Tracking issue: require(esm)

[joyeecheung]

Before it's unflagged

• Figure out default export interop with transpilers, either adding __esModule to required ESM on our end (module: add __esModule to require()'d ESM #52166), or transpilers update themselves to check the result returned by require():
• conditional exports for module, regardless of whether it's loaded by require or import. Something like module which is recognized by Webpack and Rollup would be good (maybe this doesn't need to block unflagging, but should be done before stablization) module: implement the "module-sync" exports condition #54648
• Move experimental warning to where require() is actually handling a ESM

Before it is promoted to be stable:

• Implement detection module: support ESM detection in the CJS loader #52047
• Some marker to customize the default exports returned by require(esm) module: support 'module.exports' interop export name in require(esm) #54563
• Support module customization hooks doc: add synchronous hooks proposal loaders#198

Nice-to-haves:

• Add API for dumping or inspecting the consolidated CJS and EJS module graph #52180
• Provide some mechanism to conditionally and synchronously import modules (or just builtins) from ESM #52599 (fixed in process: add process.getBuiltinModule(id) #52762)

Bug fixes & changes:

• module: disallow CJS <-> ESM edges in a cycle from require(esm) #52264
• module: fix submodules loaded by require() and import() #52487
• module: support ESM detection in the CJS loader #52047
• module: cache synchronous module jobs before linking #52868
• module: add __esModule to require()'d ESM #52166
• module: remove bogus assertion in CJS entrypoint handling with --import #54592
• module: implement the "module-sync" exports condition #54648
• module: check --experimental-require-module separately from detection #55250

Related features that interoperate with require(esm) and need to be considered when being backported together:

• module: unflag detect-module #53619
• module: add --experimental-strip-types #53725

For v22.x backport (see a summary of regression analysis in #55217 (comment))

• process: add process.features.require_module #55241
• module: use kNodeModulesRE to detect node_modules #55243
• src: implement IsInsideNodeModules() in C++ #55286
• [v22.x] backport unflagging of --experimental-require-module and related fixes/refactorings #55217

[GeoffreyBooth]

@nodejs/loaders

[jakebailey]

I just wanted to note it here, but it would be super super awesome if (once stable) this were backported to Node 20/22 or even Node 18 if still in support. I'd love to be able to propose a change to switch TypeScript to ESM (given I have it working without breaking CJS consumers), but the time horizon of Node 22 being the oldest supported version is pretty daunting.

It also seems like there is a hacky way using multiple entrypoints that could allow for TS to grab Node's builtins conditionally without #52599/#52762, though none of that is possible without require(ESM), of course.

Even without TypeScript's use case, I think the feature itself is a really important one for the ecosystem. Backporting would really make ESM changeovers a lot less painful.

[Andarist]

IIRC from some Twitter threads - there is a plan to backport this once the feature stabilizes.

[joyeecheung]

Regarding the conditional exports, @guybedford suggested to implement just the module condition that Rollup and Webpack already recognize. I have a WIP but need to do some testing which involves many combinations of test cases 😵‍💫 but will also do some npm crawling to see if it can be picked up/is in conflict with any existing popular packages.

[GeoffreyBooth]

@guybedford suggested to implement just the module condition that Rollup and Webpack already recognize.

The module top level field, or within exports?

Personally I think require-module makes more sense, as it would complement the existing require and import keys that Node supports.

[joyeecheung]

Opened PR for "module" in #54648

Personally I think require-module makes more sense, as it would complement the existing require and import keys that Node supports.

If we are starting from scratch, yes, but then the "module" condition has already been adopted by bundlers that support require(esm) in the wild, so it seems better to go along with the existing convention. See https://gist.github.com/sokra/e032a0f17c1721c71cfced6f14516c62

[voxpelli]

Raised a question on Twitter to @joyeecheung on my conclusions in https://github.com/voxpelli/investigation-esm-require where it seems like Node 22.9.0 may unintentionally allow some ESM-files to be loaded even without the flag: https://twitter.com/voxpelli/status/1841818608713826693

Mentioning here for sake of completeness, if deemed a correct observation a proper issue will be created

[voxpelli]

The above resulted in a PR to fix it: #55250

[targos]

It looks like npm itself triggers the warning:

$ make lint
cd tools/eslint && if [ -x ""/Users/mzasso/git/nodejs/node/node"" ] && [ -e ""/Users/mzasso/git/nodejs/node/node"" ]; then ""/Users/mzasso/git/nodejs/node/node"" /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci; elif [ -x `command -v node` ] && [ -e `command -v node` ] && [ `command -v node` ]; then `command -v node` /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci; else echo "No available node, cannot run \"node /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci\""; exit 1; fi;
npm warn cli npm v10.8.3 does not support Node.js v23.0.0-pre. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
(node:45192) ExperimentalWarning: Support for loading ES Module in require() is an experimental feature and might change at any time
    at emitExperimentalWarning (node:internal/util:269:11)
    at loadESMFromCJS (node:internal/modules/cjs/loader:1388:5)
    at Module._compile (node:internal/modules/cjs/loader:1517:5)
    at Module._extensions..js (node:internal/modules/cjs/loader:1672:16)
    at Module.load (node:internal/modules/cjs/loader:1328:32)
    at Module._load (node:internal/modules/cjs/loader:1138:12)
    at TracingChannel.traceSync (node:diagnostics_channel:315:14)
    at wrapModuleLoad (node:internal/modules/cjs/loader:218:24)
    at Module.require (node:internal/modules/cjs/loader:1350:12)
    at require (node:internal/modules/helpers:138:16)

added 185 packages, and audited 186 packages in 8s

41 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
Running JS linter...

[joyeecheung]

Yes, because of debug, which I covered in #55217 (comment) and addressed in the last commit of the backport PR. In the last TSC meeting we agreed to silence the warning when require() comes from node_modules on v22 and keep it on v23 to help people notice and update them (with #55241)

[jonkoops]

@joyeecheung is the intention to eventually backport your efforts to 20.x and 18.x as well? Or is your intention to land this in 22.x and 23.x only?

[joyeecheung]

From the release WG session at the collab summit, we had the greenlight to unflag it to v20.x, assuming that it is backportable - v20.x is a pretty old branch compared to main so it will take some effort to backport all the recent changes, which involve some refactoring. It will also only happen after v22.x unflagging is released and tested. If things go well in v22.x, and we manage to backport it properly to v20.x, we'll unflag it in v20.x in a later release.

[jonkoops]

Thanks for the explainer. I assume that 18.x will not be receiving any backports considering its relative old age and EOL next year?

[joyeecheung]

Yeah v18.x is not impossible, but it's up to the release team to decide. To backport it we'll need

1. The release team giving it a green light
2. A volunteer doing the backport (finding and git-cherry-picking all the relevant patches from main to v18.x-staging, resolving all the conflicts and making sure it's still working as intended, then opening a backport PR to v18.x-staging branch)
3. A volunteer from the releasers team to merge the backport PR to v18.x-staging and do all the steps in https://github.com/nodejs/node/blob/main/doc/contributing/releases.md to complete the release.

Not sure about 1 because it was never really discussed. 2-3 will probably lack volunteers considering v18.x is approaching EOL (2 can be done by anyone interested in doing so, doesn't need to be an existing contributor though).

[jonkoops]

I'd volunteer to help out to get the backport for v18.x done, as I find your work incredibly valuable, especially as a package author dealing with the module dichotomy. But I fear that I would lack the required expertise (and time) to get it done. Still, it would be incredibly valuable to the larger JavaScript community.

[voxpelli]

There’s no feature freeze or such a few months prior to a major losing LTS status? Adding something new that can introduce bugs right before stopping all bug fixing feels wrong

[joyeecheung]

I don't think there is a feature freeze policy, but things are subject to the discretion of the release team (hence 1 mentioned above)

[richardlau]

Node.js 18 is in the maintenance phase of LTS and the default position of the Release WG is that new features do not land on it:

https://github.com/nodejs/Release?tab=readme-ov-file#release-phases

• Maintenance - Critical bug fixes and security updates. New features may be added at the discretion of the Release team - typically only in cases where the new feature supports migration to later release lines.

Now "supports migration to later release lines" could reasonably be applied to this feature, but it would have to be balanced against risk and personally I'd need a lot more convincing to allow it on Node.js 18 given differences in module loading (several things that are on main/23 are not in Node.js 18 -- if there's uncertainty/trickiness in backporting to 20, backporting to 18 is going to be even harder/riskier).

FWIW the discretion part was added for smaller, self-contained things such as node-addon-api features.

[voxpelli]

If things go well in v22.x, and we manage to backport it properly to v20.x, we'll unflag it in v20.x in a later release.

And that timeline gives very little time to land anything in v18.x, as it should first be proven in v22.x, then added to v20.x and probably become proven there as well, and only after that would it be up for backport into v18.x, and who knows at which date that ends up, probably at least January or February?