
Skypack – A new kind of JavaScript delivery network - bryanbraun
https://www.skypack.dev
======
bastawhiz
I really dislike that this is free by default, and the paid version is done in
the style of NPM (free for everything except private packages, custom
subdomains, support). Bandwidth is not free on a global CDN. All it takes is
one guy linking a dozen packages from his insanely popular WordPress theme or
a poorly-built site ending up on the front page of Reddit to drive costs
through the roof. Even if you managed to build out your own DIY CDN, you'll
need big pipes to avoid choking every morning when folks open their browsers.
Good caching headers won't save you.

The net result is a service that can't pay for itself—because such a small
percentage of users require the paid features—leading to the service shutting
down (breaking every site linking it), demanding money later (breaking most
sites linking it), or getting acquired by a company that might inject
unscrupulous code into packages.

Charge _something_. Anything.

~~~
qeternity
Bandwidth is not that expensive. Cloud providers have brainwashed people that
basic egress should be 10c/gb or more. In reality, volume pricing and
sustained use drops that massively.

Cloudflare has managed to build a massive business on the back of giving away
a lot more bandwidth.

~~~
bastawhiz
Even if it was an order of magnitude less than what AWS charges, it's still
not free. I pay $4k/mo to Cloudflare for an amount of bandwidth I can easily
see Skypack pulling down, and I'm able to pay for that with a sizable base of
paying customers.

Even if they charged $1/mo, they'd be infinitely better off than where they
are now. Giving away something that's cheap is not a good business model,
especially when the thing that's cheap doesn't hit meaningful economies of
scale until well after it's not cheap anymore.

------
billyhoffman
They claim a high availability, but no data on P90 or P95 response times.
There is no SLA on their free plan.

While I appreciate the free service, I work in the web performance space. I've
seen third party widgets from big name companies like Optimizely, Tealium,
Pubmatic, and Adobe have slow response times for critical content, delaying
the entire waterfall for major sites. Its hard for the big companies to whom
you actually pay money to get this consistently right in a way that doesn't
slow down the page.

We've had a ton of people taking cracks at this. From Google and Microsoft
with their "Ajax" CDNs a decade ago, to unpkg and Cloudflare. And yet I still
have not seen any of these special JavaScript-specific CDNs ever beat a
vanilla CDN dumbly serving JS packages that you yourself have bundled and
optimized under normal site traffic.

~~~
ss3000
Yeah, I think a service like this might be very useful for quick prototyping
and proving out an MVP thanks to the native es6 modules, but I personally
wouldn't rely on it for anything critical.

Coincidentally jspm.dev, a similar ES modules CDN in this space recently
released a new version as well: [https://jspm.org/jspm-dev-
release](https://jspm.org/jspm-dev-release)

Their release post had a lot more technical details (including their strategy
for code splitting which is critical for the production use case) so I'm
inclined to trust them a little bit more for production use cases. Curious
where I could read more about the architecture behind Skypack?

~~~
somishere
Not that code-splitting is generally an issue with prototyping, but you can
easily use native es6 modules straight from github (or npm) via services like
jsdelivr.

e.g to load lodash's es6 defer module (targeting a specific commit):
[https://cdn.jsdelivr.net/gh/lodash/lodash@898b378f06/defer.j...](https://cdn.jsdelivr.net/gh/lodash/lodash@898b378f06/defer.js)

^^ to be used in an import statement or <script type="module">

[edit: example]

------
1f60c
I thought "hmm, this seems _a lot_ like Pika[0]!", only to find out it _is_
Pika:

> Skypack (Previously: Pika CDN) has already served over 2,000,000+ JavaScript
> packages across 4,000 unique domains, powering websites around the world.
    
    
      [0]: https://www.pika.dev/

~~~
jadbox
I find this funnier than I probably should, but e I just finished going
through the same discovery process. I'm excited to see Rollup support so I can
use it with Svelte.

------
iRomain
I see so much hate in this thread. Do you know how many indie developers and
small companies in the world rely on free plans and free tiers? I leave in
Thailand where the average salary is $450/month, I can assure you a
bootstrapped startup here won’t be paying for any SaaS service.

I wouldn’t even see it as an issue if Skypack decide to throttle free plans at
some point because their costs are too high. I mean you get what you pay for!

Why is nobody hating on CloudFlare for their free plan? On Heroku for their
free dynos? On AWS for their numerous free tiers? The list is soooo long!

Let the guys be, let them try a few things until they find a niche and a
business model that fits them.

