🤖 CDN assets - The #1 free and open source CDN built to make life easier for developers.

  • By cdnjs
  • Last update: Jan 9, 2023
  • Comments: 17

< cdnjs >

The #1 free and open source CDN built to make life easier for developers.


Robots only MIT License Discussions

GitHub Sponsors Open Collective Patreon


Table of Contents

Introduction

This is the robot-only repository for cdnjs, where all the library assets that are hosted on cdnjs are stored. For the JSON files that control the libraries we host, please see the "human" cdnjs/packages repository.

Other Repositories

For the JSON files controlling the libraries we host on cdnjs, please take a look at the "human" cdnjs/packages repository.

For our website, please refer to the cdnjs/static-website repository.

For the cdnjs API, please refer to the cdnjs/api-server repository.

For the full cdnjs branding and brand-related assets/guidelines, please see the cdnjs/brand repository.

For our monthly CDN stats and usage reports, check out the cdnjs/cf-stats repository.

You can find all our repositories at github.com/cdnjs!

Contributing

As this repository is now considered robot-only, pull requests are no longer accepted for this repository. If you are looking to contribute to cdnjs, please take a look at the cdnjs/packages repository or any of our other open-source repositories on GitHub!

Sponsors

cdnjs wouldn't be the success that it is today without our sponsors' kind support. These companies currently support cdnjs:

If you are interested in becoming a sponsor, please feel free to contact us!

License

Each library is released under its own license. This cdnjs repository is published under MIT license.

Github

https://github.com/cdnjs/cdnjs

Comments(17)

  • 1

    CORS/404 mega-issue: Responses lack access-control-allow-origin occasionally due to 404

    Hello, from today I found that when accessing cdnjs, the server will respond 404 or the response header will lack access-control-allow-origin: * header. For example, my web app just made a request to https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js, then get the response header under:

    cache-control    public, max-age=14400
    cf-cache-status    HIT
    cf-ray    48d1a6325e2245ae-TPE
    content-encoding    br
    content-type    text/html
    date    Sat, 22 Dec 2018 09:44:19 GMT
    expect-ct    max-age=604800, report-uri="ht….com/cdn-cgi/beacon/expect-ct"
    expires    Sat, 22 Dec 2018 13:44:19 GMT
    served-in-seconds    0.000
    server    cloudflare
    strict-transport-security    max-age=15780000; includeSubDomains
    vary    Accept-Encoding
    X-Firefox-Spdy    h2
    

    Since it lacks access-control-allow-origin: * header, the script is not loaded and my web app is broken.

    Problematic files are quite random, when I access the same file in a different time it's sometimes good and sometimes bad. Also, it seems like depending on client's network, the frequency also differs.

    On my mobile network this issue never happens, but in my company, it happens frequently, and in a VM it's 100%. (Always some URLs are broken)

    Is there some maintenance or server issue affecting particular routes or? Thank you very much!

  • 2

    Add [email protected] w/ npm auto-update

    Pull request for issue: # Related issue(s): # #

    Checklist for Pull request or lib adding request issue follows the conventions.

    Note that if you are using a distribution purpose repository/package, please also provide the url and other related info like popularity of the source code repo/package.

    Profile of the lib

    • Git repository (required):https://github.com/brianreavis/microplugin.js
    • Official website (optional, not the repository):
    • NPM package url (optional):https://www.npmjs.com/package/microplugin
    • License and its reference:
    • GitHub / Bitbucket popularity (required):
      • Count of watchers:
      • Count of stars:
      • Count of forks:
    • NPM download stats (optional):
      • Downloads in the last day:
      • Downloads in the last week:
      • Downloads in the last month:

    Essential checklist

    • [ ] I'm the author of this library
      • [ ] I would like to add link to the page of this library on CDNJS on website / readme
    • [x] This lib was not found on cdnjs repo
    • [x] No already exist / duplicated issue and PR
    • [x] The lib has notable popularity
      • [x] More than 100 [Stars / Watchers / Forks] on [GitHub / Bitbucket]
      • [x] More than 500 downloads stats per month on npm registry
    • [x] Project has public repository on famous online hosting platform (or been hosted on npm)

    Auto-update checklist

    • [x] Has valid tags for each versions (for git auto-update)
    • [x] Auto-update setup
    • [x] Auto-update target/source is valid.
    • [x] Auto-update filemap is correct.

