local-fs-https-imports
v1.1.0
Published
make a local copy of https imports and output a policy file
Downloads
7
Readme
Local FS HTTPS Imports
Usage
local-fs-https-imports app.js > policy.json
node --experimental-policy policy.json app.js
Would allow an app.js
with:
import 'https://flavio-es-modules-example.glitch.me/script.js';
To run.
What does it do?
It parses an entry module and crawls the source text looking for import
s. When it finds an import it tries to resolve the URL it points to. If it finds a https:
URL it saves it to disk under node_modules/.https/
. After it is done crawling the entry module graph it creates a Node.js Policy Manifest to redirect requests to those URLs to the files on disk instead and prints it to STDOUT.
Is this production ready?
Maybe? I am biased though. The resolver isn't as feature complete as the Node builtin resolver.
I want feature X!
PR it, this is mostly a proof of concept to help get HTTPS imports rolling in Node.js core by showing a potential set of semantics we can experiment with.
Support Matrix
Feature | Status | Notes
---- | ---- | ----
content-type
header | working | only JavaScript MIMEs are supported, saves as .mjs files to disambiguate regardless of package "type"
CORS | missing | could be implemented, but really unclear given the same origin model on what the "base" origin should be. Node PR uses multiple origins to solve this, could do so here
authorization
header | missing | no cookie jar implemented here currently to do so
http:
| won't fix | use https:
cache-control | won't fix | this saves the state at the time of running the script, expiration won't break your program
import.meta.url
| won't fix | this points to the local file, it won't point to a dynamic server URL. This means some asset management won't work such as using fetch
. This however prevents potential problems with missing assets only working sometimes or being vulnerable to manipulation compared to the cache