This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-11-28
Channels
- # adventofcode (2)
- # announcements (4)
- # babashka (34)
- # beginners (44)
- # biff (5)
- # calva (8)
- # cider (4)
- # clj-kondo (5)
- # clj-on-windows (5)
- # clojure (57)
- # clojure-art (1)
- # clojure-denmark (2)
- # clojure-europe (40)
- # clojure-nl (1)
- # clojure-norway (6)
- # clojure-seattle (1)
- # clojure-uk (2)
- # clojurescript (20)
- # cursive (6)
- # datomic (1)
- # emacs (6)
- # events (5)
- # fulcro (22)
- # helix (5)
- # hyperfiddle (5)
- # jobs (1)
- # joyride (2)
- # lsp (8)
- # malli (8)
- # off-topic (30)
- # pathom (8)
- # pedestal (1)
- # portal (5)
- # proton (1)
- # rdf (2)
- # re-frame (4)
- # releases (1)
- # remote-jobs (1)
- # reveal (8)
- # xtdb (5)
Just clojurescript core (and shadow-cljs) flagged as a trojan this when shipping an app for first time to a user, anyone seen anything like this?
Not entirely related to your question, but seems like you're shipping a development build to your client. I would try shipping a release one instead.
don't think it's a dev build, I'm just checking, it might have some dev dependencies though, but the first file flagged looks like the actual runtime so not removable
A prod build should have as many JS files as it has modules. In most cases, just one.
is that dependent on build tool? webpack et at bundle into a single file right but shadow-cljs release I didn't know bundled by default
reading, it definitely bundles to the browser but doesn't specify for node-library target
I think you're right, even with node-lib I think it's targetting a single file, i just also have some cruft from development in there
thanks @U2FRKM4TW
the ethe entire cljs-runtime dir is purely for dev builds. not related to release builds and should be deleted before shipping