chrisdavidmills
commented
5 years ago I agree with this.
Open wbamberg opened 5 years ago
chrisdavidmills
commented
5 years ago I agree with this.
jwhitlock
commented
5 years ago The example in react-es6-popup is the cause of 5 security alerts for the repository, two of them high severity (thanks @openjck). I'm a fan of removing that one first.
irenesmith
commented
5 years ago I agree that the web extensions examples should focus on the WebExtension APIs.
motin
commented
5 years ago Removing to decrease maintenance seems like a great idea, but maybe they can still live on in one or many separate repos (which in turn can be archived and read-only in case they have no maintainers), or at least linked to from somewhere? Some are still useful despite being a bit outdated.
kumar303
commented
4 years ago These examples are really important because npm integration greatly enhances the development experience and most developers are already using it for complex extensions, anyway, especially in the Chrome ecosystem. Integrating with npm greatly simplifies dependency management, such as keeping webextension-polyfill up to date.
As an anecdote, I noticed an extension in the wild which suggested an npm install step and a manual step of installing web-ext. This is unnecessary because one could just alias npm start to the web-ext command as the react-es6-popup showed.
If the security vulnerabilities are bothersome I suggest disabling them entirely. The goal of this repo is not to ship production-ready code so I don't see how those are useful. The npm ecosystem moves quickly, sure, but an outdated example will still be very helpful to someone who is starting a new project when they are familiar with npm. They would know to update the dependencies on a new project.
As a side note, there is no way someone could discover an example of using React in an extension now. This is not straightforward which is why I think an example was very helpful. React is a very popular framework for building UIs so we should provide a smooth transition into webextensions for those developers.
Several of the examples here pull in dependencies for stuff like react, babel, webpack, eslint. They are useful to show how WebExtensions can integrate these technologies, but I think they are outside the core scope of this repo, which is to show how to use the WebExtension APIs.
They are still useful and if they were zero-cost, then I'd be happy to keep them, but they are a significantly greater maintenance burden than extensions that just use the WebExtension APIs. So I'd propose we just remove these examples.
This applies to: