I am a long-time NoScript extension (https://noscript.net/) user. For those who don’t know this automatically blocks any javascript and let you accept them (temporarily or permanently) based on the scripts’ origin domain.

NoScript as some quality-of-life option like ‘accepting script from current page’s domain by default’ so only 3rd parties would be blocked (usefull in mobile where it is tedious to go to the menu).

When I saw LibreJS (https://www.gnu.org/software/librejs/) I though that would be a better version of NoScript but it is quiet different in usage and cares about license and not open-source code (maybe it can’t).

Am I the only one who thought about checking for open-source JS scripts filtering (at least by default)? This would require reproducibility of ‘compilation’/packaging. I think with lock files (npm, yarn, etc) this could be doable and we could have some automatic checks for code.

Maybe the trust system for who checks could be a problem. I wanted to discuss this matter for a while.

  • loathsome dongeater@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Can’t say that what you are looking for is common. This is the first time I’ve heard this requirement bring described.

    Librejs started a long while back. I’m no js historian but I reckon things have changed a ton in jsland since then. My guess is that there assumption is that since JavaScript files are just scripts, they contain the source code and therefore all it checks for is is the license.

    I don’t know at which point things like obfuscation through minification and systems like webpack came along. I’m only theorising but I feel librejs has not been able to keep up with the times.