Closed JasonKleban closed 7 years ago
I am pretty sure there are no increased risks here. If you wanted to further reduce the risk you could keep parts of the original build pipeline (namely the concatenation of source files before compression). make core.js
for example would concat the source files.
On the other hand I would also be happy if we could move from the old python pipeline to something more modern.
I want to use the ECDH parts of the library which are not part of the pre-built
sjcl.js
, but I don't want to install the perl/Java/YUI or Closure dev-dependencies on my computer just for that. Instead I opted for uglify-js and added these threenpm run _____
scripts, stealing the list of files fornpm run build-all
, for example, fromconfig.mk
after running.\configure --with-all
:Other than a slightly larger file size and improperly mangled names not covered by tests, is there any increased risk for bypassing the recommended compressors and pre-compression scripts? Any mitigations avoiding, say, side-channel leakage are not dependent on the compressed version, right?
BTW - I assume that the uglifyjs could do better if the code or the options were fine-tuned as I'm sure you have done with YUI and Closure, but this is good enough for me.