[zackbloom]

1) One simple reason is if you're one of the millions of website owners who is not technical enough to install it manually. We hope to have the ability to go one step further for example and select from a set of themes to make it even easier to make a beautiful site.

Another reason which relates to #4 is to make it easier to update versions in the future. We hope to build ways of testing those version changes to make version updates something better than the dredded task they are now.

Beyond that, when we chose the apps for our launch, part of the decision was based on showing variety and proving out the power of the system (“See, you can do CSS libraries, too!”). The plan is for anything which can be on a site to be in Eager.

2) Very good question. If you log in to the system, we show you the source (http://oi60.tinypic.com/21kjn6c.jpg).

In addition to the source, we’ll show you the version (if in say, the case of jQuery), there’s more than one [1].

One of the great benefits of client-side code is that all the cards are on the table. Anyone is able to inspect the content of what we deliver. We hope that by choosing Eager, you gain safety, by having access to an ecosystem of validated apps.

3) Yes! After creating an account [2], you'll be able to view the developer dashboard [3] which includes a button to create an app. You can create an app from any GitHub, Bitbucket, Launchpad, or Google Code project. Just provide the URL and your tagged versions will be ready for import.

All apps come from specific tagged releases of public projects, meaning you can't just paste some malicious code into our UI.

Right now we manually verify apps through a moderation process. We are experimenting with techniques that will hopefully allow app developers to specify what permissions they require (similar to Chrome Apps), and for us to validate those permissions in an automated way.

4) No, when you install the app you can choose which version you'd like to install (or we choose the latest version for you if that's the only one the app creator has made available). You are locked to that version until you decide to change it. We never change your bundle (the files delivered to your site) without your specific intervention.

[1] https://eager.io/app/vP1PnpNHAG3j/install [2] https://eager.io/signup?developer [3] https://eager.io/developer

[halisaurus]

Sorry, I don't understand your Bootstrap example. If I'm not technical to "install" BS (script/CSS tags and uploading files to a host) then I'm probably not technical enough to use Bootstrap's CSS/JS components by writing HTML or little JS snippets. What real benefit is the one-click install if that's (probably) the easiest part of using a JS/CSS library?

Edit: It's not your Bootstrap example, it was the original question. Sorry to confuse that.

[zackbloom]

We can allow people to make themes for Bootstrap which depend on the original Bootstrap app. Those themes can be used out-of-the-box by non-technical people.

We can also help you to manage the version of Bootstrap you're using to make it easier to keep your site up-to-date.

Including Bootstrap now though is more of an example of the breadth of what can be included using Eager, rather than a specific suggestion. I agree that it's not particularly practical to include it directly in it's current form, but many of our other apps can be used directly with great success.

As much as I'd love to build something for developers by developers, the purpose of Eager right now is to help developers get their code to non-technical people. So the question might be not how to add Bootstrap to your site, but how can you build an Eager app on top of Bootstrap to make it accessible to others.

[halisaurus]

Thanks for the response. (And responding throughout this thread, too.) I see the point in using this for dependencies, and there are other apps like Google Analytics that have minimal configuration to use.

[eric_bullington]

You know, if this takes off -- and I hope it does -- you may be in a good position to help solve some of the client-side JS security issues/concerns, particularly in combination with the upcoming webcrypto standard.

I'm thinking in particular about publishing a registry of library hashes and possibly signatures (specified in your json config), and then validating them before your users install.

In fact, if this becomes popular, I think you may have to do this, otherwise you could well become a hive of malware purveyors impersonating popular apps (or whatever you end up calling them -- btw, I don't think "widget" is a bad idea for what you're doing, or even coming up with a new term).

Looking forward to watching this.