Embed the index.js bundle inside of npm releases

[mensfeld]

Hey, I noticed, that part of apl-viewhost-web is being downloaded. This causes a problem when trying to install offline / from cache because part of the code is being fetched from: https://d1gkjrhppbyzyh.cloudfront.net/apl-viewhost-web/6990ED81-A690-4946-8ACC-63B243C19388/index.js

Is there a chance to bundle this inside the upcoming releases?

[pose]

Hi,

I would like to +1 this request since this is attempting to downloading an opaque artifact without customer knowing constituting a security risk. Could you model this dependency properly using npm?

Thanks,

[zhamingc]

Thanks for reaching out to us. That index.js contains the WebAssembly pre-compiled binary of APL Core Engine. We hear your concern, and will look into this.

[pose]

I'm not an expert on the APL Core Engine and what language is written in, but in Rust there are already existing solutions that could be leverage to generate a proper npm package: https://rustwasm.github.io/wasm-pack/book/commands/pack-and-publish.html

Once it's modeled as an npm package, you should be able to depend on it and remove that download from the Internet.