Hacker News new | past | comments | ask | show | jobs | submit login

I noticed:

<script src="https://cdn.tailwindcss.com"></script>

in the source of the homepage. Just FYI the tailwind people say that's just for dev mode and never deploy that to prod. Instead you gotta run something like:

npx tailwindcss -o ../assets/css/tail.min.css --minify

and then replace the script with:

<link rel="stylesheet" type="text/css" href="/assets/css/tail.min.css">

"a script referred to as the Tailwind Play CDN. This script is only to be used for learning and experimenting, never for a live site."

from https://www.codeinwp.com/blog/tailwind-css-tutorial/




Yeah, the reason for that recommendation is mostly to reduce file size. For now I don't want to have an npm dependency since this is geared towards Python developers. I'll eventually build in the tree shaking directly into the Python library.


Note that tailwind now has a standalone binary: https://tailwindcss.com/blog/standalone-cli


Ah that’s great to know thank you.


I have the same problem with my project! go vs. python but yeah I hated adding the npm stuff. Let's port tailwind npx command. I'll work on the go version.


I haven't tried it yet but I was planning on using this library to do most of the heavy lifting: https://pypi.org/project/treeshake/

It looks like it's calling C code via Cython so if it works, you could probably use the same underlying C code via CGo for your project.


As someone who currently runs Docker inside an M1 Mac: I agree with this: all commands should be written in Go. So much easier to install everywhere.


I have a somewhat neglected project to package Node.js for PyPI. Perfect for you type of project, the idea being you can have it as an optional dependency that gets installed into the users venv, and you can the run tailwind from Python.

https://pypi.org/project/nodejs-bin/


Very interesting! I’ll check it out — it looks quite promising as a solution


Third-party CDN usage like this isn’t a best parctice generally if it can be avoided because it involves users need to trust more parties and leaks user data to those sources. With the advent of assets being isolated a couple of years ago, there's no performance/chaching benefit to it anymore either.


Also: if the CDN for some reason is non-functional it impacts the reliability of your service. That might be a short outage or a complete shutdown of the server.

Unless you plan to monitor that stuff constantly and unless you tested your program with single components (or all possible permutations) missing, hosting these yourself might be the better option anyways.

Additionally your users don't signal their visit of your page to a hundred other servers which certainly isn't the most trustworthy behaviour.


I hear you folks. I’ll add an option for local assets.


That should be the default for security/privacy. It's better to have a CSP with just first-party trust too.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: