🚨 Since Mar 14 ~2pm EST: CDN Unpkg Major Outage may affect your Bubble app

If the issue still persists and you want to find out easily what plugin uses what or what packages are loaded you can use a chrome xtensuon called “ghostery” it shows all traffic from external sources to your site

additionally if an plugin hast something like “this plugin add an html header to your site” it usually uses an third party libary/npm

nothing then less isnt this bubbles fault or either someones else fault nor can bubble just “specifically turn that off”, unpkg is hust simply an service like many other services, its just beeing used for alot of plugins so you dint have to basicalky code everything from scratch

This. There are 2 ways that plugins load libraries:

1. Code in headers
   This will run the header code as long as the plugin is installed. This by that nature, is bad practice for plugins that do not need to exist through out an entire app.

2. Inside element code
   Most plugin devs will load the libraries in the initialization function of a plugin’s element. So if an element does not exist in a page, it will not load any libraries. This is safer because your apps’ page will not load any libraries if the element is not in your page.

I will always check for code being loaded in headers when deciding on a plugin. Does the app need to run the code in the header? A good example is something like Classify versus a plugin that reads an input. Classify needs to run throughout your entire app so naturally the most effective way is to execute code in a header.

This is of course easier with free plugins as you can check the code before installing. For paid plugins you can either DM the dev or try it out (pay monthly instead of full) and then check the plugin code in the browser inspector.

I’ve been using Bubble for 2 years and this is the first time I’ve realized how dependent I am on the plugin developer.

It would be great if you could edit purchased plugins like with Wordpress.

Zeroqode for example has more than 800 plugins so a solution can take a while. If you could edit the plugin you would simply change the link to jsdelivr and the problem would be solved immediately.

Kind of sounds like this is a single point of failure for any bubble app using a plugin that has such dependencies. All well and good to say remove the offending plugins, but as highlighted above, some apps can’t easily do this. “Contact the dev” - not uncommon for plugins to be ghosted. “Fork the plugin” -great if you’re a plugin dev, not so much if not. “That’s the risk you take using plugins” - yeah I guess, but if you have to go to the length of creating your own functionality to replicate these plugins, largely removes the benefit of using nocode tools in the first place no?

I suppose at the very least, plugins should state in big bold red text whether they rely on things like unpkg to function, which would have a dual effect of encouraging better plugin build practices, and steering users away from using such plugins so they don’t fall victim to these type of events.

There should be some rules that plugins have to comply with before they can be published. Like in Apple’s App Store.
Bubble cannot at the same time benefit from having loads of plugins and have a policy “install plugins at your own risk”.

Here ya go: PW + Phone Inputs - Jsdelivr CDN Plugin | Bubble

I had to remove 2 plugins: lottie and daily.co
Now it’s working again.

Is it me or did this outage just reveal that a lot of information about what bubble exposes in your source/console with plugins, even if not on the page, is open to bad actors to go for. Or am I just being a pessimist lol

Quality over quantity. when you just bash out loads of stuff over the years without thinking of the global updates and reliance on third parties. meh.

+1 need some rules on plugins

Why do you use JSdeliver when you can just use Bubble shared assets?

image970×226 24.9 KB

I found 3 ones.

Can someone helps to find plugins ?

If I need to turn off each one off it il be long (I already told my client too much plugin is not ok)

Can you show a list of plugins you have?
popper.js and tippy js are often related to hover and tooltips plugins,

svg loader can be related to a lot of thing… img related mostly

I think one thing everyone should do first is to use optimize application (settings/general tab) and remove any plugins they are not using actually.

image818×1484 100 KB

image838×1332 86.1 KB

image834×1360 84.8 KB

image844×1348 81.8 KB

image832×1362 83.8 KB

image790×862 57.8 KB

Don’t judge me @Jici ! Was not my choice!

cc @sylvie.daisytech

We found one SVG ICON

True I guess I can do that it just doesn’t pull the latest version from Github or the npm package

See it as an advantage because when the script is updated, this can also create issue in your plugins. I agree that if they fix something, you may need to push an update on your side, but your user are not affected by unexpected update from library.

@johnny I don’t know how to thank you!!!

This is a bit of a messy situation - my sympathy to everyone who’s trying to explain this to clients.

For anyone using any of the Cranford Tech plugins, I’ve gone through all of them and confirmed that 2 of them are using the Unpkg CDN:

• Universal Video Player
• Beautiful Maps - Mapbox

Both of these plugins appear to be functioning as normal so I’m not going to make any immediate change for now. However, I will continue to monitor the situation and plan to update the two plugins over the next few days so that all packages are uploaded directly to Bubble and they are not reliant on Unpkg.

If you spot any issues with any of the Cranford Tech plugins or have any other questions please do let me know.

Alex