~~~
numlock86
> Why is nobody hating on CloudFlare for their free plan? On Heroku for their
> free dynos? On AWS for their numerous free tiers? The list is soooo long!

While I mostly agree with your statement, the answer to this question is quite
simple: The free tiers are limited in resources and they have enterprise tiers
that pay for the actual service and grant you all features. You know what you
are getting upfront. If Skypack will - as you suggested - throttle plans in
the future (or whatever they come up with) that's not the same product anymore
you started with. You most likely need to adapt your own product to this
changes, which is usually paired with costs on your side. You won't have that
happening on CloudFlare, Heroku or AWS. Also there are exit strategies,
contracts, SLAs and so on. Something like Skypack may go offline tomorrow and
that's it.

------
fxtentacle
What they fail to mention is that you lose the ability to remove unused code,
for example when you would otherwise import only some Bootstrap components'
JS.

So in the end, their hosted copy might be much larger than if you had hosted
an optimized copy yourself.

Using their service, it is also impossible for you to merge small dependencies
and your application logic into one file to reduce the number of HTTP
requests. The resulting higher number of gets might well make it slower than
not using their CDN in the first place.

~~~
blaisio
You lose the ability to remove unused code, but for people using this, it
doesn't matter, because it is cached anyway.

The number of HTTP requests really does not matter much these days, because of
HTTP2. And again for people who use this service and get a speedup from it, it
doesn't matter because it is cached.

~~~
Quekid5
> You lose the ability to remove unused code, but for people using this, it
> doesn't matter, because it is cached anyway.

I was under the impression that parsing (etc.) time matters as well, not just
raw download time/latency?

~~~
blaisio
Yes that's fair, with less code you have less to parse. Parsing time is
ideally a negligible amount of time, especially because it can normally happen
asynchronously, but for very large libraries I could see it being an issue.

~~~
rimliu
"ideally"

------
jacobr
> As more and more sites join, cache hits become more likely, making all sites
> load faster as a result.

This was not really true back when browsers allowed sharing caches between
domains because of different versions and fragmentation of CDNs, and is
definitely not true now when a.com and b.com would not share a cache for
skypack to avoid fingerprinting.

------
primitivesuave
It’s a great idea, but using an unproven third party for something as critical
as a CDN is likely untenable to most tech managers. Even if this is a magical
remedy to site performance, it would require the clout of a big name like AWS
to get real buy-in from decision makers.

If it were a FOSS library that really provides some value, there are thousands
of ordinary developers who would convince their managers to throw a piece of
their budget at supporting the maintenance of it. I doubt most of the
developer-focused tools we sponsor through my company would make it on their
own with a full-blown SaaS model (could you imagine webpack as a service?).

Github’s sponsorship model looks especially promising and is what I’ve been
recommending to other people I know who are making niche developer tools.

------
aforty
Someone please correct me if I’m wrong but wouldn’t this also allow for
caching across sites? Meaning that once one site requests react@16.13.1 the
browser should cache it so that once the user goes to another site that asks
for the same version then the browser should serve the cached version. This
would be an acceptable trade off for me as far as the lack of code splitting
and tree shaking goes.

------
flaque
Why the rename?

~~~
1f60c
I'm curious about this as well, and the search box still refers to Pika.dev

------
cosmotic
Oh, it's modern? What does that mean =/

~~~
wolco
It means it is due for a rewrite next year to keep that modern adtag.

~~~
julianlam
Hah! We've been calling ourselves modern for the better part of 7 years. It's
all in the eye of the beholder.

e.g. It's happy hour somewhere in the world. Bottom's up!

------
lilyball
Does this support subresource integrity?

~~~
lostmsu
That's a browser feature.

~~~
lilyball
It's a feature that requires baking the hashes of the resource into the HTML.
This JSDN talks about optimizing the resource separately for different
browsers (e.g. adding polyfills where necessary), which means it doesn't just
serve up a single resource. Subresource integrity support would require the
ability to ask the JSDN for the hashes of all possible representations of the
file, as well as the assurance that these hashes won't change (e.g. the
polyfill won't get updated to a new version).

------
pier25
So once there are bundler plugins, what is going to happen here?

You will deploy ES5, ES6, and ESM and then Skypack will decide what to deliver
to the browser?

~~~
julianlam
Ah, I think this is where Snowpack [snowpack.dev] would come in

------
otabdeveloper4
> A new kind of JavaScript X

Oh God please no.

