PayPal Open Sources JavaScript Suite
Written by Kay Ewbank   
Tuesday, 17 October 2017

The strength of PayPal's cross-domain JavaScript suite is that as the code has to run on a wide variety of third-party websites and other domains without causing problems, it is designed to avoid pitfalls.PayPal has just open sourced the whole suite.

You need to keep in mind that the key quality of these libraries is that they have been written so as not to break other web sites and to not be broken by them in turn. It is all about defensive JavaScript.

A detailed and interesting write-up of the various tools in the suite has been posted on Medium, but here's a brief outline of the tools the suite provides:

Grumbler is a template for writing distributable front-end JavaScript modules. It is described as combining some of the best build tools out there, allowing you to just write code and forget about the details of building and distributing.

Post-robot provides a consistent, reliable way to send messages and receive responses using a simple listener/client pattern.

Xcomponent can be used to render an iframe without setting up a single message listener — you just pass data and functions down directly into the iframe.

Cross-domain-utils creates a library of utility methods for dealing with common use-cases, making it easier to work with cross-domain windows.

Coss-domain-safe-weakmap lets you store data on windows. It works reliably and consistently with cross-domain windows as keys, using the native WeakMap implementation if it’s available.

Zalgo-promise forces all promises into synchronous mode by default so they will work across browsers.

Beaver-logger solves the problem of not knowing if your code is triggering any error cases in the wild, and breaking anyone’s site. It batches together your logs, and flushes them to your server periodically.

Fetch-robot Does a proxy fetch through an iframe. It's a new, experimental module that lets you publish a manifest in one place, defining which urls can be called, by whom, and with which headers and other fields. It avoids the need to configure all the endpoints on your server to return the correct headers for CORS.


More Information

Related Articles

Google Wallet - developer unfriendly


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.



Pulumi Announces Copilot AI Management

Pulumi has announced Pulumi Copilot, an AI tool for general cloud infrastructure management. Copilot uses large language models with semantic understanding of the cloud to provide insights and control [ ... ]

Rust Foundation Announces Safety-Critical Consortium

The Rust Foundation, the nonprofit organization dedicated to supporting and sustaining the Rust programming language, has announced a Safety-Critical Rust Consortium along with industry partners inclu [ ... ]

More News


C book



or email your comment to:

Last Updated ( Tuesday, 17 October 2017 )