    Git commit checklist

    • [x] The first line of commit message is less then 50 chars, be clean and clear, easy to understand.
    • [ ] The parent of the commit(s) in the PR is not old than 3 days.
    • [x] Pull request is sending from a non-master branch with meaningful name.
    • [x] Separate unrelated changes into different commits.
    • [ ] Use rebase to squash/fixup dummy/unnecessary commits into only one commit.
    • [x] Close corresponding issue in commit message
    • [x] Mention related issue(s), people in commit message, comment.
  • 3

    No more manual pull request for lib updating

    Hey guys,

    We are going to try switch the project to be fully automated. This will take a bit of time and will be a bit rocky at the beginning but will save every bodies time.

    We currently have two auto update systems, the old one which uses NPM and will remain active until we transfer it. And a new one that uses git tags. The new one is what we will use by default but it doesn't support NPM just yet so we can only add new auto update scripts for git. We can also add the old style NPM ones I will just transfer them at a later date.

      "autoupdate": {
        "source": "git",
        "target": "git://github.com/jashkenas/underscore.git",
        "basePath": "",
        "files": [
          "underscore-min.js",
          "underscore-min.map",
          "underscore.js"
        ]
      },
    

    During this process, I think it's best if only I merge PR's to make sure we don't cause too many problems at once. I still need to write up documentation. So from this point on don't merge any new libraries into cdnjs. @drewfreyling @PeterDaveHello @ryankirkman

  • 4

    Update Amcharts auto-update config and meta data

    git repo url: https://github.com/amcharts/amcharts3 Watch 4 Star 7 Fork 3 @Amomo could u help me check this PR for #5337 ? thank you!

    • [ ] Not found on cdnjs repo
    • [x] No already exist issue and PR
    • [ ] Notable popularity
    • [x] Project has public repository on famous online hosting platform (or been hosted on npm)
    • [x] Has valid tags for each versions (for git auto-update)
    • [x] Auto-update setup
    • [x] Auto-update target/source is valid.
    • [x] Auto-update filemap is correct
  • 5

    Add [email protected] w/ npm auto-update

    Pull request for issue: #10184 Related issue(s): # #

    Checklist for Pull request or lib adding request issue follows the conventions.

    Note that if you are using a distribution purpose repository/package, please also provide the url and other related info like popularity of the source code repo/package.

    Profile of the lib

    • Git repository (required): https://github.com/sagalbot/vue-select
    • Official website (optional, not the repository): https://sagalbot.github.io/vue-select/
    • NPM package url (optional): https://www.npmjs.com/package/vue-select
    • License and its reference: MIT https://github.com/sagalbot/vue-select/blob/master/LICENSE.md
    • GitHub / Bitbucket popularity (required):
      • Count of watchers: 28
      • Count of stars: 682
      • Count of forks: 69
    • NPM download stats (optional):
      • Downloads in the last day: 37
      • Downloads in the last week: 253
      • Downloads in the last month: 956

    Essential checklist

    • [ ] I'm the author of this library
      • [ ] I would like to add link to the page of this library on CDNJS on website / readme
    • [x] This lib was not found on cdnjs repo
    • [x] No already exist / duplicated issue and PR
    • [x] The lib has notable popularity
      • [x] More than 100 [Stars / Watchers / Forks] on [GitHub / Bitbucket]
      • [x] More than 500 downloads stats per month on npm registry
    • [ ] Project has public repository on famous online hosting platform (or been hosted on npm)

    Auto-update checklist

    • [x] Has valid tags for each versions (for git auto-update)
    • [x] Auto-update setup
    • [x] Auto-update target/source is valid.
    • [x] Auto-update filemap is correct.

