aimeos-laravel
aimeos-laravel copied to clipboard
aimeos
Get rid of external references by using app.js/css and npm (nodejs)
External JavaScript/CSS references without any security hashes are potential security issues as malicious code could be injected into websites (as browsers load and execute them). It is better (and conform with Laravel's asset system) to have local references that are bundled in app.css and app.js.
Laravel 5.6 uses NodeJS' npm to handle packages. All what you have to do is to add them to resources/assets/js/app.js and resources/assets/sass/app.scss accordingly.
Copied from https://github.com/aimeos/ai-admin-jqadm/issues/44
As this could also be an issue with european GDPR I wanted to add some infos:
resources/assets/js/app.js and resources/assets/sass/app.scss have been added in Laravel in Version 5.3 when the got compiled via gulpfile with laravel-elixir.
5.4 changed from gulp to webpack, and from laravel-elixir to laravel-mix
5.7 restructured the resources folder and removed the subfolder assets, so now the paths would be resources/js/app.js and resources/sass/app.scss for the two files.
app.css and app.js are auto-generated files, by a very old policy, build-files (auto-generated on build-time) should be placed in .gitignore to have lesser conflicts on merging as they are local-specific. I face here this issue where external developers are working on CSS/JS-related stuff at the same time.
If you are in doubt, please take a look at long-established projects, like the Linux kernel where a lot auto-generated files are being ignored (`.gitignore) on committing.
