Publish with ecmascript module exports

[tracker1]

I'm wanting to reference the modules directly via unpkg and was trying to use module imports in a browser JS module...

import { Terminal } from 'https://unpkg.com/[email protected]/lib/xterm.js';
import { WebLinksAddon } from 'https://unpkg.com/[email protected]/lib/xterm-addon-web-links.js';
import { FitAddon } from 'https://unpkg.com/[email protected]/lib/xterm-addon-fit.js';

However, the esm export statements aren't part of the published modules. Would be nice to ether have .mjs references or include them in the published module(s).

[jerch]

Plz read this document about possible security implications with CDNs.

[tracker1]

@jerch It's less about the security implications as being able to use this directly in the browser without having to use a separate bundler.

Using unpkg isn't significantly better/worse than using npm to receive these modules. From the POV of this project, it's likely a small configuration change.

[jerch]

Using unpkg isn't significantly better/worse than using npm to receive these modules.

I strongly disagree. NPM is the package repo we directly push our builds to, the service itself is an important and well-tested part of the whole JS ecosystem. These 2 facts make it much more trustworthy than some random CDN. For xterm.js normal web dev security standards are not enough, dealing with shell access raises the bar significantly.

Ofc this is only loosely coupled to your issue topic (which raises a valid point), still I think we should not feed a bad habit by making the insecure way even easier.

[Tyriar]

duplicate of #2878