Search code examples
javascriptunobtrusive-javascript

Delivering a javascript library for web developers

This is a broad-based question around delivering a javascript library that other web developers will use on their site. Here's the scope of my library:

  • I'm providing a data service that's delivered in the form of a JS file. A similar implementation would be Google Analytics.
  • Will always be hosted by me. Developers will simply use the @src attribute on the <script> tag.
  • My library consists of an object (let's call it Jeff for now) with a set of properties. No methods, just values.
  • The library isn't static, but is instead session-based. We're providing data points that can only be determined at request time. (Think of a web service normally called through AJAX, available at page-load.)
  • This is not a free service; implementors will pay for usage.
  • The Jeff object will always be returned, though not all properties may be populated due to a runtime error that happened back at my server. The Jeff object includes a Response section that indicates success/failure and a description.

Now, to my question: what's ideal in terms of best practices for providing a service in the form of a JS library such as I've described? Standard Googling has not given me much to go on, but references to guidelines are greatly appreciated.

Solution

  • Doesn't sound like something I'd use. The fact that you want it always hosted on your server leaves any consumer of the service open to you substituting malicious code after they've reviewed and determined its useful and safe. Thus I'd see limited uptake for it unless you're a large corporation with a trustworthy reputation.

    No comment on you personally, just how I'd view something like that and how Information Security overseers in larger companies would likely view it as well.