Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/WICG/webpackage

Web packaging format
https://github.com/WICG/webpackage

Last synced: about 2 months ago
JSON representation

Web packaging format

Host: GitHub
URL: https://github.com/WICG/webpackage
Owner: WICG
License: other
Created: 2016-10-20T01:15:38.000Z (about 8 years ago)
Default Branch: main
Last Pushed: 2024-02-13T12:26:50.000Z (10 months ago)
Last Synced: 2024-04-14T09:58:06.539Z (8 months ago)
Language: Go
Size: 4.82 MB
Stars: 1,214
Watchers: 84
Forks: 114
Open Issues: 118
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-list - webpackage

README

        # Packaging Websites

Not to be confused with [webpack](https://webpack.js.org/), this repository

holds a collection of specifications aimed at packaging websites. These

specifications replace the ~~[W3C TAG's Web Packaging

Draft](https://w3ctag.github.io/packaging-on-the-web/)~~ and will allow people

to bundle together the resources that make up a website, so they can be shared

offline, either with or without a proof that they came from the original

website. A full list of use cases and resulting requirements is available in

[draft-yasskin-wpack-use-cases](https://wicg.github.io/webpackage/draft-yasskin-wpack-use-cases.html)

([IETF

draft](https://tools.ietf.org/html/draft-yasskin-wpack-use-cases)).

- [Explainers](#explainers)

  - [Use cases](#use-cases)

  - [Maintaining security and privacy constraints](#maintaining-security-and-privacy-constraints)

- [Specifications](#specifications)

- [Building this repository](#building-this-repository)

  - [Building the Draft](#building-the-draft)

  - [Packaging tools](#packaging-tools)

    - [Signed HTTP Exchanges](#signed-http-exchanges)

    - [Web Bundles](#web-bundles)

    - [Isolated Web Apps (signing with integrity block)](#isolated-web-apps-signing-with-integrity-block)

## Explainers

The [explainers](explainers/) walk through how to use these specs to

achieve the use cases.

### Use cases

* [Packaging whole pages or sites](explainers/authoritative-site-sharing.md): can be

  signed or unsigned.

   * [Serving signed subresources of a signed top-level HTML

     page](explainers/signed-exchange-subresource-substitution.md)

   * [Navigating to top-level unsigned pages](explainers/navigation-to-unsigned-bundles.md)

* [Packaging subresources](explainers/subresource-loading.md). This can include groups of

  JS modules, stylesheets, images, or fonts. This is also getting fleshed out at

  https://github.com/littledan/resource-bundles/

### Maintaining security and privacy constraints

* [How to avoid third-party tracking](explainers/anti-tracking.md)

* [What origin does an unsigned bundle have?](explainers/bundle-urls-and-origins.md)

## Specifications

The specifications come in several layers:

1. [Signed HTTP exchanges (a.k.a. SXG)](https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)

   ([IETF draft](https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses)):

   These allow a browser to trust that a single HTTP request/response pair was

   generated by the origin it claims.

   * As we implement and test signed exchanges, we're publishing periodic

     snapshots so that browsers, publishers, and intermediates can synchronize

     on the same format. The [current implementation snapshot

     ](https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl)

     is an Internet Draft, and a [draft of the next

     snapshot](https://wicg.github.io/webpackage/draft-yasskin-httpbis-origin-signed-exchanges-impl.html)

     is in this repository.

1. Web Bundles (previously called Bundled HTTP exchanges):

   A collection of HTTP resources, each of which could be signed or unsigned, with

   some metadata describing how to interpret the bundle as a whole. This

   specification has an initial draft in a PR, but isn't finished yet. This work

   may proceed through either the IETF or the W3C/WHATWG.

   *Update*: This work was moved to the [wpack-wg/bundled-responses](https://github.com/wpack-wg/bundled-responses)

    repository ([Web Bundles (IETF draft)](https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html)) .

1. [Loading](https://wicg.github.io/webpackage/loading.html): A description of

   how browsers load signed exchanges. This is initially specified

   here, and will eventually merge into the appropriate specs, e.g.

   [Fetch](https://fetch.spec.whatwg.org/), that live in either the W3C or

   WHATWG. Currently this only covers signed exchanges.

1. [Subresource Loading](https://wicg.github.io/webpackage/subresource-loading.html)

   ([Explainer](https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md)):

   A description of how browsers load a large number of resources efficiently with

   [Web Bundles](https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html).

   This is initially specified here, and will eventually merge into

   the appropriate specs.

A previous draft of the format combined layers 1 and 2 into a single format for

signed packages:

[draft-yasskin-dispatch-web-packaging](https://wicg.github.io/webpackage/draft-yasskin-dispatch-web-packaging.html)

([IETF draft](https://tools.ietf.org/html/draft-yasskin-dispatch-web-packaging)).

The DISPATCH WG at IETF99

[recommended](https://datatracker.ietf.org/doc/minutes-99-dispatch/) the current

split.

## Building this repository

### Building the Draft

Formatted text and HTML versions of the draft can be built using `make`.

```sh

$ make

```

This requires that you have software installed as described in

https://github.com/martinthomson/i-d-template/blob/main/doc/SETUP.md.

### Packaging tools

#### Signed HTTP Exchanges

Install this with `go install github.com/WICG/webpackage/go/signedexchange/cmd/...` (Golang 1.18+).

See [go/signedexchange](go/signedexchange) for the usage of the tool.

#### Web Bundles

There are several tools.

- Go (Reference Implementation)

  Install this with `go install github.com/WICG/webpackage/go/bundle/cmd/...`.

  See [go/bundle](go/bundle) for the usage of the tool.

- Node

  There is a npm package, [wbn](https://www.npmjs.com/package/wbn).

- Plugin for bundlers (Experimental)

  - [Rollup plugin](https://github.com/GoogleChromeLabs/rollup-plugin-webbundle)

  - [Webpack plugin](https://github.com/GoogleChromeLabs/webbundle-webpack-plugin)

- Rust (Experimental)

  - [google/webbundle](https://github.com/google/webbundle)

#### Isolated Web Apps (signing with integrity block)

- Go (Reference Implementation)

  See [go/bundle#using-integrity-block-sub-command](go/bundle#using-integrity-block-sub-command) for more.

- Node

  There is a npm package, [wbn-sign](https://www.npmjs.com/package/wbn-sign).

  Also same plugins as for Web Bundles can sign the bundles.