alt Hacker NewsFrameworks from other companies. A lot of it is analytics/tracking, some payment processing, etc. There are a few open source libraries we're using as well but those probably are <5mb if I had to guess although I never checked.
Again, a lot of these companies have also been around so if my app has a ton of bloat from years of work, we're bringing in frameworks from other companies who have been around for years as well and probably have a similar amount of crap in their code. Plus they probably want to track everything we're doing so they're bringing in their own third party libraries. It's kind of ridiculous but that's where we're at.
Bigger companies won't have as many third party libraries as they can afford to do it in house but they're still bringing in similar sized libraries to do the same things.
Replies
> A lot of it is analytics/tracking
Woof. This is just so wild if one ever stops to think about it. ~300mb of tracking for a single app is bigger than the entire hard drive of a fully internet-capable desktop computer in the mid '90s.
Imagine, it's not just making sure your code is secure, but your also counting on all those libraries's being secure. Let alone all these frameworks as you say - payment, advertising, analytics... You could have the most secure code ever, but when it is just one link in a chain outside your control, best not overthink it or you won't sleep.
You can see why bug bounties get rewarded well. Though mindful, money is not what drives everyone. Then there are the greedy, in which such exploits value on the black market can be higher. Not forgetting government agencies level.
I wonder which email client will break the 1GB mark, and when we will see a resurgence in reducing bloat. I'm sure that phase will come, did for Microsoft once.