pauliescanlon

Hey @GreenSock Thanks again. I haven't changed the README yet, i was waiting for a response. I'm happy to add the above and it'll show up next next time i commit and push! I'll let ya know when the post goes live! Thanks so much for all your time on this one, i know it's been tricky!

Hey @GreenSock Thanks for the response. I'm still a bit worried we're not on the same page here. There is no GSAP members-only code in the repo but there is members-only code bundled in the npm module. The code on GitHub is source code (excluding gsap-bonus.tgz) The code on npm is minified bundled code (including minified gsap-bonus), it can't be seen unless you install the module using npm i or yarn add. if you install this module you could dig into the node modules and extract the members only plugin code the same way you can dig in to any websites minified bundled js file. If this module is used on any website the same applies, you could in theory dig into the bundled minified js and extract members-only code. I can't add gsap-bonus.tgz as peer dependancy and i can't ask users to install it because even if they did there's no way to re-compile the node module. I'm happy to add links to GSAP and / or mention the npm module uses members-only code but was worried about calling it out in the README because this only adds to the concern that it tells these sneaky stealers that if they look in to the bundled minified js they'll be able to steal members-only code.... the same way they can with any website that uses members-only code. Chris is on board, in fact today we merged his first PR on the project, he removed some old v2 GSAP references i had in there. It's now all GSAP 3 and working well. Side note. I've spoken with the Dev Rel at Netlify and have agreed to write a post for them about how to use this project to add reactions to a Gatsby Blog. It should go out on the Netlify blog/news letter in a few weeks. I've advised Chris and I'll be sure to mention you both in the post with links etc. If you're on board i'll carry on with development, just wanna make sure we're all clear on how GitHub and npm differ

Just to follow up.... i've purchased a BusinessGreen account. The inertia plugin is now part of the npm module: https://www.npmjs.com/package/react-svg-bubble-slider As you'll see i'm not committing dist/main.js or any node_modules to the open source repo: https://github.com/PaulieScanlon/react-svg-bubble-slider The import statement and registerPlugin are however still part of "My" source code which is part of the open source repo: https://github.com/PaulieScanlon/react-svg-bubble-slider/blob/master/src/components/SvgBubbleSlider/SvgBubbleSlider.tsx As mentioned before if someone wanted to steal the code they could inspect the bundle as you can with any other website: https://react-svg-bubble-slider.netlify.app/?path=/docs/intro--page Once someone installs this module using eg: `npm install react-svg-bubble-slider` they could in theory dig into the main.js file in node_modules which has all "My" code minified and bundled together with GSAP code and steal it the same way they can from any public facing website I've attached the main.js bundle for your reference but do let me know if you'd like me to remove it from this post as technically this is the same thing giving away the plugin for free. I hope this is ok, using the inertia plugin really makes this thing cool and it would be a shame to have remove it.

Thanks again @GreenSock i'm still not sure if we're on the same page though. The members-only plugin won't be in the public open source repo but it will be part of the bundled main.js code as any other website would be. So i think what you're saying is so long as i don't include the source file in the repo we're ok?

Hey @greensock thanks again for the response. I’m still not quite clear about what you’re saying. The members-only code won’t be part of the public repo that’s fine. But it will be part of the bundled code and if a user were to install my package via npm they could dig into their node_modules find the main.js file and would see the members-only plugins in its minified form. This is no different than visiting a website that has used a members-only plugin opening the network tab and inspecting the websites main Js bundle. I don’t think you can fully protect angaints members-only code in JavaScript because it’s always loaded in the browser and anyone could potentially steal it from any website that uses it. ?‍♂️ i feel in my case it’s the same thing excepts it’s not a website it’s an npm package i can have webpack remove the Greensock comments to make it more difficult to identify the minified plugin code. but I cant add the members only plugin as a peer dependency because the members only plugins aren’t npm modules so I’m not sure how a user would pay, download and then add them to the project because the package has already been bundled ?‍♂️ I get the concerns about giving members only code away for free and I’ll do what I can to prevent exposing the plugin source but as mentioned before, it’s JavaScript and if someone really wants to steal it they can because it’ll be there in the browser like it is with any website.

@GreenSockHey, that is the project bundle. "My code" is just a single svg and some g elements (which you can see at the top of the bundle) That's all there is to it i'm afraid. There might be one or two small things that i add later but it will never look like a huge web build bundles because it's just one small React component. I'm happy to go buy Business Green so i can show you what the bundle will look with the member-only plugins included but i suspect it won't look hugely different.

Thanks again @GreenSock and yeah i totally understand. The plan would be to never commit any members-only source code to the repo but if i use it in the module it will be there in the production bundle... the problem i now have is i haven't purchased a licence because i didn't want to spend the £123 if it later transpires i can't use the code. I've attached my current bundle which does include free gsap code so you can see what it looks like... will this suffice? main.js.zip

@GreenSock Thanks for the response. Just to clarify one point: Please do NOT include any of the members-only plugins (like InertiaPlugin/ThrowPropsPlugin), otherwise that'd make it super easy for anyone to steal without signing up for Club GreenSock. Does apply to bundled code?, i can appreciate not having the source available in a public repo... but if the bundled module includes the members-only plugins it'll be all mashed together with the rest of the module code. I don't think it would even be possible to steal it from there... would it? That said, if the general preference is no members-only plugin code can be used on any bundled or public facing URL that's ok, can you confirm what the restrictions are... sorry to be a pain!

Hey all, i used to use GreenSock a lot back in my ActionScript 2.0 days (circle 2005) but have been out of the animation game for some time... i'm so pleased the project is still alive and well! I've been talking with Chris Gannon and have re-created his brilliant svg-bubble-slider: https://codepen.io/chrisgannon/pen/GZNgLw/ and i plan to open source it as a React / `npm` module. storybook WIP: https://5ecbca87213967000683ec12--react-svg-bubble-slider.netlify.app/?path=/docs/intro--page repo: https://github.com/PaulieScanlon/react-svg-bubble-slider branch: https://github.com/PaulieScanlon/react-svg-bubble-slider/tree/feat/gsap-draggable I've encountered one or two issues but before i break them out into multiple topics i wondered if i could list a few things i've have questions about / have had trouble with. Question: 1 . Is Draggable part of Club GreenSock? 2. Is ThrowProps part of Club GreenSock (i think it is)? 3. If i plan to open source this project AND have paid for BusinessGreen am i ok to open source the project. The plugin code would be minified and bundled and i i'll .gitignore the plugin source as this will be a public repo Issues: 1. I'm not sure quite sure if this is just me mis-understanding the imports but is this the correct way to use imports? import { gsap, TweenMax, TimelineMax, Linear, Elastic, Power1 } from 'gsap' import Draggable from 'gsap/Draggable' gsap.registerPlugin(Draggable) 2. With Draggable imported this way i now run in to issues with Jest, can anyone advise on how to either mock the module or use jest config to ignore it? 3. Similarly when i use webpack to bundle the module build i think i'll need to also transpile Draggable, is there a CommonJs trick i'm missing here? Thanks so much team!