Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/wicg/webpackage
Web packaging format
https://github.com/wicg/webpackage
Last synced: 3 days ago
JSON representation
Web packaging format
- Host: GitHub
- URL: https://github.com/wicg/webpackage
- Owner: WICG
- License: other
- Created: 2016-10-20T01:15:38.000Z (over 8 years ago)
- Default Branch: main
- Last Pushed: 2024-10-25T14:02:52.000Z (3 months ago)
- Last Synced: 2024-10-29T15:29:16.490Z (3 months ago)
- Language: Go
- Size: 4.76 MB
- Stars: 1,231
- Watchers: 84
- Forks: 118
- Open Issues: 118
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Packaging Websites
Not to be confused with [webpack](https://webpack.js.org/), this repository
holds a collection of specifications aimed at packaging websites. These
specifications replace the ~~[W3C TAG's Web Packaging
Draft](https://w3ctag.github.io/packaging-on-the-web/)~~ and will allow people
to bundle together the resources that make up a website, so they can be shared
offline, either with or without a proof that they came from the original
website. A full list of use cases and resulting requirements is available in
[draft-yasskin-wpack-use-cases](https://wicg.github.io/webpackage/draft-yasskin-wpack-use-cases.html)
([IETF
draft](https://tools.ietf.org/html/draft-yasskin-wpack-use-cases)).- [Explainers](#explainers)
- [Use cases](#use-cases)
- [Maintaining security and privacy constraints](#maintaining-security-and-privacy-constraints)
- [Specifications](#specifications)
- [Building this repository](#building-this-repository)
- [Building the Draft](#building-the-draft)
- [Packaging tools](#packaging-tools)
- [Signed HTTP Exchanges](#signed-http-exchanges)
- [Web Bundles](#web-bundles)
- [Isolated Web Apps (signing with integrity block)](#isolated-web-apps-signing-with-integrity-block)## Explainers
The [explainers](explainers/) walk through how to use these specs to
achieve the use cases.### Use cases
* [Packaging whole pages or sites](explainers/authoritative-site-sharing.md): can be
signed or unsigned.
* [Serving signed subresources of a signed top-level HTML
page](explainers/signed-exchange-subresource-substitution.md)
* [Navigating to top-level unsigned pages](explainers/navigation-to-unsigned-bundles.md)
* [Packaging subresources](explainers/subresource-loading.md). This can include groups of
JS modules, stylesheets, images, or fonts. This is also getting fleshed out at
https://github.com/littledan/resource-bundles/### Maintaining security and privacy constraints
* [How to avoid third-party tracking](explainers/anti-tracking.md)
* [What origin does an unsigned bundle have?](explainers/bundle-urls-and-origins.md)## Specifications
The specifications come in several layers:
1. [Signed HTTP exchanges (a.k.a. SXG)](https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html)
([IETF draft](https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses)):
These allow a browser to trust that a single HTTP request/response pair was
generated by the origin it claims.
* As we implement and test signed exchanges, we're publishing periodic
snapshots so that browsers, publishers, and intermediates can synchronize
on the same format. The [current implementation snapshot
](https://tools.ietf.org/html/draft-yasskin-httpbis-origin-signed-exchanges-impl)
is an Internet Draft, and a [draft of the next
snapshot](https://wicg.github.io/webpackage/draft-yasskin-httpbis-origin-signed-exchanges-impl.html)
is in this repository.
1. Web Bundles (previously called Bundled HTTP exchanges):
A collection of HTTP resources, each of which could be signed or unsigned, with
some metadata describing how to interpret the bundle as a whole. This
specification has an initial draft in a PR, but isn't finished yet. This work
may proceed through either the IETF or the W3C/WHATWG.*Update*: This work was moved to the [wpack-wg/bundled-responses](https://github.com/wpack-wg/bundled-responses)
repository ([Web Bundles (IETF draft)](https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html)) .
1. [Loading](https://wicg.github.io/webpackage/loading.html): A description of
how browsers load signed exchanges. This is initially specified
here, and will eventually merge into the appropriate specs, e.g.
[Fetch](https://fetch.spec.whatwg.org/), that live in either the W3C or
WHATWG. Currently this only covers signed exchanges.
1. [Subresource Loading](https://wicg.github.io/webpackage/subresource-loading.html)
([Explainer](https://github.com/WICG/webpackage/blob/main/explainers/subresource-loading.md)):
A description of how browsers load a large number of resources efficiently with
[Web Bundles](https://wpack-wg.github.io/bundled-responses/draft-ietf-wpack-bundled-responses.html).
This is initially specified here, and will eventually merge into
the appropriate specs.A previous draft of the format combined layers 1 and 2 into a single format for
signed packages:
[draft-yasskin-dispatch-web-packaging](https://wicg.github.io/webpackage/draft-yasskin-dispatch-web-packaging.html)
([IETF draft](https://tools.ietf.org/html/draft-yasskin-dispatch-web-packaging)).
The DISPATCH WG at IETF99
[recommended](https://datatracker.ietf.org/doc/minutes-99-dispatch/) the current
split.## Building this repository
### Building the Draft
Formatted text and HTML versions of the draft can be built using `make`.
```sh
$ make
```This requires that you have software installed as described in
https://github.com/martinthomson/i-d-template/blob/main/doc/SETUP.md.### Packaging tools
#### Signed HTTP Exchanges
Install this with `go install github.com/WICG/webpackage/go/signedexchange/cmd/...` (Golang 1.18+).
See [go/signedexchange](go/signedexchange) for the usage of the tool.
#### Web Bundles
There are several tools.
- Go (Reference Implementation)
Install this with `go install github.com/WICG/webpackage/go/bundle/cmd/...`.
See [go/bundle](go/bundle) for the usage of the tool.
- Node
There is a npm package, [wbn](https://www.npmjs.com/package/wbn).
- Plugin for bundlers (Experimental)
- [Rollup plugin](https://github.com/GoogleChromeLabs/rollup-plugin-webbundle)
- [Webpack plugin](https://github.com/GoogleChromeLabs/webbundle-webpack-plugin)- Rust (Experimental)
- [google/webbundle](https://github.com/google/webbundle)
#### Isolated Web Apps (signing with integrity block)
- Go (Reference Implementation)
See [go/bundle#using-integrity-block-sub-command](go/bundle#using-integrity-block-sub-command) for more.
- Node
There is a npm package, [wbn-sign](https://www.npmjs.com/package/wbn-sign).
Also same plugins as for Web Bundles can sign the bundles.