I know UNPKG is fast, reliable and free to use, but what if I overuse it, what will happen?
For example, I can use rollup instead of webpack to bundle my entire website as UMD build to a single JS, and publish it as a NPM package, and if I use React or Vue or any other SPA approach, the HTML markup all I need to ship to production is this minimum piece of code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="X-UA-Compatible" content="ie=edge" />
<title>My Website</title>
<script src="https://unpkg.com/my-whole-website-umd"></script>
</head>
<body>
<div id="root"></div>
</body>
</html>
And UNPKG even help me to grab the latest version, which means if I publish my new package to NPM, my whole website that is in production will update:
<!-- this will always be the latest -->
<script src="https://unpkg.com/my-whole-website-umd"></script>
People can save thousands of server maintain money by using this approach.
Why UNPKG can still be free?
The project is made possible by generous donations from Cloudflare, which serves 99% of our traffic through their world-class CDN, and Google Cloud which donates resources to run our backend infrastructure.
unpkg is a free, best-effort service and cannot provide any uptime or support guarantees. That's why Michael recommends: if you rely on it to serve files that are crucial to your business, you should probably pay for a host with well-supported infrastructure and uptime guarantees.
Workflow. For npm package authors, unpkg relieves the burden of publishing your code to a CDN in addition to the npm registry. All you need to do is include your UMD build in your npm package (not your repo, that's different!).
Unpkg, a global content delivery network (CDN), has patched a vulnerability that could have allowed an attacker to execute malicious JavaScript on thousands of websites, including PNC Bank, React. js, and the official Nebraska government site.
It started out as a fun project, and grew out to a popular service that many people use. Some big companies attached themselves to this project and donate their services and more may do so in the future. They may pull out their donations as their strategies change in the future. For the moment it's free. If the donors pull out it may go down or respond more often with 500 errors or turn into a paid service.
It's not a strictly reliable service as you would get with a paid CDN. But because it's free it's not strictly reliable, if money, donated services or motivation runs out, it might go down overnight. Good for hobby or low traffic projects, but don't depend on it for mission critical things according to this blog.
https://kentcdodds.com/blog/unpkg-an-open-source-cdn-for-npm
unpkg is great for open source project demos and instructional material (I use it heavily in my Beginner's Guide to ReactJS), but it's not well suited for mission-critical applications at scale because:
unpkg is a free, best-effort service and cannot provide any uptime or support guarantees.
That's why Michael recommends:
if you rely on it to serve files that are crucial to your business, you should probably pay for a host with well-supported infrastructure and uptime guarantees.
The project is made possible by generous donations from Cloudflare, which serves 99% of our traffic through their world-class CDN, and Google Cloud which donates resources to run our backend infrastructure.
Taken from Patreon
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With