[philipwhiuk]

Obviously it's up to everyone how they open source stuff, but I'm not necessarily sure that a massive blob of compiled code is the way to go: https://github.com/Shyam20001/rsjs

[embedding-shape]

Fairly common pattern in NodeJS (to store binary blob in npmjs, not GitHub, but similar pattern anyhow) so you don't trigger builds on download.

Not saying it's the greatest idea, I despise it personally, but I do understand the motivation for it.

[StellaMary]

Most of companies don't even know that node js npm packages has build scripts which do rely on python c++ build tools. That's y. This saves lots of time. Also binaries once checked and published cannot be edited in npm / all we can do is just remove that version fully if below 300 downloads.

[embedding-shape]

Any developers worth their salt has build scripts turned off everywhere at this point, and manually build the packages they need it for, or manually whitelisted. It may save time, but as others mentioned, shipping binary blobs in a opaque way is a great way of making people avoid your project.

[threatofrain]

Just have a seamless process between author and user for signing and verifying builds.

[embedding-shape]

Agree, would be nice. Feasible options available today?

[StellaMary]

Here you go for the core https://github.com/Shyam20001/brahma-core All npm packages including esbuild publish binaries node Js a Runtime not compiled one. So don't get into a judgement dude. Don't get blindly attached to the topics. Do check the Read Me before commenting.

[embedding-shape]

Usually authors upload those to npm though, and ignore them in the git repository, hence you're getting questions about it.