Page MenuHomePhabricator

Security review for tedivm/jshrink
Closed, DeclinedPublic

Description

JShrink (tedivm/jshrink) is a pure-PHP library for minifying JavaScript. It attains better compression than JSMinPlus, which is the library we currently use. I propose to replace JSMinPlus with JShrink.

Event Timeline

ori created this task.Aug 11 2015, 4:53 PM
ori raised the priority of this task from to Needs Triage.
ori updated the task description. (Show Details)
ori added projects: MediaWiki-Vendor, Security.
ori added a subscriber: ori.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2015, 4:53 PM

Change 230811 had a related patch set uploaded (by Ori.livneh):
Add tedivm/jshrink

https://gerrit.wikimedia.org/r/230811

Legoktm set Security to None.

What is the memory usage of this library like? (T31784: ResourceLoader: JsMinPlus is too memory hungry (memory leaks?)) Also does it support ES5/ES6 features? (T96901/T75714)

csteipp moved this task from Backlog to Ready on the Security-Team board.Aug 11 2015, 7:32 PM
ori added a comment.Aug 11 2015, 8:37 PM

Also does it support ES5/ES6 features? (T96901/T75714)

Yes. The JavaScript snippets included in each of those two bug reports are minified properly by JShrink.

dpatrick triaged this task as Normal priority.Aug 11 2015, 9:34 PM
ori changed the task status from Open to Stalled.Aug 12 2015, 9:10 PM

Please hold off on this for a bit -- I am now seeing results which contradict my earlier findings, and I worry that I made a mistake.

csteipp moved this task from Ready to Backlog on the Security-Team board.Aug 12 2015, 10:21 PM
csteipp moved this task from Backlog to Ready on the Security-Team board.Aug 18 2015, 11:51 PM
csteipp moved this task from Ready to Backlog on the Security-Team board.
ori closed this task as Declined.Sep 11 2015, 8:44 PM
ori claimed this task.

JShrink does not compress any better than JSMinPlus, sadly. My measurements were wrong.

Change 230811 abandoned by Reedy:
Add tedivm/jshrink

Reason:
Actually, I see the task was declined

https://gerrit.wikimedia.org/r/230811

Restricted Application added a subscriber: Luke081515. · View Herald TranscriptJan 24 2016, 10:13 PM
sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 7:15 PM