Installations
npm install systemjs
Developer
systemjs
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
No
Node Version
21.2.0
NPM Version
9.7.1
Statistics
12,956 Stars
2,250 Commits
1,085 Forks
255 Watching
5 Branches
120 Contributors
Updated on 28 Nov 2024
Languages
JavaScript (96.41%)
HTML (3.59%)
Total Downloads
Cumulative downloads
Total Downloads
94,263,124
Last day
-4.6%
98,524
Compared to previous day
Last week
5.5%
574,913
Compared to previous week
Last month
13.9%
2,319,597
Compared to previous month
Last year
31.2%
22,319,238
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
SystemJS
SystemJS is a hookable, standards-based module loader. It provides a workflow where code written for production workflows of native ES modules in browsers (like Rollup code-splitting builds), can be transpiled to the System.register module format to work in older browsers that don't support native modules, running almost-native module speeds while supporting top-level await, dynamic import, circular references and live bindings, import.meta.url, module types, import maps, integrity and Content Security Policy with compatibility in older browsers back to IE11.
Sponsors
Support SystemJS by becoming a sponsor. Your logo will show up here with a link to your website.
Backers
Thank you to all our backers! 🙏 [Become a backer]
Overview
1. s.js minimal production loader
The minimal 2.8KB s.js production loader includes the following features:
- Loads
System.register
modules, the CSP-compatible SystemJS module format. - Support for loading bare specifier names with import maps via
<script type="systemjs-importmap">
. - Supports hooks for loader customization.
2. system.js loader
The 4.2KB system.js loader adds the following features in addition to the s.js
features above:
- Tracing hooks and registry deletion API for reloading workflows.
- Supports loading Wasm, CSS and JSON module types.
- Includes the global loading extra for loading global scripts, useful for loading library dependencies traditionally loaded with script tags.
3. system-node.cjs loader
The system-node.cjs loader is a version of SystemJS build designed to run in Node.js, typically for workflows where System modules need to be executed on the server like SSR. It has the following features:
- Loading System modules from disk (via
file://
urls) or the network, with included caching that respects the Content-Type header. - Import Maps (via the
applyImportMap
api). - Tracing hooks and registry deletion API for reloading workflows.
- Loading global modules with the included global loading extra.
Loading CommonJS modules is not currently supported in this loader and likely won't be. If you find you need them it is more advisable to use Node.js native module support where possible instead of the SystemJS Node.js loader.
Extras
The following pluggable extras can be dropped in with either the s.js or system.js loader:
- AMD loading support (through
Window.define
which is created). - Named register supports
System.register('name', ...)
named bundles which can then be imported asSystem.import('name')
(as well as AMD named define support) - Dynamic import maps support. This is currently a potential new standard feature.
The following extras are included in system.js loader by default, and can be added to the s.js loader for a smaller tailored footprint:
- Global loading support for loading global scripts and detecting the defined global as the default export. Useful for loading common library scripts from CDN like
System.import('//unpkg.com/lodash')
. - Module Types
.css
,.wasm
,.json
module type loading support in line with the existing modules specifications.
Since all loader features are hookable, custom extensions can be easily made following the same approach as the bundled extras. See the hooks documentation for more information.
SystemJS Babel
To support easy loading of TypeScript or ES modules in development SystemJS workflows, see the SystemJS Babel Extension.
SystemJS does not support direct integration with the native ES module browser loader because there is no way to share dependencies between the module systems. For extending the functionality of the native module loader in browsers, see ES module Shims, which like SystemJS, provides workflows for import maps and other modules features, but on top of base-level modules support in browsers, which it does using a fast Wasm-based source rewriting to remap module specifiers.
Performance
SystemJS is designed for production modules performance roughly only around a factor of 1.5 times the speed of native ES modules, as seen in the following performance benchmark, which was run by loading 426 javascript modules (all of @babel/core
) on a Macbook pro with fast wifi internet connection. Each test was the average of five page loads in Chrome 80.
Tool | Uncached | Cached |
---|---|---|
Native modules | 1668ms | 49ms |
SystemJS | 2334ms | 81ms |
Getting Started
The systemjs-examples repo contains a variety of examples demonstrating how to use SystemJS.
