tonysm / importmap-laravel
Use ESM with importmap to manage modern JavaScript in Laravel without transpiling or bundling.
Fund package maintenance!
tonysm
Installs: 148 962
Dependents: 1
Suggesters: 0
Security: 0
Stars: 134
Watchers: 4
Forks: 3
Open Issues: 2
Requires
- php: ^8.1|^8.2
- illuminate/contracts: ^10.0|^11.0
- illuminate/support: ^10.0|^11.0
- spatie/laravel-package-tools: ^1.9
Requires (Dev)
- guzzlehttp/guzzle: ^7.4
- laravel/pint: ^1.10
- nunomaduro/collision: ^6.0|^8.1
- orchestra/testbench: ^7.17|^8.0
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- phpunit/phpunit: ^10.5
- dev-main
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.4
- 2.1.3
- 2.1.2
- 2.1.1
- 2.1.0
- 2.0.3
- 2.0.2
- 2.0.1
- 2.0.0
- 2.0.0-beta1
- 1.8.3
- 1.8.2
- 1.8.1
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.1
- 1.4.0
- 1.3.0
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.0
- 0.4.1
- 0.4.0
- 0.3.0
- 0.2.0
- 0.0.1
- dev-dependabot/github_actions/dependabot/fetch-metadata-2.2.0
- dev-dont-optimize-with-url
This package is auto-updated.
Last update: 2024-11-19 16:50:56 UTC
README
Introduction
Use ESM with importmap to manage modern JavaScript in Laravel without transpiling or bundling.
Inspiration
This package was inspired by the Importmap Rails gem. Some pieces of this README were copied straight from there and adapted to the Laravel version.
How does it work?
Import maps let you import JavaScript modules using logical names that map to versioned/digested files – directly from the browser. So you can build modern JavaScript applications using JavaScript libraries made for ES modules (ESM) without the need for transpiling or bundling. This frees you from needing Webpack, Yarn, npm, or any other part of the JavaScript toolchain.
With this approach, you'll ship many small JavaScript files instead of one big JavaScript file. Thanks to HTTP/2 that no longer carries a material performance penalty during the initial transport, and offers substantial benefits over the long run due to better caching dynamics. Whereas before any change to any JavaScript file included in your big bundle would invalidate the cache for the whole bundle, now only the cache for that single file is invalidated.
Import maps are supported natively in all major, modern browsers. If you need to work with legacy browsers without native support, you may want to explore using the shim available.
Installation
You can install the package via Composer:
composer require tonysm/importmap-laravel
The package has an install
command that you may run to replace the default Laravel scaffold with one to use importmap:
php artisan importmap:install
Next, we need to add the following component to our view or layout file:
<x-importmap::tags />
Add that between your <head>
tags. The entrypoint
should be the "main" file, commonly the resources/js/app.js
file, which will be mapped to the app
module (use the module name, not the file).
By default the x-importmap::tags
component assumes your entrypoint module is app
, which matches the existing resources/js/app.js
file from Laravel's default scaffolding. You may want to customize the entrypoint, which you can do with the entrypoint
prop:
<x-importmap::tags entrypoint="admin" />
The package will automatically map the resources/js
folder to your public/js
folder using Laravel's symlink feature. All you have to do after installing the package is run:
php artisan storage:link
If you're using Laravel Sail, make sure you prefix that command with sail
as the symlink needs to be created inside the container.
The symlink is only registered on local environments. For production, it's recommended to run the importmap:optimize
command instead:
php artisan importmap:optimize
This should scan all your pinned files/folders (no URLs) and publish them to public/dist/js
, adding a digest based on the file's content to the file name - so something like public/dist/js/app-123123.js
, and then generate a .importmap-manifest.json
file in the public/
folder. This file will get presence over your pins. If you run that by accident in development, make sure you delete that file or simply run php artisan importmap:clear
, which should get rid of it. You may also want to add /public/dist
to your .gitignore
file, as well as *importmap-manifest.json
.
Usage
In a nutshell, importmap works by giving the browser a map of where to look for your JavaScript import statements. For instance, you could pin a dependency in the routes/importmap.php
file for Alpinejs like so:
<?php use Tonysm\ImportmapLaravel\Facades\Importmap; // Other pins... Importmap::pin("alpinejs", to: "/js/vendor/alpinejs.js"); //@3.8.1
Then, in your JavaScript files you can safely do:
import Alpine from 'alpinejs';
Pinning Local Files
Local pins should be added to the routes/importmap.php
file manually, like so:
Importmap::pin("app", to: "/js/app.js");
This means that the app
module will point to /js/app.js
in the browser. This is the URI the browser will use to fetch the file, not the path to the file itself. Pins to local files assume a relative path of resources/js/
to find them.
