Unfortunately, I think the import by URL, by itself is a bad idea. You ideally want reproducible builds, and npm provides a form of that with its enforcement of semver and hash checks in the lock files.
If you are really pedantic, you should probably also check in node_modules with every release you care about.
Having said that, having a system that can source modules from a URL and then enforce hashing and versioning could be a win. I'd just hate to see a repeat of the early golang build system that led to the rise of gb.
[+] [-] mv1|6 years ago|reply
If you are really pedantic, you should probably also check in node_modules with every release you care about.
Having said that, having a system that can source modules from a URL and then enforce hashing and versioning could be a win. I'd just hate to see a repeat of the early golang build system that led to the rise of gb.