feat!: support package.json.exports field for npm dependencies used within Netlify Edge Functions #6167
Conversation
JakeChampion
force-pushed
the
jake/efs
branch
7 times, most recently
from
b6c2857 to
3802e0f
Compare
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
1 similar comment
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
2 similar comments
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
…ithin Netlify Edge Functions
The current edge-bundler attempts to import a dependency via it's package-name,
for example if the edge-function was importing `@secret/magic/sdk/meow`, then
the edge-bundler would attempt to import `@secret/magic` during it's bundling process.
This hits an issue if the dependency being imported is using the packge.json.exports field
and has not allowed the bare package-name to be imported.
We can see this issue with package's such as `@modelcontextprotocol/sdk` which has an exports
field defined like so:
```
"exports": {
"./*": {
"import": "./dist/esm/*",
"require": "./dist/cjs/*"
}
},
```
This patch reimplements the edge-bundler's logic so that it uses the same import as that used
within the edge-function itself, going back to our previous example of importing
`@secret/magic/sdk/meow` in the edge-function, the edge-bundler will now also import
`@secret/magic/sdk/meow` during it's bundling process. This solves the issue mentioned about a
package not exporting it's bare package-name.
The patch has changed how edge-bundler parses edge-functions for their imports, it no longer uses
vercel/nft as that package finds the files being used, but the files may not be directly
importable due to a package.json.exports field definition. This has been replaced with
`parse-imports`, which does a lexical scan of the files to find the import tokens.
This approach is useful in that we can now detect all the different types of imports,
such as if they are static or dynamic imports. For dynamic imports we can also detect
if the import-specifier is a constant or not - this is useful because if it is a constant
then we are able to bundle it, if it is not a constant, we could decide to report that the
import may not work.
The previous approach using vercel/nft did have the ability to find paths which are used but
not imported, such as paths used within `fs.readFile` etc, vercel/nft would mark those as "assets".
edge-bundler would keep track of the dependencies which had "assets" and mark them as containing
'extraneous files'.
The CLI, if invoked with the `dev` command would then print out a note like this:
>The following npm modules, which are directly or indirectly imported by an edge function,
>may not be supported: dictionary. For more information, visit https://ntl.fyi/edge-functions-npm.
This note was only shown for the `dev` command and not for `build` or `deploy`, a build and a
deployment were still possible to take place.
This patch has not implemented this note for the `dev` command, I don't think this is an issue.
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
|
This pull request adds or modifies JavaScript ( |
|
@JakeChampion Not sure if you're aware, but if not: Heads up that this changes |
I am 👍 |
The current edge-bundler attempts to import a dependency via it's package-name, for example if the edge-function was importing
@secret/magic/sdk/meow, then the edge-bundler would attempt to import@secret/magicduring it's bundling process. This hits an issue if the dependency being imported is using the packge.json.exports field and has not allowed the bare package-name to be imported.We can see this issue with package's such as
@modelcontextprotocol/sdkwhich has an exports field defined like so:This patch reimplements the edge-bundler's logic so that it uses the same import as that used within the edge-function itself, going back to our previous example of importing
@secret/magic/sdk/meowin the edge-function, the edge-bundler will now also import@secret/magic/sdk/meowduring it's bundling process. This solves the issue mentioned about a package not exporting it's bare package-name.The patch has changed how edge-bundler parses edge-functions for their imports, it no longer uses vercel/nft as that package finds the files being used, but the files may not be directly importable due to a package.json.exports field definition. This has been replaced with
parse-imports, which does a lexical scan of the files to find the import tokens. This approach is useful in that we can now detect all the different types of imports, such as if they are static or dynamic imports. For dynamic imports we can also detect if the import-specifier is a constant or not - this is useful because if it is a constant then we are able to bundle it, if it is not a constant, we could decide to report that the import may not work.The previous approach using vercel/nft did have the ability to find paths which are used but not imported, such as paths used within
fs.readFileetc, vercel/nft would mark those as "assets". edge-bundler would keep track of the dependencies which had "assets" and mark them as containing 'extraneous files'.The CLI, if invoked with the
devcommand would then print out a note like this:This note was only shown for the
devcommand and not forbuildordeploy, a build and a deployment were still possible to take place.This patch has not implemented this note for the
devcommand, I don't think this is an issue.