Yt-dlp: External JavaScript runtime now required for full YouTube support
Mood
heated
Sentiment
mixed
Category
tech
Key topics
yt-dlp
YouTube
JavaScript
open-source
The yt-dlp project now requires an external JavaScript runtime for full YouTube support, sparking debate among users about the change.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
2h
Peak period
150
Day 1
Avg / period
53.3
Based on 160 loaded comments
Key moments
- 01Story posted
11/12/2025, 10:12:53 AM
6d ago
Step 01 - 02First comment
11/12/2025, 12:27:49 PM
2h after posting
Step 02 - 03Peak activity
150 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
11/14/2025, 6:52:06 PM
4d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Comments also disappear regularly on all platforms...
In the meanwhile, YouTube spends its effort on measures against yt-dlp, which don't actually stop yt-dlp.
What the fuck is wrong with Google corporate as of late.
maybe it's vibe coded nowadays
a very old story...
Suspicion: they’ve fingerprinted me hard and know I have premium but like to watch occasionally from Safari private (with content blockers) and don’t hassle me.
Mainly suspect this given lack of anti-adblocking symptoms.
I don't believe that that's a bug. The disappearance depends a lot on the topic of those comments. It's very much deliberate censorship.
Also known as "moderation"
Disclaimer: To anybody getting ready to be offended by these references, don't be selectively blind to the word 'spirit' above. If you still can't make it out, I'm obviously referring to euphemisms here and no additional equivalences are implied. Anything else you attribute to my statement reflects your own views and is your own responsibility. It's such a shame that I have to explain such basic facts with a disclaimer that's longer than the comment itself. But the reality is that some people are so sensitive that they insist on imposing their version political correctness to not just implied speech, but also to unimplied speech, language and even thought, while totally disregarding others' cultural perspectives. I leave this here just in case I have to explain my intentions to someone again.
The biggest hack to this is React Native, which barged just in due to sheer Javascript and web dominance elsewhere, and even that has a ton of problems. Plus I'm fairly sure that the React Native JS only runs in the JIT approved by the Apple Gods, anyway.
Otherwise, we're stuck in the old days of compiled languages: C/C++ (they can't really get rid of these due to games, and they have tried... Apple generally hates/tolerates games but money is money). Rust works decently from what I hear. Microsoft bought Mono/Xamarin and that also sort of works.
But basically nothing else is at the level of quality and polish - especially in terms of deployment - as desktops, if you want to build an app in say, Python. Or Java. Or Ruby. Or whatever other language in which people write desktop apps.
And we're at a point where mobile computing power is probably 20x that of desktops available in 2007. The only factor that is holding us back is battery life, and that's only because phone manufacturers manufacture demand by pushing for ever slimmer phones. Plus we have tons of very promising battery techs very close to increasing battery capacities by 20-50%.
Could you elaborate a bit, please? Any links are appreciated.
Silicon Carbon batteries. And others, but this tech is already in production.
> no more leverage against corpos
> just glorious proprietary enclaves where local tyrant can do anything they want!
These are all literally consequences of the web btw, as are things like attestation in consumer hardware.
Totally this, and not because powers suddenly realized they can't control Web like they controlled early "smart" dumb phones circa J2ME times.
"yt-dlp is a feature-rich command-line audio/video downloader with support for thousands of sites. The project is a fork of youtube-dl based on the now inactive youtube-dlc."
It would still be possible with native apps. Somebody will have to reverse engineer it continuously. So it will be slower, but still possible.
However, that won't be the case if they start using some secret (like a private key) that you can't access directly from an app, or if they decide that you can't run custom/modified apps. That's what I believe to be the true intentions behind their push to adopt dystopian technologies like secure enclaves and platform attestation. Not really about security as they claim.
Yeah, that is exactly I was thinking.
I have to assume you're joking, but I honestly can't figure out what point you're even trying to make. Do it think it's surprising that an ad-supported site has anti-scraping/anti-downloading mechanisms? YouTube isn't a charity, it's not Wikipedia.
