imports over HTTP cannot load std lib dependencies in Node.js - the result is ERR_NETWORK_IMPORT_DISALLOWED

[zachsa]

Hi,

Using the generator to create an import map for Node.js, many NPM libraries reference Node.js std lib libraries. Using Node.js 19.5.0, I am getting ERR_NETWORK_IMPORT_DISALLOWED whenever a library that is loaded from ga.jspm.io imports a node.js std lib import.

For example:

Error [ERR_NETWORK_IMPORT_DISALLOWED]: import of 'node:process' by https://ga.jspm.io/npm:dataloader@2.1.0/index.js is not supported: only relative and absolute specifiers are supported.
    at new NodeError (node:internal/errors:399:5)
    at checkIfDisallowedImport (node:internal/modules/esm/resolve:931:13)
    at defaultResolve (node:internal/modules/esm/resolve:1029:23)
    at nextResolve (node:internal/modules/esm/loader:163:28)
    at resolve (file:///home/zach/code/saeon/repositories/somisana/web/loaders/http-loader/index.js:20:14)
    at nextResolve (node:internal/modules/esm/loader:163:28)
    at resolve (file:///home/zach/code/saeon/repositories/somisana/web/node_modules/@node-loader/import-maps/lib/node-import-map-loader.js:15:10)
    at async nextResolve (node:internal/modules/esm/loader:163:22)
    at async resolve (file:///home/zach/code/saeon/repositories/somisana/web/loaders/std-lib-imports/index.js:2:17)
    at async nextResolve (node:internal/modules/esm/loader:163:22) {
  code: 'ERR_NETWORK_IMPORT_DISALLOWED'
}

I can omit dependencies from the Node import map that reference std lib modules, but there are many client libraries that also reference std libraries. And in some cases client libraries and server libraries have the same dependency.

For example the graphql library is used by Apollo client and Apollo server libraries. If I omit the graphql library then my Node.js application imports 2 separate instances of graphql. This gives the following error:

Duplicate "graphql" modules cannot be used at the same time since different
versions may have different capabilities and behavior. The data from one
version used in the function from another could produce confusing and
spurious results.
    at instanceOf (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/jsutils/instanceOf.js:44:19)
    at isSchema (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/type/schema.js:32:37)
    at assertSchema (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/type/schema.js:36:8)
    at validateSchema (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/type/validate.js:34:28)
    at assertValidSchema (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/type/validate.js:56:18)
    at assertValidExecutionArguments (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/execution/execute.js:194:35)
    at execute (/home/zach/code/saeon/repositories/somisana/web/node_modules/graphql/execution/execute.js:113:3)
    at generateSchemaHash (/home/zach/code/saeon/repositories/somisana/web/node_modules/apollo-server-core/dist/utils/schemaHash.js:15:44)
    at ApolloServer.generateSchemaDerivedData (/home/zach/code/saeon/repositories/somisana/web/node_modules/apollo-server-core/dist/ApolloServer.js:382:64)
    at Object.schemaDerivedDataProvider (/home/zach/code/saeon/repositories/somisana/web/node_modules/apollo-server-core/dist/ApolloServer.js:166:65)

Here's another example using the koa library: https://generator.jspm.io/#02JhYGBkDM0rySzJSU1hyM5PdDDSMzTRMwQAmC7v/RkA.

As far as I can tell, Node.js will not allow importing node:assert from a library loaded over HTTPS. Is there any way to address this?

[zachsa]

(as far as I can tell this wasn't an issue in Node v16.14.2)

[guybedford]

You'd need to create a custom Node.js loader that can get around this restriction in Node.js. Work on such a project would be great to see. Happy to provide guidance if you're interested in working on this, it should be a relatively small OSS project.

[zachsa]

I did get this to work - I got a little confused updating the loaders from the old v16 API to the new one. Here is a reference in case this is of some help: https://github.com/SAEON/somisana/blob/94b86fb95e5255c49bcf095930289ee15f263b4b/web/chompfile.toml#L29-L31