[rhinoceraptor]

Javascript in the browser is practically compiled binary software at this point. You can't realistically inspect or edit 99% of what you're running since it's fully minified and obfuscated. And that's even more the case with WASM.

[danShumway]

I'm going to push back on this, at least a bit.

Maybe I'm atypical because I work with Javascript a lot, but I don't think it's that hard to read minified JS. Modern browsers have a lot of tools to help with that -- you can set breakpoints on DOM manipulations, you can autoformat the code so it's not just a jumble of text -- you can even pause execution and add custom code to functions that can do additional logging or subvert existing behavior.

And because the industry is at least somewhat focused on minimizing bundle size, it's pretty uncommon outside of captchas for me to see obfuscated code -- most of the time, you'll only be dealing with minification.

I don't know how WASM is going to affect this -- I suspect it'll be more problematic. But I manipulate minified JS all the time. It's a very 'inspectable' language, for lack of a better term.

[coldpie]

Documentation, comments, code layout and file structure are all critical components to any software project. Minimization removes all of that (right?) and I wouldn't consider it to be in "source form" in the spirit the phrase intends.

[danShumway]

I wouldn't say that I prefer reading minified code over well-formatted code. Certainly minified code isn't ideal or equivalent to getting access to original source form. What I'm specifically pushing back against is the idea that if code is minified, it might as well be running on a server -- that "you can't realistically inspect or edit 99% of what you're running".

I suspect that's hyperbole; browser inspection tools are really good, and I regularly inspect and edit minified code. Even outside of the browser, I've patched and fixed bugs in minified 3rd-party dependencies where I didn't have access to the source code. It takes a little while to untangle the code, but it's not hard -- just time consuming.

I don't want to dismiss people who struggle with that, but I also don't think I'm that special or amazing of a coder. If I can do something, odds are pretty good that other experienced programmers can too.

[jacquesm]

The fact that i can read quite a few Assembly dialects at the binary level doesn't mean that binary is suddenly equivalent to inspectable source.

[danShumway]

Of course not, that's not something I would ever claim.

But, given a choice between serverside code that you absolutely can't inspect no matter what, and a binary blob that you can read with a bit of extra work, wouldn't you prefer the binary blob?

Where serverside logic is concerned, it doesn't even matter if the underlying code is Open Source. I still can't inspect the instance and tell if it's running the correct code, or what its parameters are.

[NotATroll]

Yeah, but what on earth is the alternative?

Mobile gui's without javascript would be horrendous. On top of that, that's the platform you're minifying for.

I don't minify javascript to hide what's running, I minify it because a 3KB file is a lot less to download than a 12KB file.

So what? You design an entirely new language that: A) Can't be minified (How?) B) Has to be open source C) Can't be obfuscated (virtually impossible to prevent)

I'm sorry, but the stance is kinda dumb.

[JetSpiegel]

You can serve minified JS, but you should also provide the source code. Doesn't need to be loaded directly, it can be a link on the website.

https://en.wikipedia.org/wiki/GNU_LibreJS

[rhinoceraptor]

I don't think that there is anything necessarily wrong with it. I was just pushing back on the idea that just because Javascript is distributed in source form, that it isn't effectively the same thing as a compiled binary to the end user.