Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why UNPKG is free to use, and what will happen if I overuse?

I know UNPKG is fast, reliable and free to use, but what if I overuse it, what will happen?

For example, I can use rollup instead of webpack to bundle my entire website as UMD build to a single JS, and publish it as a NPM package, and if I use React or Vue or any other SPA approach, the HTML markup all I need to ship to production is this minimum piece of code:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
    <title>My Website</title>
    <script src="https://unpkg.com/my-whole-website-umd"></script>
  </head>
  <body>
    <div id="root"></div>
  </body>
</html>

And UNPKG even help me to grab the latest version, which means if I publish my new package to NPM, my whole website that is in production will update:

<!-- this will always be the latest -->
<script src="https://unpkg.com/my-whole-website-umd"></script>

People can save thousands of server maintain money by using this approach.

Why UNPKG can still be free?

like image 815
Joseph Wang Avatar asked Feb 03 '20 14:02

Joseph Wang


People also ask

How does Unpkg make money?

The project is made possible by generous donations from Cloudflare, which serves 99% of our traffic through their world-class CDN, and Google Cloud which donates resources to run our backend infrastructure.

Should I use Unpkg?

unpkg is a free, best-effort service and cannot provide any uptime or support guarantees. That's why Michael recommends: if you rely on it to serve files that are crucial to your business, you should probably pay for a host with well-supported infrastructure and uptime guarantees.

What is Unpkg COM used for?

Workflow. For npm package authors, unpkg relieves the burden of publishing your code to a CDN in addition to the npm registry. All you need to do is include your UMD build in your npm package (not your repo, that's different!).

Is Unpkg secure?

Unpkg, a global content delivery network (CDN), has patched a vulnerability that could have allowed an attacker to execute malicious JavaScript on thousands of websites, including PNC Bank, React. js, and the official Nebraska government site.


2 Answers

It started out as a fun project, and grew out to a popular service that many people use. Some big companies attached themselves to this project and donate their services and more may do so in the future. They may pull out their donations as their strategies change in the future. For the moment it's free. If the donors pull out it may go down or respond more often with 500 errors or turn into a paid service.

It's not a strictly reliable service as you would get with a paid CDN. But because it's free it's not strictly reliable, if money, donated services or motivation runs out, it might go down overnight. Good for hobby or low traffic projects, but don't depend on it for mission critical things according to this blog.

https://kentcdodds.com/blog/unpkg-an-open-source-cdn-for-npm

unpkg is great for open source project demos and instructional material (I use it heavily in my Beginner's Guide to ReactJS), but it's not well suited for mission-critical applications at scale because:

unpkg is a free, best-effort service and cannot provide any uptime or support guarantees.

That's why Michael recommends:

if you rely on it to serve files that are crucial to your business, you should probably pay for a host with well-supported infrastructure and uptime guarantees.

like image 74
Tschallacka Avatar answered Oct 17 '22 18:10

Tschallacka


The project is made possible by generous donations from Cloudflare, which serves 99% of our traffic through their world-class CDN, and Google Cloud which donates resources to run our backend infrastructure.

Taken from Patreon

like image 40
PaulS Avatar answered Oct 17 '22 18:10

PaulS