Hacker News new | ask | show | jobs
by qbasic_forever 1710 days ago
I think you should look into what Netlify actually does--you seem to be misunderstanding it as a typical hosted compute platform like EC2. With Netlify and similar service it's actually more like AWS lambda but tightly integrated into git/github. You push all your content source to github and setup a webhook that notifies Netlify of any change. Every time you commit Netlify will pull down your content, run your static site generator (docusaurus) in an ephermal container (like a lambda function) and then save the resulting generated content/HTML to their hosting site. At no time are you running or managing or operating an actual server.
1 comments
cratermoon 1710 days ago
As best I can tell, and I'm willing to be proven wrong, to tell Netlify which static site generator to run, the configuration must specify the command. Unless Netlify is maintaining the version/container/build of whatever command is given, it's up to the site owner to provide that. Thus, it's on the site owner to specify a build command that doesn't introduce undesirable or malicious behavior.
link
qbasic_forever 1710 days ago
It's a nodejs app using a standard package.json which captures all of the dependencies (including docusaurus version, etc.). Netlify detects the package.json, loads a container with node, installs the dependencies and goes to work. You don't need to manage anything. See more details: https://docs.netlify.com/configure-builds/manage-dependencie...
link
cratermoon 1710 days ago
I don't see anything there that says Netlify is managing or maintaining the details. The customer provides the package.json, If that file contains a reference to a library or code that introduces bugs or vulnerabilities, it's on the customer. Thus it still puts the burden of maintenance on the customer.

In a managed SaaS installation, the customer would be paying for the functionality of, say, docusaurus, but the company would provide and maintain the dependencies. It's the difference between paying for a server to run a version of mysql you specify and paying a service to run mysql and keep it in a known good configuration while the customer is able to use mysql.

link