And what the difference?

[HawkeyePierce89]

Resources will be fetched at the very first build, then the response will be cached in ~/.cache/import-http dir

Congratulations, you have rediscovered node_modules.

[mreinstein]

It is not the same thing at all.

node_modules/ has it's own directory traversal logic, and it is specific to whatever directory your are in. import-http is by default cacheing modules to a shared location (in the user's home directory.)

It is also different in that node_modules is only touched via npm operations and it's specifically tied to contents of package.json.

This issue should be closed.

[resynth1943]

This isn't really a helpful issue :-(

[bigfactory]

Have the same question .
When use import-http, every where you import a module, you need to write a full URL.

a.js:
import React from 'https://unpkg.com/react';

b.js:
import React from 'https://unpkg.com/react';

VS

a.js:
import React from 'react';

b.js:
import React from 'react';

package.json:
 'react': '17.0.0'

Which one is better, or which situation we need to use 'import-http'?

[mreinstein]

which situation we need to use 'import-http'?

When you're in a non-browser environment and would like to import fully qualified modules. Which at the moment, is just node. All major browsers and deno already support fully qualified import URLs without any kind of plugin.

[bigfactory]

which situation we need to use 'import-http'?

When you're in a non-browser environment and would like to import fully qualified modules. Which at the moment, is just node. All major browsers and deno already support fully qualified import URLs without any kind of plugin.

That is what I am confuse.
I understand browser environment have remote import is great,
but why we need this in a node environment?

[mreinstein]

but why we need this in a node environment?

If you want to use modules in node apps that reference fully qualified URLs. An example.

Pretend I have a module hosted at https://example/foo.js:

export default function foo (a, b) {
     // do some magical magic here
}

and I have a module hosted at https://example/bar.js:

import foo from 'https://example/foo.js'

export default function bar (c, d) {
     const result = foo(c + 12, d + 'yep')
}

You can use bar.js without needing any build steps or special tools in a web page, or in deno. But node cannot (yet.) so import-http makes it possible by allowing stuff to be bundled for usage in node environments.

[HawkeyePierce89]

Import by URL is the absolutely unsafe method of application development

[mreinstein]

Import by URL is the absolutely unsafe method of application development

That's your opinion. You're certainly entitled to your own opinion. :)

No one is forcing you to use this. It is something that some people want to explore, and that's the purpose of this module.

[HawkeyePierce89]

I understand you. You don't have any more arguments about real usefulness of this tool, so you say about opinion.

[mreinstein]

You don't have any more arguments about real usefulness of this tool, so you say about opinion.

That's an unnecessarily aggressive stance. There's no need to shit on other people's ideas just because you don't like them or understand them.

Import by URL is the absolutely unsafe method of application development

You just described using npm modules too. You're confusing the threats. Assuming you are using a CDN with adequately configured https servers, the hosting method is not the threat. The threat is blindly using code hosted on the internet, not which http server is responsible for hosting it.

[HawkeyePierce89]

| That's an unnecessarily aggressive stance
This is an unnecessary remark.

Npm registry and import by url completely different in terms of security. And https does not in any way affect the security of the server from external compromise.