    Git commit checklist

    • [x] The first line of commit message is less then 50 chars, be clean and clear, easy to understand.
    • [x] The parent of the commit(s) in the PR is not old than 3 days.
    • [x] Pull request is sending from a non-master branch with meaningful name.
    • [x] Separate unrelated changes into different commits.
    • [x] Use rebase to squash/fixup dummy/unnecessary commits into only one commit.
    • [x] Close corresponding issue in commit message
    • [x] Mention related issue(s), people in commit message, comment.
  • 6

    [Request] Add videojs-markers

    Library name: videojs-markers Git repository url: https://github.com/spchuang/videojs-markers License(s): MIT Official homepage: http://sampingchuang.com/videojs-markers

    In this issue, we are going to host a new web front-end library on cdnjs, so that web developer can easily use it on our free CDN without additional download/upload process 🚀 .

    If you'll like to work locally, I'll suggest you start with sparseCheckout: https://github.com/cdnjs/cdnjs/blob/master/documents/sparseCheckout.md, since there are too many files in this repo, without sparseCheckout, the whole process will be super slow, using git command line can learn more skills and experience, if you don't like that, instead, you can also just do it on GitHub, it's more convenient, but it may be a little bit harder to fix problems on GitHub gui.

    Here are the docs about how to add a library:

    • https://github.com/cdnjs/cdnjs#adding-a-new-or-updating-an-existing-library
    • https://github.com/cdnjs/cdnjs/blob/master/.github/CONTRIBUTING.md#d-adding-a-new-library

    We'll also ask to setup auto-update config so that the added libraries can be updated to the latest version easily:

    • https://github.com/cdnjs/cdnjs/blob/master/documents/autoupdate.md

    For beginners who is interested in join and help add this library, please feel free to tell me what kind of help you'll need, we'll help you send the valid pull request, thanks 😄 .

  • 7

    Add missing license field in libs' package.json

    cc #5194, https://github.com/cdnjs/new-website/issues/66

    Should be care of the libs with multiple licenses, especially the libs have commercial license.

    • [ ] 1140
    • [x] across-tabs
    • [ ] animations
    • [ ] boexfi
    • [x] browser-logos
    • [ ] chrome-frame
    • [x] cryptico
    • [x] davis.js
    • [x] DinaKit
    • [x] documentup
    • [x] entypo
    • [x] expect.js
    • [x] flipCounter
    • [x] foundicons
    • [x] galleriffic
    • [x] gsap
    • [ ] jcalculator
    • [x] jquery-hashchange
    • [x] jquery-outside-events
    • [x] jquery-parallax
    • [x] jquery-sparklines
    • [x] jquery-tools
    • [x] jquery.activity-indicator
    • [x] jquery.formalize
    • [x] jquery.lifestream
    • [x] jquery.percentageloader
    • [x] jquery.postcodify
    • [x] jquery.selectboxit
    • [x] jquery.socialshareprivacy
    • [x] jquery.tiptip
    • [x] json2
    • [x] legojs
    • [x] linq.js
    • [x] log4javascript
    • [ ] luminateExtend
    • [x] meyer-reset
    • [ ] mojio-js
    • [x] openajax-hub
    • [x] PKI.js
    • [x] polyglot
    • [x] prettydiff
    • [ ] probtn
    • [x] prototype
    • [x] protovis
    • [x] react-chartjs-2
    • [x] repo.js
    • [x] require-cs
    • [x] require-jquery
    • [x] roundabout
    • [x] salesforce-canvas
    • [x] script.js
    • [x] simplecartjs
    • [x] skel-layers
    • [x] skycons
    • [x] slabText
    • [x] thorax
    • [x] Vague.js
    • [ ] webicons

    Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

  • 8

    Add [email protected] w/ git auto-update

    cc #10036, cc @6pac , @mleibman @kennynaoh please help me review this PR, thank you.

