Add support for URL imports and ESM modules

[wperron]

ES Modules are here, and they're already seeing more and more adoption, be it in Browser code or with @denoland. I think the npm cli is in an interesting place to help the adoption of ES modules across the board even before URL imports land in Node.

At the very least I think it'd be nice to be able to do npm install https://example.org/mymodule/index.js directly and have that depency tracked in package.json.

There are a lot of tools that are going to be adapted in the future to work with URL imports. Just off the top of my head: Vulnerability reporting and auditing, automatic dependency version upgrades, vendoring, anything related to version locking etc. This is by no means an exhaustive list, but I think the npm cli is in a place right now where a lot of this tooling is available, we just need to adapt it to make it work with URL imports.

So I want to open the discussion here: Is this something that would be interesting to start supporting in the npm cli? What do we need to get there?

[ljharb]

This seems like something that's a nonstarter until node itself is able to support https modules (which I personally hope it does not do), since an ES Module installed from an https URL will most likely have HTTPS dependencies, which won't work until node supports them.