I was reading a study recently that claimed Gen Z is the first generation where tech literacy has actually dropped. And I don’t blame them! When you don’t have to troubleshoot things and most of your technology “just works“ out the box compared to 20 or even 10 years ago, then you just don’t need to know how to work under the hood as much and you don’t need a fully fledged PC. You can simply download an app and generally it will just take care of whatever it is you need with a few more taps. Similar to how I am pretty worthless when it comes to working on a car vs my parents generation could all change their own oil and work on a carburetor (part of this is also technology has gotten more complicated and locked down, including cars, but you get my point).
The point of all this is I could definitely see a world where using a desktop/laptop computer starts becoming a more fringe choice or specific to certain industries. Or perhaps they become strictly “work” tools for heavy lifting while mobile devices are for everything else. In that world many companies will simply go “well over 90% of our users are only using the app and the desktop has become a pain in the ass to support as it continues to trend downwards so…why bother?”
Who knows the future? Some new piece of hardware could come out in 10 years and all of this becomes irrelevant. But I could see a world where devices in our hands are the norm and the large device on the desk becomes more of a thing of the past for a larger percentage of the population.
Laptops aren't going anywhere. Even if phones and tablets replace them for a third of tasks, or a third of people.
The idea that laptops with browsers would become so rare that YouTube would drop support, within any reasonably predictable future timeframe, is pure fantasy.
I think given the pace of technological advancement and given how every generation we see at least one major piece of electronics completely wipe out generations of predictions, this statement doesn’t serve a productive purpose other than to make “I don’t agree” sound like some variation of “it’s an objective fact that what you said is impossible.” You’re just spiking the conversation, even if that is not your intention.
I didn’t say this is definitely going to happen. I’m just saying clearly the way we engage with computers is shifting and that means companies will adjust accordingly. It’s not that far fetched.
As for “within any reasonably predictable future timeframe,” for all we know YouTube will become a relic.
That's what I'm disagreeing with. Your scenario is far-fetched. This isn't between two comparably plausible scenarios. You can look at current objective trends of desktop/laptop sales and see they're not moving such that they're going to meaningfully disappear to the extent where a popular site like YouTube would remove support. It's absolutely far-fetched. I'm not "spiking" any conversation, I'm simply completely disagreeing based on current actual trends.
A slow dropping of support for those who aren’t using an app or Chrome with some Play(Video) Integrity Extension installed.
Where are these jobs where I can get paid to watch YouTube?
Some people probably also literally watch it, but I know multiple people who basically use it as a radio at work.
Plus, never worked anywhere where half of everyone, including management, is more-or-less openly watching sports more than working during major tournaments?
Random article: https://www.ismailzai.com/blog/picking-the-widevine-locks
Claimed to be L1 key leaks (probably all blacklisted by now): https://github.com/Mavrick102/WIDEVINE-CDM-L1-Giveaway
I.e I know that hdmi stream can be encrypted so I guess for Netflix you can't juste have a "hdmi splitter"? Do you need to go as far as plugging yourself just before the lcd pixels ? And if so , is it the moment where its easier to have a high def camera pointed at your lcd screen with post processing?
It's the users who suffer when this happens, not the manufacturers. The manufacturers couldn't care less, the money is already in the bank.
If the manufacturers were required to replace all the revoked devices at their cost, that would be a real incentive.
Camera manufacturers can easily refuse to record a stream of they detect it is protected, may be via watermarks or other sidechannel.
You might be thinking of Macrovision, which was integrated in a lot of DVD players and would embed pulses into the vertical blanking interval of the analogy video output. These pulses could be detected by compliant DVD recorders and used to refuse recording. The pulses would also cause playback defects in some older VCRs and TVs.
I remember connecting my first DVD player to an old TV via a VCR (effectively using the VCR as an RF modulator) and being plagued with the image brightness constantly lowering and rising. At the time, I fixed this by switching to a dedicated RF modulator. I now suspect Macrovision is what caused this.
