sourdough wildtype 🥖
external dependencies as static importable ES modules; this repo simply tracks output for predictability: it is a bucket of ES modules not owned by this organization which are used as part of the org's work and is useful for:
- predictability
- security, auditing
- work offline
- git-only dependency management: bypass and remove all other non-git tooling
- across workflows, infrastructure, networks and systems
for more info at https://github.com/sourdough/starter the content here is generated by the import script external-importer.js in tools/ https://github.com/sourdough/starter/ and contents of external-dependencies.js
SCOPE
this pipeline is calibrated for JS library source code. it is not suited to vendoring human-language content: translation files, localization strings, user-facing copy, or any text file that legitimately contains characters outside the scripts used in JS source (Vietnamese, Welsh, Arabic, extended Latin, and others). the sanitizer uses an explicit Unicode allowlist; characters outside it are stripped and reported, but the file is still written — meaning a localization file run through this pipeline may be silently garbled in ways that are not obvious until the translated strings are rendered. if that applies to your use case, keep localization assets out of this pipeline. see UNICODE_ALLOWED_RANGES in the source.
provided as-is, without warranty. the sanitization pipeline attempts to reduce known attack surface in vendored code but does not guarantee safety or correctness of content. review sources before use in production.