VuePress: a static site generator that excels at working with documentation

VuePress: a static site generator that excels at working with documentation(forestry.io)

188 points by dwalkr 7 years ago | 37 comments

segphault 7 years ago |

VuePress pulls in nearly a thousand transitive dependencies. In light of recent security incidents[0][1] and the relative ubiquity of poor security practices[2] in the npm ecosystem, that seems like an unacceptably large attack surface.

I don't want to have to worry about somebody injecting malicious code or cryptocurrency miners into my website by compromising a little-watched transitive dependency in my static site generator.

[0] https://blog.npmjs.org/post/175824896885/incident-report-npm... [1] https://blog.npmjs.org/post/173526807575/reported-malicious-... [2] https://www.bleepingcomputer.com/news/security/52-percent-of...

mort96 7 years ago | |

In case someone feels like exploiting the dependency graph a bit: http://npm.anvaka.com/#/view/2d/vuepress

dyeje 7 years ago | |

But this is a static site generator. They can't take over your server if you're just serving up stuff from S3.

kevan 7 years ago | | |

They can't take over your server but they can inject a script tag with a cryptominer for all of your users to run. It's not the end of the world because you're just out a few dollars in electricity but it would be embarrassing.

l_t 7 years ago | | |

True, but they can compromise the machine that runs VuePress (or at least, run arbitrary userlevel JS code on it).

mintplant 7 years ago |

I'm using VuePress to auto-generate a static, non-interactive site from a set of Vue components and some input data that's updated daily. For me it serves the purpose of a batteries-included way to render Vue to HTML, without messing with SSR libraries, webpack, or Babel configurations myself. I find Vue's composability a much tidier way of doing things than the file-inclusion-based setups typical of systems designed for static site generation.

That said, I've had to write a Python script to do some pre- and post-processing on the VuePress files. Generating a single README.md whose front matter contains my input JSON; stripping out script tags, as there's currently no way to prevent VuePress from generating them in the first place; minifying the HTML; injecting some extra tags; moving files around. There's a bit of a mismatch here between my use case and VuePress's primary role as a documentation generator.

I'd love to be able to call into VuePress as a library, instead of running it as a separate executable, and, for example, pass it my input data directly instead of writing it out to a temporary file for it to read back in. This is something I plan to toy with implementing once I get some free time again (currently bogged down with preparing to give a talk).

ncphillips 7 years ago |

I said it before and I'll say it again: VuePress is impressively easy to get started with. Running `vuepress dev` in an empty directory is all you need to get started.

Also, I really love the decision to make `README.md` files act as the `index.html` files. This has the benefit of making your docs easy to read from your projects Github repo.

Looking forward to seeing how it progresses.

jehlakj 7 years ago | |

How much vue do you need to know to heavily customize a theme?

nichlas 7 years ago | | |

Not much at all, all .vue files in the components directory gets registered globally, so if you create a Navbar.vue file, you can use <Navbar /> anywhere in your theme. Easiest templating system I've ever used. If you learn a bit of how passing props work, you're golden!

Some info on vue single file components: https://vuejs.org/v2/guide/single-file-components.html

Props documentation: https://vuejs.org/v2/guide/components-props.html

tomcam 7 years ago | | |

None. Just Styl or CSS: http://vuepressbook.com/custom-themes/custom1.html#create-a-...

ridiculous_fish 7 years ago |

Is this in the same space as Sphinx and Doxygen? The VuePress docs only have a trivial markdown example.

nickserv 7 years ago | |

No this is only for markdown, so will not have the same breadth of features and tooling as Sphinx or Doxygen.

zhs 7 years ago |

How does it compare to docusaurus, gitdocs, and a variety of other tools out there?

ncphillips 7 years ago | |

I haven't dug into those, but I assume one of the biggest differences is the ability to use Vue components inside your markdown files.

RyanShook 7 years ago |

I guess there’s no such thing as too many static site generators...

ncphillips 7 years ago | |

That’s progress‍️

_Chief 7 years ago |

vuepress also generates SEO friendly docs, eg when compared to docsify, but on the flip side docsify has full text search, while the default vuepress theme only searches headers (but since its seo ready most third party search will work ef algolia, google).

wolco 7 years ago |

I'm enjoying the weekend vue articles that have appeared lately.

superkuh 7 years ago |

All these static site "generators" seem pretty silly. If you're going to make a static site then just make a few template pages by hand in html then copy and edit them to fill with whatever content.

It works even better if your webserver has server side includes (SSI) turned on. Then you can make header/footer/sidebar/etc templates and just insert them with a line in the page templates.

hinkley 7 years ago | |

Because one of the things that keeps people engaged in maintaining a website is being able to fiddle with it, and the cost of fiddling with the layout of a truly static site is a lot higher than intuition would suggest.

Because you have to take the odds of making a stupefying, drop-everything mistake on any one page and take it to the nth power. That’s O(c^n). That’s an order of complexity that I haven’t even bothered contemplating in so long that I had to look up the notation.

ncphillips 7 years ago | |

If that works for you, great! But just because you’re not the target audience doesn’t mean it’s silly.

I just have a simple site, but I know I don’t want to write my content in HTML. I just want to write it in Markdown and be on my way. Having yaml frontmatter for metadata and markdown for the body let’s me keep my content separate from my templates.

On the other end of the spectrum are larger organizations like Borisfx.com building large multimedia static sites. Or hell, look at the Forestry.io website and then tell me a few simple templates made by hand would suffice.

jnbiche 7 years ago | |

> It works even better if your webserver has server side includes (SSI) turned on.

If you're trolling, well done. If not, then you're not understanding the concept of the "static" in "static site generators". SSI are inherently dynamic. They run each time the page is viewed (yes, you can use a cache, but the page is still loaded dynamically by the cache server).

> Then you can make header/footer/sidebar/etc templates and just insert them with a line in the page templates.

This is precisely what any static site generator will do, since they all feature template engines.

kaishiro 7 years ago | |

Just out of curiosity, why? Why would I want to do so much more work?

scrame 7 years ago | |

> if your webserver has server side includes (SSI)

are you trolling? shtml setups were nothing but security nightmares on top of bad ideas 20 years ago.

rjplatte 7 years ago | |

This. This and Jekyll. Jekyll is good too.