But how will marketing determine the effectiveness of their efforts if I don't "just add a single line of code" for every social media company to our website? </sarcasm>
It is even worse than that. Google nowadays still uses this argument telling you that only this way they can optimize your ad placement towards Conversions.
While at the same time telling you (in their documentation) that due to script blockers and gdpr they just estimate (using more fancy terms and talking about ML & AI) the Conversions they report (and use for optimization).
They basically tell you: Trust us - we estimate your success in the best of your interest. As if they were a neutral party in that equation.
True, npm packages are a risk. However, I think that there is a big difference between using npm packages and loading javascript from a third–party domain: with an npm package, you can inspect the source. If you don’t like what you see, you can avoid the package. I’m sure that most developers fail to do so, and just blindly trust that the package will do what it says and nothing else, but at least the opportunity is there. If you load javascript from a third–party domain you lose that opportunity, and all hope of keeping your website secure and your visitors privacy intact.
Oh, this is the missing piece! It seems I'm blocking Twitter's JS if it's not on their site. I didn't even realise and I was confused about what the author meant as I could clearly see the tweet on their site.
I was so confused when the article said "See? If I embed this tweet, you can't see it" but it was there to me (since Twitter JS is blocked by at least two extensions in my browser). Thank you for pointing that out!