But that's inside the system. I'm talking about recording the physical output, i.e. the screen itself. With a controlled environment, known screen characteristics, I would hope that an external recorder + post-processing can create high quality images or video.
The decryption code could verify that it's only providing decrypted content to an attested-legitimate monitor, using DRM over HDMI (HDCP).
You might try to modify the decryption code to disable the part where it reencrypts the data for the monitor, but it might be heavily obfuscated.
Maybe the decryption key is only provided to a TPM that can attest its legitimacy. Then you would need a hardware vulnerability to crack it.
Maybe the server could provide a datastream that's fed directly to the monitor and decrypted there, without any decryption happening on the computer. Then of course the reverse engineering would target the monitor instead of the code on the computer. The monitor would be a less easily accessible reverse engineering target, and it itself could employ obfuscation and a TPM.
> "the technical means through which WEI will accomplish its ends is relatively simple. Before serving a web page, a server can ask a third-party "verification" service to make sure that the user's browsing environment has not been "tampered" with. A translation of the policy's terminology will help us here: this Google-owned server will be asked to make sure that the browser does not deviate in any way from Google's accepted browser configuration" [1]
https://www.fsf.org/blogs/community/web-environment-integrit...
TPM is Mathematically Secure and you can't extract what's put in. See, Fritz-Chip.
We'll eventually be able to reverse-engineer that and run it programmatically, but it will take a long time.
And when they catch you doing so, they'll ban your (personalized) encryption key so you'll just have to buy another graphics card to get another key.
This is how it already works, not some future thing. But the licensing fees make it so it only gets used for Hollywood-level movies.
They own the os, with sign-in, integrity checks, and the inability to install anything on it Google doesn't want you to install they could make it pretty much impossible to view the videos on a device capable of capturing them for the vast majority of people. Combine that with a generation raised in sandboxes and their content would be safe.
Of course, the same can be said for FB, Tiktok, instagram, Pintrest, reddit, ... and I'm sure the list keeps going. Frankly, Youtube is pretty damn good about this, really.
Google owns that monopoly.
That's already here. Even random aliexpress tablets support widevine L1 (ie. highest security level)
I guess that isn't quite enough to prevent screen recording but these devices also support DRM which does this.
Because this will mean major shift to open-source and community solution, where creators will be paid directly by their viewers.
I have NO problem, what so ever, to pay content creators directly.
But I have HUGE problem to pay big corpos. It's ridiculous that we pay for Netflix same price as US people and for you it's cheaper than coffee and for us, if you compare median-salary, it's 5-10x MORE expensive. (cancelled every streaming platform year before as all of my friends, cloud seedbox here we go) And I don't even wanna mention Netflix's agenda they want to push (eg.: Witcher)
That's why piracy is so frequent here in small country in EU :) Also it's legal or in grey-area, because nobody enforce it or copyright companies are unable to enforce it if you don't make money from sharing. (yes, you don't even need to use VPN with torrents)
You are not standing up for them by pirating their stuff from YouTube.
If you have a problem with it, it is on you to stop using YouTube to view their content. You did not gain a moral right to pirate their stuff just because you don't like the deal.
That’s an unrealistic nerd dream. People haven’t moved off of closed social networks such as Facebook and Instagram, and haven’t flocked to creator-owned platforms such as Nebula. The general public, i.e. the majority of people, will eat whatever Google, Meta, et al feed them. No matter how bad things get, too few people abandon those platforms in favour of something more open.
Is it because it would break compatibility with some devices? Is it too expensive?
(not that I'd like that; I always download videos from YouTube for my personal archive, and I only use 3rd party or modified clients)
Sooner or later, in the next couple of years, it will happen.
This is a significant part of it. There are many smart devices that would not be capable of running that sort of software. As those cycle out of the support windows agreed way-back-when then this sort of limitation will be removed.
