Go ESM-only - Githubissues

jshttp / cookie

HTTP server cookie parsing and serialization

MIT License

1.36k stars 158 forks source link

Go ESM-only #211

Open balazsorban44 opened 3 days ago

balazsorban44 commented 3 days ago

First of all, thanks for the work on this library! It is appreciated!

The minimum required Node.js version is 18, which supports ESM.

Ref:

As far as I understand, most bundlers support CommonJS. I think this will make sense to revisit if/when we go ESM only.

The opposite is true as well, ESM is supported by all modern bundlers, as it is the actual standard.

Context: This is currently making it hard to adapt @auth/core (a dependent of the cookie library), which is an ESM-only package, expected to run well in ESM-only environments. Currently it does not, unfortunately: https://x.com/OrJDevv/status/1853418682522763369

This issue is more of a probing on the willingness to re-visit the ESM path.

My alternatives:

vendor the package source into @auth/core
maintain an ESM-only fork

Both of which ideally I would like to avoid long-term. :pray:

bjohansebas commented 3 days ago

Or maybe we could compile to ESM and CommonJS now that cookie uses TypeScript and needs to be transpiled anyway. Although this would increase the package size, it’s just an idea.

kjugi commented 3 days ago

@bjohansebas That would be a solution but in the Ref comment linked by @balazsorban44 we can find:

...I'm going to close this one as we won't be adding dual package publishing in the immediate future...

from @blakeembrey. Was it discussed in the weekly TC meeting? I think I remember something but no details. If not, can we include it as a topic on the agenda for the next meeting?

wesleytodd commented 3 days ago

This has been discussed in a few forums. Please search the issues.

TLDR: this package is staying commonjs for a while. You can safety import commonjs in every environment we support (including into ESM files) and you still cannot import ESM into some environments we support (current Node.js LTS if using require in a CJS file). I am not going to close this because it would be good to have a single place for folks to have this conversation (especially to hear from other project members, although they have mostly all shared their opinions elsewhere in cookie issues).

EDIT: I guess an EDIT should be made to directly address the op.

expected to run well in ESM-only environments

Can you give a clear and concrete example of this package not "running well in an esm only env"? The browser without a bundler is not a supported environment and never has been.