Why my apps include nutrition labels
You shouldn’t have to worry [App Name] is using some privacy-sucking third-party library. Apps shouldn’t be mystery meat. You should know what code goes into them.
Third-party code included in Mute Chat
This code runs on your device.
- detect-browser: Small tool to check which browser is running Mute Chat so the extension can use the correct icon image. This information is not logged or shared.
- webextension-polyfill: A Mozilla library that smoothes over differences between web browsers, allowing Mute Chat to run on all of them with the same code.
Third-party code used to build BNT
This code does not run on your device.
- Svelte: A framework for building fast, lightweight web apps.
- @tsconfig/svelte: Basic TypeScript configuration for Svelte.
I know this is unusual. I do it for a few reasons.
First and most importantly, I just think it’s the right thing to do. Apps shouldn’t be mystery meat. The least I can do is show the top-level NPM dependencies for my browser extensions.
Fourth, it’s a way to get credit. I don’t bloat my apps with unnecessary packages and SDKs and dependencies. My bundle sizes are better than many competitors. Users should see how little third-party code is taking up space on their device.
Fourth, it’s interesting to other developers. They can see what tools I’m using without de-minimizers or any of that nonsense.
I know this idea has limits.
- Most users won’t care
- Users who do have to rely on me instead of open source code
- The labels also don’t list every dependency, just the top-level NPM packages I’ve installed
Those are valid downsides, especially the last one. For me, I draw the line at top-level NPM dependencies. It’s not perfect, but a little disclosure is better than none.
I think it’s worth doing, and I hope more people try it.
- I develop browser extensions. Never tried open-sourcing any of them. I’ve heard from other iOS devs if your open source app gets popular enough, people will just upload copies of it to the App Store. I don’t want to spend my time filing takedown requests.↩