Note: after proofreading and review this page could be considered for inclusion into Debian Upstream Guide

Pledge against minification (draft)

Please do not minify javascripts and CSS files.

Minification is ugly

It makes code impossible to study, read and modify. Also it makes much harder to produce meaningful bug reports.

In some cases minification removes important information such as license and copyright attribution, link to project's home page or even version number.

Minification can introduce bugs

I've seen few cases when minified javascripts exhibited errors unreproducible with original uncompressed code.

Minification does a very poor job

Presumably minification attempts to save few seconds during initial page load. On properly configured web server subsequent requests to the same minified file will be satisfied from browser cache. Server side GZipping does better job without obfuscating the code.

Also I'm yet to see evidence that minification improves execution speed. Most pages (except ones opened by mistake) will remain opened longer than it takes to load them therefore speed of execution is more important than speed of loading. I know for a fact that some XML parsers work significantly slower with "minified" XML without line breaks (e.g. one very long line) comparing to "beautified" XML code.

Minification is a bad practice

There are good reasons to avoid committing pre-compiled binaries to version control systems. Minified javascripts are just like pre-compiled binaries hence they should be generated only during build time and only when it is justified.

Shipping pre-generated minified javascripts is unnecessary and in all cases original uncompressed files must be included as well. Presence of pre-minified files increases maintenance burden for downstream package maintainers.

Minified javascripts introduce additional attack vectors

It's been demonstrated how minified javascripts can become a security risk.

Indeed it is harder to notice if minified javascript has been tampered with.