I'm sure this is not the only consideration, but it is certainly part of the equation.
Major platform like Netflix etc. don't implement that DRM since they care, it's because they content they distribute requires that they employ that measures, otherwise who produces the content doesn't give it to them. Content on YouTube does not have this requirement.
Also: implementing a strict DRM on all videos is probably bad for their reputation. That would restrict the devices that are able to play YouTube, and probably move a lot of content creators on other platforms that does not implement these requirements.
People underestimate how much engineering Netflix have put in over the years to get it to work seamlessly and without much playback start latency, and replicating that over literally millions of existing videos is pretty non-trivial, as is re-transcoding.
It's not because of older devices - any TV that has got a YouTube app for a decade was required to support Widevine as part of the agreement to get the app, so the tail end of devices you'd cut off would be tiny, and even if they wanted to keep them in use you could probably use the client certificate to authenticate them and disallow general web access. It wouldn't be 100% fullproof but if any open source project used an extracted key you could revoke it quickly.
https://github.com/yt-dlp/yt-dlp/wiki/EJS
it looks like deno is recommended for these reasons:
> Notes
> * Code is run with restricted permissions (e.g, no file system or network access)
> * Supports downloading EJS script dependencies from npm (--remote-components ejs:npm).
yt-dlp supports a huge list of websites other than youtube
From the September announcement:
> The JavaScript runtime requirement will only apply to downloading from YouTube. yt-dlp can still be used without it on the other ~thousand sites it supports
... Isn't the web browser's sandboxing runtime-level?
I mean, this gives me pause:
> Both QuickJS and QuickJS-NG do not fully allow executing files from stdin, so yt-dlp will create temporary files for each EJS script execution. This can theoretically lead to time-of-check to time-of-use (TOCTOU) vulnerabilities.
https://github.com/yt-dlp/yt-dlp/wiki/EJS
TOCTOU from temporary files is a solved problem.
The scale of data storage, transcoding compute, and bandwidth to run YouTube is staggering. I'm open to the idea that adblocking doesn't have much effect on a server just providing HTML and a few images, but YouTube's operating costs are (presumably, I haven't looked into it) staggering and absolutely incompatible with adblocking.
Businesses (in particular the literal biggest ad agency in the world) should know who they are partnering with. Not vetting the people they're allowing to place ads is at best negligent. The fact that the FBI warns people to use ad blockers to protect themselves from fraud (instead of anyone doing anything about it) is shameful. Someone either approved the scams or the system which allows these unvetted partners to operate. There should be a criminal investigation into how this came to be. Especially considering people have anecdotally said online that they've reported scam ads and received a reply that the ad was reviewed and determined to not violate policy (that may be Facebook, or both. In any case this applies to anyone). At that point they unambiguously have actual knowledge of and are a participant in the fraud. People at these ad companies should be looking at prison time if that is indeed happening.
I'm curious as to what the scam ads you mention actually are. I use an adblocker most of the time, and most of the adverts that I do see are annoying but fairly innocuous. Furniture, insurance, charter schools, social media apps, shitty mobile games, et cetera. I've seen plenty of slightly scummy adverts, but I can't recall seeing many that are really harmful or blatantly fraudulent. I'm curious to hear what adverts other people are seeing that are so outrageous.
Additionally, Google has a well known policy of allowing people to take out ads (which look exactly like a search result) for someone else's trademark (defeating the entire purpose of a trademark), and the FBI has a frequently referenced notice[2] to US citizens to be aware of fraud where scammers take out impersonating ads on "Internet search results" to e.g. lead people to the wrong site for financial institutions. It absolutely blows my mind that no one is prosecuted for participating in this.
[0] https://old.reddit.com/r/youtube/comments/18gjiqy/youtube_do...
[1] https://www.reddit.com/r/Scams/comments/1h6rdtj/massive_incr...
Because I don't see how scam are less illegal than showing pornography to children, yet you wouldn't dare to tell me it's fine.
