Comments (6)
Hi, thanks for raising your concern.
The event library in question is a very small, simple bit of code responsible for triggering an event and the reason for bundling into our application was because the library did not have ES module support but did exactly what we needed. In regards to particular points:
- this library no longer gets the free updates from the EventJS library so we don't get their performance improvements.
- this library no longer gets the free updates from the EventJS library so we don't get their security enhancements.
This is quite unlikely the library hasn't been published in 4 years and was only ever published 4 times, probably due to its simplicity.
- The type information is broken due to that line I linked above.
No, since the event library does not support TypeScript.
Since this has been brought to my attention, however, I've gone to the effort of bringing this library up to speed as well as improving the community's TypeScript support. #133
from flagsmith-js-client.
Hey @dgreene1 thanks for this. Happy to take a PR or we can look at this ourselves over the next few days.
from flagsmith-js-client.
@dabeeeenster if I was confident that our company was considering this product over the competition I would make a PR. But we’re not there yet. And the findings actually were rather disturbing to see. Like it’s clearly a copy and paste of the minified version of a public library and I can’t understand how that’s acceptable for a paid offering. Since I can’t reverse engineer that minified code to determine which library was used, the Flagsmith staff will have to make this PR.
from flagsmith-js-client.
The type information is broken due to that line I linked above.
No, since the event library does not support TypeScript.
That’s a bummer since there are many event libraries that are tiny and have types internally or in DefinitelyTyped. I can’t recall which of these I used in my last library, but the top 4 likely do have types due to their popularity: https://npmtrends.com/event-emitter-vs-event-trigger-vs-eventemitter2-vs-eventemitter3-vs-events-vs-pubsub-js-vs-tiny-emitter
the reason for bundling into our application was because the library did not have ES module support
There shouldn’t be a problem with CommonJS imports if you use this flag: https://www.typescriptlang.org/tsconfig#esModuleInterop
this library no longer gets the free updates from the EventJS library so we don't get their security enhancements.
What I mean by that is that you won’t get Dependabot security alerts for https://www.npmjs.com/package/event-trigger because Github has know way of knowing that you use that library due to it not being in you package-lock.json. So if there is a security exploit in https://github.com/zoli-fischer/event-trigger then you won’t get informed.
That being said, I think #133 is a great contribution and makes me feel more comfortable giving Flagsmith the go-ahead to be one of the libraries that our company considers. Thank you. :)
from flagsmith-js-client.
That’s a bummer since there are many event libraries that are tiny and have types internally or in DefinitelyTyped. I can’t recall which of these I used in my last library, but the top 4 likely do have types due to their popularity: https://npmtrends.com/event-emitter-vs-event-trigger-vs-eventemitter2-vs-eventemitter3-vs-events-vs-pubsub-js-vs-tiny-emitter
I'll take a look at the event emitters you linked, my main goal for it would be keeping the bundle size low, a few I looked at previously were doing more than we needed.
There shouldn’t be a problem with CommonJS imports if you use this flag:
Thanks for that I'll try it out for my own curiosity, similarly to the comment on Dependabot, I still think the most positive way forward will be to continue with the PR or get an equally small typed replacement.
Thanks for the kind words RE #133, I'll likely be tidying this up / publishing today.
from flagsmith-js-client.
This is now released as of flagsmith, flagsmith-es and react-native-flagsmith 3.6.0
from flagsmith-js-client.
Related Issues (20)
- isLoading never updates to false HOT 2
- Flagsmith's `loadingState.error` is not respect actual error state HOT 11
- [Bug] - NextJS >= 13.0.0 SSR `useFlagsmith` state not matching the state that is passed to the provider. HOT 16
- flagsmith/react only works in React 18 HOT 3
- [Bug] - TypeError: Cannot read properties of null (reading 'getValue') HOT 5
- Flagsmith's 'useFlags' doesn't return actual cached flags when request failed HOT 2
- Rollup Name for react HOT 5
- Inconsistent license information HOT 2
- Caching with multiple instance doesn't work HOT 6
- Typing issue in react.tsx: 'flagsmith' is possibly 'null' HOT 3
- useFlags() race condition HOT 8
- Different environments not working HOT 5
- Localstorage cache is not being wiped out in some edge cases HOT 3
- Support `getValue` fallback without `json` flag HOT 2
- useFlags not updating values in react18/Nextjs App Router
- 3.23.0 seems to have broken something HOT 4
- Intermittent Flakiness in Feature Flags on Safari/MacOS HOT 2
- Flags are null when the cacheFlags option is true HOT 3
- Typescript compiler errror `Cannot find name 'F'.` when compiling flagsmith in Angular project HOT 3
- Bundle ES(flagsmith-es) and combine with standard CJS module (flagsmith)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flagsmith-js-client.