Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

dynamic-import-polyfill

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dynamic-import-polyfill

A polyfill for the native import() in the browser

  • 0.1.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Dynamic import() polyfill

A fast, tiny polyfill for dynamic import() that works in all module-supporting browsers. The polyfill feature detects built-in import() support and defers to the native version if available. For browsers without module support, you can use the module/nomodule technique to generate a fully ES5-compatible bundle.

Installation

You can install this library from npm by running:

npm install dynamic-import-polyfill

Usage

To use the polyfill, just initialize it once, in your app's main entry point before dynamically importing any modules. If you have multiple entry points, just add it to the entry point that will be evaluated first.

import dynamicImportPolyfill from 'dynamic-import-polyfill';

// This needs to be done before any dynamic imports are used.
dynamicImportPolyfill.initialize({
  modulePath: '/public', // Defaults to '.'
  importFunctionName = '$$import' // Defaults to '__import__'
});

Configuration options

NameTypeDescription
modulePathstring

A path for which all relative import URLs will resolve from.

Default: '.'

This should be an absolute path to the directory where your production modules are deployed (e.g. /public/). If given a relative path, it is resolve against the current page's URL.

importFunctionNamestring

The name of the dynamic import polyfill function added to the global scope. (Note: a name other than import is required because "import" is a keyword in JavaScript.)

Default: '__import__'

If you're using a bundler that supports renaming import() to another name, make sure you choose the same name used here.

Content Security Policy (CSP)

This polyfill uses new Function() to feature detect dynamic import() support, and that detect will always fail if your Content Security Policy (CSP) does not allow 'unsafe-eval' (which most do not). This is generally fine, however, because the polyfill fallback will be used instead. Just be aware that such CSP policies will prevent the browser from using its native dynamic import(), even when supported.

In addition, this polyfill uses Blob URLs to load modules dynamically, and in order for this to work you must configure your Content Security Policy to allow Blob in your script-src settings.

Here's an example Content Security Policy that works (cross-browser) with this polyfill:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' blob:">

Examples

rollup-native-modules-boilerplate features a complete example demonstrating how to use this polyfill with full, cross-browser support for legacy browsers. For more details on the techniques used in this demo, see Using Native JavaScript Modules in Production Today by @philipwalton.

Limitations

This polyfill does not support import.meta, as it is generally not needed when using a bundler that outputs all your modules to the same directory. Bundlers can also resolve import.meta at build time, so oftentimes import.meta does not appear in the final module output.

If import.meta support is a requirement for your use case, es-module-shims by @guybedford may be an option.

Credits

This polyfill was inspired from prior work in this space by these projects:

License

MIT

Keywords

FAQs

Package last updated on 28 Aug 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc