I am sure @karnthis will prevent anything like that. 😉
As already written above only a few people had taken notice of this thread after an 8-year break.
This will of course change with the release of version 2 on NPM.
Therefore, I will delete this comment soon - and wish the new version much success.
from lz-string.
@Georg-Git Releases are planned to be directly from the Github Actions process, as in having no ability for any individual (except @pieroxy) to make a release directly. Currently you have opened and commented on several threads without having any real understanding of the open source community or apparently the npm architecture.
I am very well aware of your behaviour and suggest you (and any other readers of this comment) watch this 2008 presentation from Google https://www.youtube.com/watch?v=-F-3E8pyjFo (it really needs the entire hour to be watched to understand properly).
That suggestion was answered, and is as such closed. The source code is all here and anyone can build and test it in an identical way.
from lz-string.
@karnthis Thank you - far better explanation than I gave there!
from lz-string.
Related Issues (20)
- Crash with large strings when running on Hermes (React Native)
- Is there a way to allow custom dictionaries? HOT 9
- How to realize that only specified characters are allowed to appear in the compression result? HOT 1
- LZ-String port to current typescript HOT 9
- Tag for v1.5.0 HOT 2
- Version 2 TODO list HOT 15
- Feature request: compress to source-compatible character set HOT 1
- New port for a linux executable HOT 1
- Can utf-8 codes be avoided in the output? HOT 10
- `decompressFromBase64` can return `null` HOT 7
- Docs: JSPerf.com links are no longer valid
- Docs: A Complete Demo for various compression/decompression HOT 3
- Docs: TSDoc HOT 3
- License Inconsistencies HOT 5
- [email protected] build with warnings HOT 4
- Feature request: a non minified js file as a result of building v2 HOT 2
- Chrome virus warning with compressToEncodedURIComponent URL HOT 2
- CLI support for decompressing base64 encoded files HOT 1
- Please investigate the slow (irresponsible) LZString issue in Edge HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lz-string.