Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
dynamic-import-polyfill
Advanced tools
import()
polyfillA fast, tiny polyfill for dynamic import()
that works in all module-supporting browsers. The polyfill feature detects built-in import()
support and defers to the native version if available. For browsers without module support, you can use the module/nomodule technique to generate a fully ES5-compatible bundle.
You can install this library from npm by running:
npm install dynamic-import-polyfill
To use the polyfill, just initialize it once, in your app's main entry point before dynamically importing any modules. If you have multiple entry points, just add it to the entry point that will be evaluated first.
import dynamicImportPolyfill from 'dynamic-import-polyfill';
// This needs to be done before any dynamic imports are used.
dynamicImportPolyfill.initialize({
modulePath: '/public', // Defaults to '.'
importFunctionName = '$$import' // Defaults to '__import__'
});
Name | Type | Description |
---|---|---|
modulePath | string |
A path for which all relative import URLs will resolve from. Default: This should be an absolute path to the directory where your production modules are deployed (e.g. |
importFunctionName | string |
The name of the dynamic import polyfill function added to the global scope. (Note: a name other than Default: If you're using a bundler that supports renaming |
This polyfill uses new Function()
to feature detect dynamic import()
support, and that detect will always fail if your Content Security Policy (CSP) does not allow 'unsafe-eval'
(which most do not). This is generally fine, however, because the polyfill fallback will be used instead. Just be aware that such CSP policies will prevent the browser from using its native dynamic import()
, even when supported.
In addition, this polyfill uses Blob
URLs to load modules dynamically, and in order for this to work you must configure your Content Security Policy to allow Blob
in your script-src
settings.
Here's an example Content Security Policy that works (cross-browser) with this polyfill:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' blob:">
rollup-native-modules-boilerplate
features a complete example demonstrating how to use this polyfill with full, cross-browser support for legacy browsers. For more details on the techniques used in this demo, see Using Native JavaScript Modules in Production Today by @philipwalton.
This polyfill does not support import.meta
, as it is generally not needed when using a bundler that outputs all your modules to the same directory. Bundlers can also resolve import.meta
at build time, so oftentimes import.meta
does not appear in the final module output.
If import.meta
support is a requirement for your use case, es-module-shims
by @guybedford may be an option.
This polyfill was inspired from prior work in this space by these projects:
0.1.0 (2019-08-16)
FAQs
A polyfill for the native import() in the browser
The npm package dynamic-import-polyfill receives a total of 13,070 weekly downloads. As such, dynamic-import-polyfill popularity was classified as popular.
We found that dynamic-import-polyfill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.