stenciljs VS Bytesafe

First a disclosure: I never actually used Stencil, only played with it a bit locally in a hello-world project while writing this post. - Source: dev.to / 4 months ago

This is my main concern too. I don't understand why tools like this "pick a winner" with a specific framework instead of rendering to Web Components with a framework wrapper, or using something like Stencil[1] that can render to any framework. [1] https://stenciljs.com/. - Source: Hacker News / 5 months ago

I was recently able to sit down with some of the core members of Ionic, who also created Stencil a toolchain for building Design Systems and Progressive Web Apps. We talked at great length how typically companies are approaching Ionic from a Design Team and need help building components. As a developer I wanted to talk about the Web Components that are used within the Design System first. There was a decent amount... - Source: dev.to / 5 months ago

A web component should do ONE thing whereas a JS framework is a whole ecosystem. I made a video player web component that could take in various inputs, with a torrent file being the most complex of them. I was then able to port it to Vue/React with StencilJS [0] (although it was good to go without). Just drop the `https://stenciljs.com/. - Source: Hacker News / 6 months ago

Examples like this bug me. The React example is using a high level abstraction, the web component is directly using the API. A more accurate example would show how those React calls eventually boil down to document.createElement() I don’t think the Web Components API was meant to be used directly all the time. You can use a framework like StencilJS: https://stenciljs.com/. - Source: Hacker News / 9 months ago

Another option is to use a Dependency Firewall, such as Bytesafe, which allows you to quarantine unwanted open source packages with vulnerabilities or non-compliant licenses. The platform provides a policy engine where you define the open source usage and security rules and the Dependency Firewall does the enforcement. - Source: dev.to / over 1 year ago

There are a few companies in this space that are trying to do the "Security Seal of Approval" thing to various degrees. Tidelift is one company that has a bunch of "catalogs"[0] of packages. I'm not sure how their package metadata is generated though -- maybe semi-manually? There is also Bytesafe[1] which is supposed to help give you a way to "firewall" yourself from unapproved dependencies. I don't think they... - Source: Hacker News / over 1 year ago

I was trying bytesafe.dev recently and it was good for me, as it would stop the npm install of any package that had a security issue. But now that I am out of the free trial, it is to limited for me without paying for an upgraded plan. And their support never replies to my requests. Source: about 2 years ago

These steps will let you get your own private repository using Bytesafe:. - Source: dev.to / over 2 years ago

When using private repositories from Bytesafe, public dependencies will be proxied, pulling any required (and allowed) version into your private Maven repository. Using public repositories like Maven Central as an upstream makes sure you can access your organization's required open source dependencies - while maintaining security and control. - Source: dev.to / over 2 years ago