Tracking issue: require(esm)

[joyeecheung]

Before it's unflagged

• Figure out default export interop with transpilers, either adding __esModule to required ESM on our end (module: add __esModule to require()'d ESM #52166), or transpilers update themselves to check the result returned by require():
• conditional exports for module, regardless of whether it's loaded by require or import. Something like module which is recognized by Webpack and Rollup would be good (maybe this doesn't need to block unflagging, but should be done before stablization) module: implement the "module-sync" exports condition #54648
• Move experimental warning to where require() is actually handling a ESM

Before it is promoted to be stable:

• Implement detection module: support ESM detection in the CJS loader #52047
• Some marker to customize the default exports returned by require(esm) module: support 'module.exports' interop export name in require(esm) #54563
• Support module customization hooks doc: add synchronous hooks proposal loaders#198

Nice-to-haves:

• Add API for dumping or inspecting the consolidated CJS and EJS module graph #52180
• Provide some mechanism to conditionally and synchronously import modules (or just builtins) from ESM #52599 (fixed in process: add process.getBuiltinModule(id) #52762)

Bug fixes & changes:

• module: disallow CJS <-> ESM edges in a cycle from require(esm) #52264
• module: fix submodules loaded by require() and import() #52487
• module: support ESM detection in the CJS loader #52047
• module: cache synchronous module jobs before linking #52868
• module: add __esModule to require()'d ESM #52166
• module: remove bogus assertion in CJS entrypoint handling with --import #54592
• module: implement the "module-sync" exports condition #54648
• module: check --experimental-require-module separately from detection #55250

Related features that interoperate with require(esm) and need to be considered when being backported together:

• module: unflag detect-module #53619
• module: add --experimental-strip-types #53725

For v22.x backport (see a summary of regression analysis in #55217 (comment))

• process: add process.features.require_module #55241
• module: use kNodeModulesRE to detect node_modules #55243
• src: implement IsInsideNodeModules() in C++ #55286
• [v22.x] backport unflagging of --experimental-require-module and related fixes/refactorings #55217

[GeoffreyBooth]

@nodejs/loaders

[jakebailey]

I just wanted to note it here, but it would be super super awesome if (once stable) this were backported to Node 20/22 or even Node 18 if still in support. I'd love to be able to propose a change to switch TypeScript to ESM (given I have it working without breaking CJS consumers), but the time horizon of Node 22 being the oldest supported version is pretty daunting.

It also seems like there is a hacky way using multiple entrypoints that could allow for TS to grab Node's builtins conditionally without #52599/#52762, though none of that is possible without require(ESM), of course.

Even without TypeScript's use case, I think the feature itself is a really important one for the ecosystem. Backporting would really make ESM changeovers a lot less painful.

[Andarist]

IIRC from some Twitter threads - there is a plan to backport this once the feature stabilizes.

[joyeecheung]

Regarding the conditional exports, @guybedford suggested to implement just the module condition that Rollup and Webpack already recognize. I have a WIP but need to do some testing which involves many combinations of test cases 😵‍💫 but will also do some npm crawling to see if it can be picked up/is in conflict with any existing popular packages.

[GeoffreyBooth]

@guybedford suggested to implement just the module condition that Rollup and Webpack already recognize.

The module top level field, or within exports?

Personally I think require-module makes more sense, as it would complement the existing require and import keys that Node supports.

[joyeecheung]

Opened PR for "module" in #54648

Personally I think require-module makes more sense, as it would complement the existing require and import keys that Node supports.

If we are starting from scratch, yes, but then the "module" condition has already been adopted by bundlers that support require(esm) in the wild, so it seems better to go along with the existing convention. See https://gist.github.com/sokra/e032a0f17c1721c71cfced6f14516c62

[voxpelli]

Raised a question on Twitter to @joyeecheung on my conclusions in https://github.com/voxpelli/investigation-esm-require where it seems like Node 22.9.0 may unintentionally allow some ESM-files to be loaded even without the flag: https://twitter.com/voxpelli/status/1841818608713826693

Mentioning here for sake of completeness, if deemed a correct observation a proper issue will be created

[voxpelli]

The above resulted in a PR to fix it: #55250

[targos]

It looks like npm itself triggers the warning:

$ make lint
cd tools/eslint && if [ -x ""/Users/mzasso/git/nodejs/node/node"" ] && [ -e ""/Users/mzasso/git/nodejs/node/node"" ]; then ""/Users/mzasso/git/nodejs/node/node"" /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci; elif [ -x `command -v node` ] && [ -e `command -v node` ] && [ `command -v node` ]; then `command -v node` /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci; else echo "No available node, cannot run \"node /Users/mzasso/git/nodejs/node/./deps/npm/bin/npm-cli.js ci\""; exit 1; fi;
npm warn cli npm v10.8.3 does not support Node.js v23.0.0-pre. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
(node:45192) ExperimentalWarning: Support for loading ES Module in require() is an experimental feature and might change at any time
    at emitExperimentalWarning (node:internal/util:269:11)
    at loadESMFromCJS (node:internal/modules/cjs/loader:1388:5)
    at Module._compile (node:internal/modules/cjs/loader:1517:5)
    at Module._extensions..js (node:internal/modules/cjs/loader:1672:16)
    at Module.load (node:internal/modules/cjs/loader:1328:32)
    at Module._load (node:internal/modules/cjs/loader:1138:12)
    at TracingChannel.traceSync (node:diagnostics_channel:315:14)
    at wrapModuleLoad (node:internal/modules/cjs/loader:218:24)
    at Module.require (node:internal/modules/cjs/loader:1350:12)
    at require (node:internal/modules/helpers:138:16)

added 185 packages, and audited 186 packages in 8s

41 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
Running JS linter...

[joyeecheung]

Yes, because of debug, which I covered in #55217 (comment) and addressed in the last commit of the backport PR. In the last TSC meeting we agreed to silence the warning when require() comes from node_modules on v22 and keep it on v23 to help people notice and update them (with #55241)