Pinning Local Directories
Declaring all your local files can be tedious, so you may want to map an entire folder like so:
Importmap::pinAllFrom("resources/js/", to: "js/");
When we're generating the importmap JSON, we'll scan that directory looking for any .js
or .jsm
files inside of it and generating the correct importmap for them based on their relative location. There are a couple of interesting rules, though, something like:
If there's an index.js
file in a folder, we won't get index
in the module name, so we can import it like
import libs from 'libs';
Instead of
import libs from 'libs/index';
Pinning External Dependencies
If you depend on any external library you can use the importmap:pin
command to pin it, like so:
php artisan importmap:pin alpinejs
It will download the alpinejs
lib, then it will add the following line to your routes/importmap.php
file:
Importmap::pin("alpinejs", to: "/js/vendor/alpinejs.js"); // @3.8.1
The pin
command makes use of the jspm.io API to resolve the dependencies (and the dependencies of our dependencies), looking for ESM modules that we can pin, and resolving it to a CDN URL and downloading as a dependency. We can control the CDN we want to use by specifying the --from
flag like so:
php artisan importmap:pin alpinejs --from=unpkg
This will download the lib from unpkg instead of the default JSPM CDN.
It's important to note that the pin
command will always resolve the dependencies (and the dependencies of our dependencies) and download all the files to your resources/js/vendor
folder, which you should add to your version control and vendor it yourself. The pin will look like this:
Importmap::pin("alpinejs", to: "/js/vendor/alpinejs.js"); // @3.8.1
The version is added as a comment to your pin so you know which version was imported. Don't remove that as it's gonna be useful later on when you need to upgrade your dependencies.
Preloading Modules
To avoid the waterfall effect where the browser has to load one file after another before it can get to the deepest nested import, we use modulepreload links by default. If you don't want to preload a dependency, because you want to load it on-demand for efficiency, append preload: false
to the pin.
Importmap::pinAllFrom("resources/js/", to: "js/", preload: true); Importmap::pin("alpinejs", to: "https://unpkg.com/alpinejs@3.8.1/dist/module.esm.js", preload: true); // @3.8.1
Which will add the correct links
tags to your head tag in the HTML document, like so:
<link rel="modulepreload" href="https://unpkg.com/alpinejs@3.8.1/dist/module.esm.js">
Dependency Maintenance Commands
Maintaining a healthy dependency list can be tricky. Here are a couple of commands to help you with this task.
Outdated Dependencies
To keep your dependencies up-to-date, make sure you run the importmap:outdated
command from time to time:
php artisan importmap:outdated
This command will scan your routes/importmap.php
file, find your current versions, then use the NPM registry API to look for the latest version of the packages you're using. It also handles locally served vendor libs that you added using the --download
flag from the importmap:pin
command.
Auditing Dependencies
If you want a security audit on your dependencies to see if you're using a version that's been breached, run the importmap:audit
command from time to time. Better yet, add that command to your CI build:
php artisan importmap:audit
This will also scan your routes/importmap.php
file, find your current versions, then use the NPM registry API to look for vulnerabilities in your packages. It also handles locally served vendor libs that you added using the --download
flag from the importmap:pin
command.
Known Problems
On React's JSX and Vue's SFC
It's possible to use both React and Vue with importmaps but, unfortunately, you would have to use those without the power of JSX or SFC. That's because those file types need a compilation/transpilation step where they are converted to something the browser can understand. There are alternative ways to use both these libraries, but I should say that these are not "common" ways in their communities. You may use React with HTM. And you can use Vue just fine without SFC, the only difference is that your templates would be in Blade files, not a SFC file.
Process ENV Configs
You may be used to having a couple process.env.MIX_*
lines in your JS files here and there. The way this works is Webpack would replace at build time your calls to process.env
with the values it had during the build. Since we don't have a "build time" anymore, this won't work. Instead, you should add <meta>
tags to your layout file with anything that you want to make available to your JavaScript files and use document.head.querySelector('meta[name=my-config]').content
instead of relying on the process.env
.
Consider using something like current.js
to easily consume your <meta>
configs using a globally available Current
object.
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.