feat(endo): Add CommonJS and JSON module support

[kriskowal]

Achieves parity with Node.js behavior regarding the "type": "module" declaration in package.json, determining whether .js files are CommonJS or ECMAScript modules. Also treats the "module" declaration as a hint that the denoted module is an ESM, regardless of its extension.

The emulation of Node.js behavior is not exact.

• In Node.js, ECMAScript modules can use require to import CommonJS modules, but cannot use import from CommonJS. In Endo.js, an ESM can only use import and a CJS module can only use require, but both can be used to import any supported module including ECMAScript modules, CommonJS modules, and JSON modules.
• In Node.js, a CommonJS script cannot use require to import a CommonJS. module. In Endo.js, they can.
• The Endo.js convention for ESM importing CJS is that require will return the default export if it exists and assigning to module.exports is equivalent to assigning to exports.default. This may break existing CommonJS code in the rare case that has an export named default. Consequently, ESM and CJS destructuring imports are the same.
• This works because Endo.js uses the same heuristics as build-tools for CommonJS imports. The require calls must be exclusively static, meaning the argument must be a string and all imports are unconditional.
• Of course, Endo.js only works for modules within packages. Imports cannot reach arbitrarily outward into the filesystem.
• Node.js ESM cannot use import to load a JSON module. Endo.js can import JSON into any module. The module formats are orthogonal.

[kriskowal]

cc @kumavis This came together faster than expected.

[kriskowal]

Replaced the whacky regex with a proper Babel visitor, so static analysis for require(id) calls is now as accurate as it will likely get.

[warner]

Could you rebase this when you get a chance? The diff currently shows all the endo-main changes too, which should go away when the branch is moved to sit properly on top of the updated target.

[kriskowal]

Could you rebase this when you get a chance? The diff currently shows all the endo-main changes too, which should go away when the branch is moved to sit properly on top of the updated target.

Rebased this stack.

[warner]

minor changes. looks good!

[warner]

If the code were failing to find inner-scope'd require, would this second occurrence of require("b") make this test fail to find the bug? I.e does this occurrence nullify the negative predictive value of the test?

[warner]

also, maybe this test should exercise a space betwen require and ( , and perhaps a newline, if those are things that Node will accept

[warner]

eh, probably not worth it, we are using a proper parser after all. (back in my day, we made do with regexps, and I would have been worried about something like this. Six feet of snow, uphill both ways, yadda yadda)

[kriskowal]

There’s a commit with the regex version in this very stack, borrowed from my back-in-the-day implementation ❤️

[warner]

this file doesn't appear to be used (yet)?

[warner]

in Jetpack, our recommendation for this was to combine the two effects:

if (false) { require('thing1'); }
if (false) { require('thing2'); }
...
const needed = condition ? 'thing1' : 'thing2';
require(needed);

.. but really, if you're reaching for something like that, there's probably something deeper going on, and you're going to get into trouble anyways.

[warner]

Curious, why is exports passed into execute() when it seems the only properties on it come from the module being loaded? I would have expected execute() to return exports instead. Is this some quirk of the new module loader specification?

[kriskowal]

CommonJS has always supported cyclic dependencies in this fashion. Two modules can mutually require as long as they lazy-bind properties of the exports returned by require, and as long as they use exports.property = assignment instead of module.exports = replacement. The module.exports property was not part of the original CommonJS, although it has become dominant usage in Node.js. The module object originally existed in CommonJS to fulfill the same function as import.meta.

[warner]

Any thoughts about using "esm" for the name of the language, rather than "mjs"? I was puzzled for a while until I realized this was not an extension name.

[kriskowal]

As you noted later, this becomes coherent with the "parsers" directive in package.json that we need in order to break the log-jab between Node.js and -r ESM’s interpretation of the "type": "module" directive. I felt that translating between "esm" in the domain and "mjs" in the range for just this one format may have been more confusing.

[warner]

I think this needs a different name (maybe d) to test inner scopes without interference from the same-named require('b') on line 9. If the parser had a bug in which inner scopes were ignored, this test would yield a false positive.

[warner]

you might consider a test that require('e', otherarg) is ignored, since that's known behavior of the parser. OTOH I'd understand if you wanted to omit it, since ignoring multi-arg require is not really part of the spec.

[warner]

for the sake of visual comparison, these should both have their keys in the same order, rather than swapping cjs/mjs between the two

[warner]

nevermind, I see this issue goes away in another couple of PRs