Forum Discussion
Bundling and "externals"
You don't need to do this. What you're looking at is a project created an older version of the SharePoint Framework, where more packages have been listed as external. In the latest version it's not required anymore which is why you're not seeing them anymore.
Interesting that you would say that because that's not what I remember from his demo, and a subsequent Webinar on JS security from Rencore a few weeks ago made a point of saying that using a CDN was a trade-off to get better performance at the expense of the asset's security.
Can you point me to the "spot" in the video where Vesa says this? Thanks.
I don't know about the exact bit you're referring to, but what Vesa said, makes sense if you're thinking about using a public CDN. Imagine: you're loading a script from a location that you have no control over. If that script gets hacked, and given that it's running without any restrictions on your intranet pages, it could be used to gain access to your confidential data. This risk is not specific to CDNs: any location that's not properly secured and doesn't have its governance in place poses the same risks.
It's worth keeping in mind that using a CDN doesn't guarantee a better performance. If your organization has one office or is located in one region, you could get better performance from a hosting location optimized for serving static assets than from a CDN. CDN offers you the most benefits, when your users are spread all over the world.