Cdnjs - the missing cdn (opens in new tab)

When I have see that a webpage has 20 or more scripts attached to it from domains differing from the one website I am visiting, I do by default assume they are tracking scripts from advertisers or facebook or similar ilk.

If a website needs scripts, I expect the website to serve it from a domain which belongs to it. For most sites I visit there are at least 30, sometimes 50 scripts from various sites and domains trying to track me, slowing down my browsing experience, and sucking up my systems ram.

Disabling those causes massive speed-ups. Plus it protects my privacy.

Install ScriptNo in Chrome (or similar for Firefox). You will be shocked by the difference. And you will be shocked by the massive script-abuse currently on the net.

And no, I will not wade through that long list for each and every page I visit, to whitelist whatever CDN you have decided to put in the same trustworthyness-group as doubleclick.net.

If your site breaks with those scripts blocked, I leave.

Unfortunately he is in vast minority. Only when you start using NoScript or generally paying more attention to your browser's status bar do you start to realise the scale of the ridiculousness.

We need to extend the baseline notion of what the web is. If some nontrivial number of sites are using (say) jQuery, then it would be a good idea to have a way to declare "SCRIPT SRC jQuery version x.y.z" and let the browser figure out where it lives. Then you fetch it once, parse it once, and run it many times, no matter what site you may be visiting.

Or at the very least, we need some way to say "get this script from this URL, but only if it hashes to <this value>, since otherwise it's been compromised". Why worry about CDNs when you can design the script-switcheroo attack right out the system in the first place?

I wrote about this in June: http://rachelbythebay.com/w/2012/06/27/src/

Ok. So I didn't miss anything obvious. :-) This might have been handy back in the dial-up days, but not now. Now I see it as a security and stability risk.

I assume you are the creator of cdnjs - what are your relation with cloudflare beyond just the sponsorship? Are you working for them? Do you advise them?

I'm wondering what is the performance increase delivered by cloudflare. I've heard many mixed opinions and I'm at the interesection where I have to decide whether I'm using them or others.

btw - kudos to Cloudflare for sponsoring this - seems like a great way to put yourself in front of developers.

Because their stocks would go down very quickly if they did.

Yes, I think you are correct.

Digging deeper, I see that libraries are added via pull request and that the Nivo Slider library was added 11 days ago. Other libraries that have been there longer (such as jQuery) continue to have old versions.

Once a library is hosted it stays hosted forever.

cachedcommons claims to have been around since 2009. cdnjs claims to have been around since 2011. Im not saying one is better than the other, but i am implying that cdnjs is not 'the missing cdn'.

Yep. We plan on launching the css component our our offering in the near future.

Sort of. I'm still not sure I want to use a CDN that can't keep its main site up.

How do I know their .js files won't expire out of the CloudFlare cache before the site comes up, for example?