Walmart has profits of $157B in 2024, but their business model isn't compatible with people just walking in and grabbing stuff without paying - and doesn't make it ethical to do so even if "they'll be just fine even if I do that"
There are companies that make money by placing ("out of home") ads in the public space. Not looking at those would then also be unethical? Priests sermoning on "thou shalt not hide thy eyes from the fancy displays in the bus stop"? An ad-police, the Conscious Ethical Viewing Effort Force Edict? That's some low-key dystopian thought.
The reason newspaper do the delivery was the promise that you'll see the ads, and they get to make money from that ads.
If they notice that you do all of the work of providing you the newspaper almost instantly and you dont see the ads, they are either gonna have to a) politely refuse to serve you b) point you to an alternate way of accessing the newspaper ("Newspaper Premium" for $$)
Second once the paper's in my hands, I get to do what I want with it, and the expectations of the paper company has no bearing on it.
If they don't want to give me the paper for free, they should stop, but they haven't yet. Their expectation to make a certain amount of revenue from ads doesn't obligate the consumer. If their business model isn't making them the profit they need, it's on them to change their strategy.
Absolutely! I run an adblocker as well!
At the same time, you'd agree they have the right to refuse to serve you (access denied) or make you jump through hoops (solve a challenge etc)
It's also ethical to change browser tabs or leave the room while the ad plays, but blocking it and costing the provider money while not contributing back is not.
Tapping into your neighbor's cable TV for free channels may not physically deprive anyone of something but it's still wrong.
YouTube broke even sometime around 2010 and has been profitable ever since. The ad revenue has always been more than enough to sustain operating costs. It's just more growthism = more ads. If you want the YouTube of 2010--you know, the product we all liked and got used to--you can't have it. Welcome to enshittification.
Personally I find YouTube unusable without an adblocker. On my devices that don't have an ad blocker, it's infuriating.
*Bias disclaimer: I work for Alphabet. Not for YouTube. There's no employee discount, I pay full price for YTP.
I can open a private window, clear cookies, clear app data or advertising id and have fresh slate that is not tainted by previous videos.
PS: While at Alphabet, if you ever run into the person who made the call to enable automatic AI translations on YT videos with no way to change language on mobile, please whack them on the head on behalf of us countless frustrated users.
This is my personal opinion. They're still affected by customer satisfaction and they're still driven by market forces. It's just that you and I are not their customers. It's not even the YT premium customers. Google is and always has been an ad service company and their primary customers have always been the big advertisers. And they do care about their experience. For example, they go overboard to identity the unique views of each ad.
Meanwhile the rest of us - those of us who don't pay, those who subscribe and even the content creators - are their captive resources whose creativity and attention they sell to the advertisers. Accordingly, they treat us like cattle, with poor quality support that they can't be bothered about. This is visible across their product lineup from YouTube and gmail to workspace. You can expect to be demonetized or locked out of your account and hung out to dry without any recourse if your account gets flagged by mistake or falsely suspected of politics that they don't like. Even in the best case, you can only hope to raise a stink on social media and pray that it catches the attention of someone over there.
Their advantage is that the vast majority of us choose to be their slaves, despite this abuse. Without our work and attention, they wouldn't have anything to offer their customers. To be fair to ourselves, they did pull off the bait and switch tactic on us in the beginning by offering YouTube for free and killing off all their competition in the process. Now it's really hard to match their hosting resources. But this is not sustainable anymore. We need other solutions, not complaints. Even paid ones are fine as long as they don't pull these sort of corporate shenanigans.
Fair opinion and I agree. Is it sustainable, you think not but I believe it doesn't matter.. Line must go up.. when you're a tech company with a finance team larger than Enron, only the number today matters. Add to that the patent worth.
The internet I loved and helped grow is something I don't recognise anymore. Maybe there's a new generation of hackers who make the new system.
463 more comments available on Hacker News
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.