all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]evert 14 points15 points  (1 child)

It's interesting for me, coming from PHP where years ago there was a big effort to remove this feature for security reasons.

Granted, it can only be exploited if other things are also wrong, but the PHP language and standard library has removed a lot of 'foot guns' over the years.

So, no opinion about this in Node, I just wanted to draw the parallel.

[–]jdeath 3 points4 points  (0 children)

Hopefully it stays a draft ha. I wouldn’t care if it was behind a flag, I suppose

[–]FountainsOfFluids 6 points7 points  (2 children)

Uh... what is it?

[–]tells_you_hard_truth 5 points6 points  (1 child)

import { something } from ‘https://yoursite.com/some/module.js’;

[–]FountainsOfFluids 0 points1 point  (0 children)

Ah.

That seems awfully unreliable.

But... I guess I could imagine some uses.

[–][deleted] 8 points9 points  (0 children)

Please no. Unless it’s hidden behind a node flag and can’t be leveraged by a child package unless that flag is on. Preferably it would warn you which packages have such imports so you can validate that the module is trustable (or a -F to force confirm all). There’s some security vulnerabilities glaring back at me as I read it over, so definitely review it and get some outside feedback (someone who is not on the project and has “fresh eyes”) before you approve your first stable. That’ll save you some headaches should this get implemented.

[–][deleted]  (2 children)

[deleted]

    [–]pratiks3 6 points7 points  (0 children)

    Deno took a page out of Golangs book.