Include minified file in npm release

[fulldecent]

Currently, releases to npm include a single index.js file. Alternatively, or additionally, there should be an index.min.js file. This is a security issue.

Security impact

CDN providers like jsdelivr are finding the not-compressed files as suboptimal and they are using their own proprietary, non-repeatable processes to generate their the index.min.js that they distribute to users.

For business reasons, they will not support SRI in these types of release.

Source: jsdelivr/jsdelivr#18105 (comment)

To support end-user security (SRI) this project should publish proper, canonical, minified files which can be distributed as-is, without modification (uglification) by CDNs.

References:

https://www.npmjs.com/package/web3/v/1.0.0-beta.36

I don't know how to cite the package formulas other than installing them myself. npm should be better at this. But here is the proof.

[nivida]

Thanks! I will add the minified UMD bundles on the next release (#2000) :-)

[nivida]

Got closed because of this issue. (#2623)