    Pull request for issue: #10036 Related issue(s): # #

    Checklist for Pull request or lib adding request issue follows the conventions.

    Note that if you are using a distribution purpose repository/package, please also provide the url and other related info like popularity of the source code repo/package.

    Profile of the lib

    • Git repository (required): https://github.com/6pac/SlickGrid
    • Official website (optional, not the repository): http://wiki.github.com/6pac/SlickGrid
    • NPM package url (optional): https://www.npmjs.com/package/slickgrid
    • License and its reference: MIT
    • GitHub / Bitbucket popularity (required):
      • Count of watchers: 61
      • Count of stars: 382
      • Count of forks: 2011
    • NPM download stats (optional):
      • Downloads in the last day: 98
      • Downloads in the last week: 404
      • Downloads in the last month: 1579

    Essential checklist

    • [ ] I'm the author of this library
      • [ ] I would like to add link to the page of this library on CDNJS on website / readme
    • [x] This lib was not found on cdnjs repo
    • [x] No already exist / duplicated issue and PR
    • [x] The lib has notable popularity
      • [x] More than 100 [Stars / Watchers / Forks] on [GitHub / Bitbucket]
      • [x] More than 500 downloads stats per month on npm registry
    • [ ] Project has public repository on famous online hosting platform (or been hosted on npm)

    Auto-update checklist

    • [x] Has valid tags for each versions (for git auto-update)
    • [x] Auto-update setup
    • [x] Auto-update target/source is valid.
    • [x] Auto-update filemap is correct.

    Git commit checklist

    • [x] The first line of commit message is less then 50 chars, be clean and clear, easy to understand.
    • [x] The parent of the commit(s) in the PR is not old than 3 days.
    • [x] Pull request is sending from a non-master branch with meaningful name.
    • [x] Separate unrelated changes into different commits.
    • [x] Use rebase to squash/fixup dummy/unnecessary commits into only one commit.
    • [x] Close corresponding issue in commit message
    • [x] Mention related issue(s), people in commit message, comment.
  • 9

    [New] Manually add timbre w/ npm auto-update

    git repo url: https://github.com/mohayonao/timbre.js Watch 59 Star 611 Fork 50 @Piicksarn could u help me check this PR for #6110 ? thank you!

    • [x] Not found on cdnjs repo
    • [x] No already exist issue and PR
    • [x] Notable popularity
    • [x] Project has public repository on famous online hosting platform (or been hosted on npm)
    • [x] Has valid tags for each versions (for git auto-update)
    • [x] Auto-update setup
    • [x] Auto-update target/source is valid.
    • [x] Auto-update filemap is correct
  • 10

    Add jsrsasign js files for old versions and change to use git auto-update

    @cdnjs/intern2 Please help me review this PR, thanks!

    Pull request for issue: #10881 It's a high priority issue.

    • Git repository (required): https://github.com/kjur/jsrsasign
    • NPM package url (optional): https://www.npmjs.com/package/jsrsasign
    • GitHub / Bitbucket popularity (required): Watch 69 Star 989 Fork 185
    • NPM download stats (optional): 3,948 downloads in the last day 20,858 downloads in the last week 95,937 downloads in the last month
  • 11

    [Solved] Frequent "Waiting for cdnjs.org" with Chrome

    Over the past several days I have noticed some pretty lengthy delays waiting for the server at cdnjs.org to respond to whatever request has been sent from Chrome and Chromium browsers. There appear to be no such delays with Opera or Firefox. I don't know if this is an issue with the cdnjs servers or with the Chrome code. If I can provide any additional information please let me know.

