Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make socket.io including dependencies esm compatible #1536

Closed
Artur- opened this issue Apr 4, 2022 · 4 comments
Closed

Make socket.io including dependencies esm compatible #1536

Artur- opened this issue Apr 4, 2022 · 4 comments
Labels
enhancement New feature or request
Milestone
4.5.0

Comments

@Artur-
Copy link

Artur- commented Apr 4, 2022

Is your feature request related to a problem? Please describe.
@web/test-runner only supports ESM imports: modernweb-dev/web#1439. It is currently not possible to use socket.io with that.

Describe the solution you'd like
All dependencies of socket.io-client should be ESM modules. Right now there are problems with at least

  • @socket.io/component-emitter
  • parseuri
  • parseqs
  • yeast
  • ws (shouldn't be loaded at all as far as I understand)
@Artur- Artur- added the enhancement New feature or request label Apr 4, 2022
@Artur-
Copy link
Author

Artur- commented Apr 4, 2022

In practice you likely need to mock socket.io in most tests which makes this a not that major issue for this use case

@darrachequesne
Copy link
Member

darrachequesne commented Apr 5, 2022
edited
Loading

That sounds reasonable 👍

Here is the list of the dependencies for the Socket.IO client:

Dependency Repository ESM?
@socket.io/component-emitter https://github.com/socketio/emitter/ ✔️ (@socket.io/component-emitter@3.1.0)
backo2 https://github.com/mokesmokes/backo
debug https://github.com/debug-js/debug
ms https://github.com/vercel/ms
engine.io-client https://github.com/socketio/engine.io-client/ ✔️
engine.io-parser https://github.com/socketio/engine.io-parser ✔️
@socket.io/base64-arraybuffer https://github.com/socketio/base64-arraybuffer ✔️
has-cors https://github.com/component/has-cors ✔️ (engine.io-client@6.2.0)
parseqs https://github.com/galkn/querystring ✔️ (engine.io-client@6.2.0)
parseuri https://github.com/galkn/parseuri ✔️ (engine.io-client@6.2.0)
yeast https://github.com/unshiftio/yeast ✔️ (engine.io-client@6.2.0)
socket.io-parser https://github.com/socketio/socket.io-parser ✔️

Both ws and xmlhttprequest-ssl are only needed for Node.js, so I think they can be ignored in that case.

From: https://socket.io/docs/v4/client-installation/#dependency-tree

darrachequesne added a commit to socketio/engine.io-client that referenced this issue Apr 13, 2022
@darrachequesne
refactor: import single-file 3rd party modules
df32277 
This commit allows to:

- provide an ESM version of those modules ([1])
- reduce the attack surface in case of supply chain attacks
- reduce the size of the bundle with tree-shaking

As a downside, we won't receive security updates for those modules
anymore.

[1]: socketio/socket.io-client#1536
@Waxolunist
Copy link

Actually it would make it simpler for example in conjunction with esbuild or build less execution if they would be esm compatible.

darrachequesne added a commit to socketio/emitter that referenced this issue Apr 17, 2022
@darrachequesne
feat: add ESM version
54468cf 
Related: socketio/socket.io-client#1536
darrachequesne added a commit to socketio/socket.io-parser that referenced this issue Apr 17, 2022
@darrachequesne
chore: bump @socket.io/component-emitter to version 3.1.0
6c9cb27 
Related: socketio/socket.io-client#1536
darrachequesne added a commit that referenced this issue Apr 23, 2022
@darrachequesne
refactor: import single-file 3rd party modules
6fdf3c9 
This commit allows to:

- provide an ESM version of those modules ([1])
- reduce the attack surface in case of supply chain attacks
- reduce the size of the bundle with tree-shaking

As a downside, we won't receive security updates for those modules
anymore.

[1]: #1536

Related: socketio/engine.io-client@df32277
@darrachequesne
Copy link
Member

OK, so starting from socket.io-client@4.5.0 we only include ESM compatible dependencies!

@darrachequesne darrachequesne added this to the 4.5.0 milestone Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
4.5.0
Development

No branches or pull requests
3 participants
@Artur- @Waxolunist @darrachequesne