yeah I hope Webpack or something similar is moved into the core build system at some point to support incremental code loading, it’s been on the trello roadmap for awhile. in the meantime another solution is to make separate apps for the regular area and the admin area. it’s not the most elegant approach but it works to keep code separated
2 Likes
Yeah my multitenant meteor app is getting bloated having admin, billing, and customer sites all minified together, resulting in huge JS and CSS payloads. Having to separate into separate apps would be more work on a dev ops level. Also, webpack would be awesome for meteor. We really need to be able incrementally load dependencies if we want to come close to having comparable initial page load times as native apps do.
edit: this article on webpack integration may be useful
1 Like
Looks like it not only effects security. 
I really like to hear what the core Meteor team have to say about this.
The real reason for not implementing a fix. There might be a good
reason.
While I’m not from MDG, the reason is - there’s nothing to fix, as it’s not a bug.
It depends how you do things. If you write bloated code, your app will be bloated. If you expose passwords or keys directly in your JS files, your app will be insecure.
And if you don’t trust the framework and find it scary, go for one that you can trust. Always use right tools for particular project.
1 Like
Yep you are right 
But please correct me if im wrong, if we are to build a large app with meteor, even if we try our best, we won’t be able to control the bloat right? What I’m saying is, without compromising the key SPA concepts, is it possible to let us load at least some files selectively?
For example, we can tell the route group or the main template to not to load all the files automatically and we need to control it. Then only for that part, we have to manually select what to load.
Or is it possible to let us split the application into separate sections without creating two separate apps. For example, everything under the admin directory (/admin/server/, /admin/client/, /admin/collections/*) will load for the admin section, everything under the front directory will load normal users.
It might be a lot of work but can we at least think about it?
Moved the discussion to core since it’s turning out to be a discussion rather than ask for help
Doesn’t necessarily. If the applications security depends on hiding the admin user interface, I think it’s in serious trouble. If you’re trying to hide it because you want to hide some logic such as some proprietary algorithms, you’d better not send it to the client anyways. What I’d wrorry about loading admin area code is that javascript files get bigger and can affect the page load time.
1 Like
And for those of you who want to know more about code splitting, I wrote a followup article as well
4 Likes
Yep… Im starting to feel more secure But still the loading issue is there like you said 
Perfect! Great work!