    Chromium: Version 41.0.2272.76 Built on Ubuntu 14.04, running on LinuxMint 17.1 (64-bit)

  • 12

    SRI hash for ipaddr.js does not match

    I'm seeing some quite odd behaviour with the ipaddr.js library:

    Firstly, here is the correct SRI hash for [email protected]. I've crosschecked this between the original file in the source project, the file served by cdnjs, and the same file served by another CDN and they all match.

    sha512-HLkOIPULXMWy1Z/SOoR5PWofAu7iM5OwJqMMkCiqGR+wijlXbRj+D3jeBTK6XjyO43vWvBVgQyFyhCDi+Pztdg==
    

    When I go to the library's page on the cdnjs website, the "Copy SRI Hash" and "Copy Script Tag" buttons both provide this hash:

    sha512-GcJ0uemx9BQwsZusgXAGzw6/BDAkqt0EUbtq8QAtTuDlAa3AVQ0zb+Zg9xqY4yXP47CHBv2pO1V0D78gtWYNgw==
    

    I have also just confirmed this behaviour via a VPN to the UK, so it doesn't seem to just be a cached invalid value in my local CF edge.

  • 13

    Suggestion: Weekly/Monthly/Yearly Hits

    Hey, @cdnjs team. I have a suggesting regarding hits. We can have a item in the api response json regarding hits. JsDelivr also provides an api and It is widely used for badges like jsDelivr hits (GitHub). Likewise If cdnjs.com also has a similar api it would be really useful

  • 14

    Allow modules and other attributes in script tags when copied

    If someone wants to put a module on CDNJS, then currently when clicking "Copy script tag" it turns out something like this:

    <script src="https://cdnjs_url_here"></script>
    

    what if in the json files describing the file, we could also add other attributes, e.g.

    //Other JSON stuff here
    "filemap": [
      {
          //I forgot how the proper way is to add files to CDNJS that should be tracked, sorry!
          // normal stuff here, like file location and stuff
          "attributes": {
                "type": "module",
                "async": "true",
                "defer": "true",
          }
      }
    ]
    //More JSON stuff
    

    Now clicking "copy script tag" would do this for the file in question:

    <script src="https://cdnjs_url_here" async defer type="module"></script>
    

    (oh, and of course only certain attributes would be whitelisted, so that people can't do onerror, or onload)

  • 15

    Prevent path traversal to allow Content Security Policy specificity

    We would like to use cdnjs.com for serving our assets, and we would like to use a Content Security Policy (CSP) as part of our security strategy to limit access to only libraries we want, e.g. React and not those we don't that can be used to bypass CSP and run an exploit like Angular.

    E.g. script-src: https://cdnjs.cloudflare.com/ajax/libs/react/ would allow React to be loaded.

    Our pentester has pointed out that if our CSP contains a path like: https://cdnjs.cloudflare.com/ajax/libs/react/, then while in theory you couldn't load Angular, you can because you can use ..%2F like this:

    https://cdnjs.cloudflare.com/ajax/libs/react/a/..%2F..%2Fangular.js/1.8.0/angular.js

    Can a change be made to prevent path traversal to allow our CSP to block to work?

  • 16

    custom-elements-builder missing latest version

    package.json and api worker say the latest version is 1.0.4. This version does not exist on disk or in cdnjs/cdnjs.

    Maybe we should manually correct to the latest version we have on disk and in the repo here (0.3.4). The version 1.0.4 exists, but we do not have it.

  • 17

    Add Enforce-CT header

    I noticed you are moving to HSTS and even submitted yourself for the browser preload list and thought I would suggest adding key pinning as well.

    There are ~1.5K entities that can issue an HTTPS certificate for any website and even Comodo was hacked by a script kiddie. Certificate authorities issue certs based on the ability to receive an email, create a DNS record, or embed some HTML in a page ... so you also have to trust every network operator for every certificate authority.

    Key pinning (ala HPKP) mitigates the issue by binding trust to a specific key. There is also an HPKP browser preload list. Cloudflare appears to have HPKP turned on for their main site, but not for their API servers....


    Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.