@joshuef I have started work on drop in replacement for solid-auth-client and on getting their demo app working in SAFE Browser, I think I’m seeing that the browser already has solid-auth-client as a dependency:
Hmmm. Yes certainly this could be a security issue (one inherent in NPM sadly); though there are steps we could take to sandbox away the APIs running, though that in itself is probably a regression back to managing handles. At least until we have some cleaner/smoother Data APIs available.
That’s certainly something to mull over though aye.
right now i’m wondering if there’s a way to prevent rdflib’s load while not in the experimental mode. (Though nothing springs to mind with out a lot of conditional loading setup that’s probably a rabbit hole to go down).
Good news is down the line, with SAFE RDF apis we’ll be able to drop this dep (and leave RDF handling in js to the app dev’s choice). Though that doesn’t help you right now.
Simplest thing (I think) for you would be to roll a fork of rdflib, removing this window write, as a dependency of the Browser build. That should get you going. (Or perhaps just straight up set your fork as the browser dep? :
To do this:
yarn link in the rdflib fork
yarn link <project-name-in-package.json> in the browser root. This will replace the node_modules folder with a symlink to your own.
And at the very least we can look into doing the same for a next browser release, if it’s feasible.