Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

When third parties stop being polite. . .and start getting real

Nic Jansma (Akamai), Charles Vazac (Akamai)
9:50am–10:30am Wednesday, June 13, 2018
Performance and UX
Location: 210 A/E Level: Intermediate
Secondary topics:  Best practice, Technical, Web Pillars Track: Performance, Security, Accessibility

Who is this presentation for?

  • Developers and website owners

Prerequisite knowledge

  • A basic understanding of browser developer tools and performance concepts

What you'll learn

  • Explore popular third-party libraries to understand their overhead costs as well as automated tools to help you decide if a library is truly well crafted

Description

Would you give the Amazon Prime delivery robot the key to your house, just because it stops by to deliver delicious packages every day? Even if you would, do you still have 100% confidence that it wouldn’t accidentally drag in some mud, let the neighbor in, steal your things, or burn your house down? Worst-case scenarios such as these are what you should be planning for when deciding whether or not to include third-party libraries and services on your website. While most libraries have good intentions, by including them on your site, you have given them complete control over the kingdom. Once on your site, they can provide all of the great services you want—or they can destroy everything you’ve worked so hard to build.

It’s prudent to be cautious: we’ve all heard stories about how third-party libraries have caused slowdowns, broken websites, and even led to downtime. But how do you evaluate the actual costs and potential risks of a third-party library so you can balance that against the service it provides? Every library requires nonzero overhead to provide the service it claims. In many cases, the overhead is minimal and justified, but we should quantify it to understand the real cost. In addition, libraries need to be carefully crafted so they can avoid causing additional pain when the stars don’t align and things go wrong.

Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. From how the library is loaded, to the moment it phones home, you’ll see how third-parties can affect the host page and discover best practices you can follow to ensure they do the least potential harm.

With all of the great performance tools available to developers today, we’ve gained a lot of insight into just how much third-party libraries are impacting our websites. Nic and Charles detail tools to help you decide if a library’s risks and unseen costs are worth it. While you may not have the time to perform a deep dive into every third-party library you want to include on your site, you’ll leave with a checklist of the most important best practices third-parties should be following for you to have confidence in them.

Photo of Nic Jansma

Nic Jansma

Akamai

Nic Jansma is a software developer at Akamai building high-performance websites, apps, and open source tools.

Photo of Charles Vazac

Charles Vazac

Akamai

Charlie Vazac is a principal software engineer at Akamai and cofounder of SOASTA. He’s written a charting package in VML (gasp!), Web 2.0 apps before we said “Ajax” and “Comet,” single-page applications before they were called SPAs, browser analytics code in vanilla JavaScript that “works” in IE5.5, SPAs transpiled from ES2017, and C++ for a popular web browser. Charlie loves figuring out how things work, why they sometimes don’t, and how to make them better.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)