DEV Community

Jay R. Wren
Jay R. Wren

Posted on

Consider Not Using 3rd Party CDNs

I just read https://shkspr.mobi/blog/2020/10/please-stop-using-cdns-for-external-javascript-libraries/ and I feel the need to expound on the points.

  1. Caching

Great questions from @edent , but no answers. I am disappointed. Thankfully, a bit of searching and I learned some things.

https://zoompf.com/blog/2010/01/should-you-use-javascript-library-cdns/ says that the network effect of caching simply isn't there. That was in 2010. With even more varying javascript libraries in 2020, it is probably even more true. Further, because of latency of DNS lookup and TLS session creation, a connection to a new 3rd party host is slower than doing none of that because it is already done. Further still, Hoffman says that assuming a slowish internet speed -- although not all that slow for a highly variable mobile connection -- the time to connect is about the same as the time to download at โ…“ of a second. Excellent analysis by Hoffman, I highly recommend reading his post.

  1. Speed

Eden gives a strawman argument. I am disappointed. Of course we want our sites to be fast. Attempting to make them faster by misguidedly offloading some large assets to another server isn't a wrong idea. The notion that you shouldn't do A unless you can do B is foolish. But none of it matters given the argument from 1, so we can ignore 2.

  1. Versioning

Indeed the low hit rates cited by Hoffman in #1 are surely contributed to by the varying versions of libraries out there. This is the world of javascript where there is a new version every week and so there are 520 versions of jquery in the past 10 yrs alone. ;)

  1. Reliability

Unless you ARE a CDN, it is highly like that the CDN will be more reliable than your own site. I do not feel this is a believable argument.

  1. Privacy

Excellent questions, but I'd go much further and not form them as a question. By using a CDN you are giving away all of your users usage patterns to a 3rd party. This is unacceptable.

  1. Security

Excellent point, and while IMO it is far less likely that a popular, well-run CDN is going to be compromised than your typical website run by our average IT department or devops group, it is absolutely imperative that we consider the risk.

So What?

So What?

So, understand what risk you are taking by using a 3rd party CDN and consider not using them.

Top comments (1)

Collapse
 
yellow1912 profile image
yellow1912

Edge caching, edge computing, load balancing. A good cdn gives you this power for a fraction of the cost of doing it yourself. But yeah why not both? You can host everything on your site then put a cdn in front of it. Problems solved.