Installation
npm install systemjs
Documentation
Example Usage
Loading a System.register module
You can load System.register modules with a script element in your HTML:
1<script src="system.js"></script> 2<script type="systemjs-module" src="/js/main.js"></script> 3<script type="systemjs-module" src="import:name-of-module"></script>
Loading with System.import
You can also dynamically load modules at any time with System.import()
:
1System.import('/js/main.js');
where main.js
is a module available in the System.register module format.
Bundling workflow
For an example of a bundling workflow, see the Rollup Code Splitting starter project - https://github.com/rollup/rollup-starter-code-splitting.
Note that when building System modules you typically want to ensure anonymous System.register statements like:
1System.register([], function () { ... });
are emitted, as these can be loaded in a way that behaves the same as normal ES modules, and not named register statements like:
1System.register('name', [], function () { ... });
While these can be supported with the named register extension, this approach is typically not recommended for modern modules workflows.
Import Maps
Say main.js
depends on loading 'lodash'
, then we can define an import map:
1<script src="system.js"></script> 2<script type="systemjs-importmap"> 3{ 4 "imports": { 5 "lodash": "https://unpkg.com/lodash@4.17.10/lodash.js" 6 } 7} 8</script> 9<!-- Alternatively: 10<script type="systemjs-importmap" src="path/to/map.json" crossorigin="anonymous"></script> 11--> 12<script type="systemjs-module" src="/js/main.js"></script>
IE11 Support
IE11 continues to be fully supported, provided the relevant polyfills are available.
The main required polyfill is a Promise
polyfill. If using import maps a fetch
polyfill is also needed.
Both of these can be loaded conditionally using for example using Bluebird Promises and the GitHub Fetch Polyfill over Unpkg:
1<script> 2 if (typeof Promise === 'undefined') 3 document.write('<script src="https://unpkg.com/bluebird@3.7.2/js/browser/bluebird.core.min.js"><\/script>'); 4 if (typeof fetch === 'undefined') 5 document.write('<script src="https://unpkg.com/whatwg-fetch@3.4.1/dist/fetch.umd.js"><\/script>'); 6</script>
located before the SystemJS script itself. The above will ensure these polyfills are only fetched for older browsers without Promise
and fetch
support.
Note on Import Maps Support in IE11
When using external import maps (those with src=""
attributes), there is an IE11-specific workaround that might need to be used. Browsers should not make a network request when they see <script type="systemjs-importmap" src="/importmap.json"></script>
during parsing of the initial HTML page. However, IE11 does so. Codesandbox demonstration
Normally this is not an issue, as SystemJS will make an additional request via fetch/xhr for the import map. However, a problem can occur when the file is cached after the first request, since the first request caused by IE11 does not send the Origin request header by default. If the request requires CORS, the lack of an Origin request header causes many web servers (including AWS Cloudfront) to omit the response CORS headers. This can result in the resource being cached without CORS headers, which causes the later SystemJS fetch() to fail because of CORS checks.
This can be worked around by adding crossorigin="anonymous"
as an attribute to the <script type="systemjs-importmap">
script.
Community Projects
A list of projects that use or work with SystemJS in providing modular browser workflows. Post a PR.
- beyondjs.com -TypeScript first meta-framework for universal microfrontends/micronservices.
- esm-bundle - list of System.register versions for major libraries, including documentation on how to create a System.register bundle for any npm package.
- es-dev-server - A web server for developing without a build step.
- import map overrides - Dynamically inject an import map stored in local storage so that you can override the URL for any module. Can be useful for running development modules on localhost against the server.
- js-env - Collection of development tools providing a unified workflow to write JavaScript for the web, node.js or both at the same time.
- jspm.org - Package manager for native modules, using SystemJS for backwards compatibility.
- single-spa - JavaScript framework for front-end microservices.
- systemjs-webpack-interop - npm lib for setting webpack public path and creating webpack configs that work well with SystemJS.
- @wener/system - hooks to make System works with npm registry & package.json}
Compatibility with Webpack
Code-splitting builds on top of native ES modules, like Rollup offers, are an alternative to the Webpack-style chunking approach - offering a way to utilize the native module loader for loading shared and dynamic chunks instead of using a custom registry and loader as Webpack bundles include. Scope-level optimizations can be performed on ES modules when they are combined, while ensuring no duplicate code is loaded through dynamic loading and code-sharing in the module registry, using the features of the native module loader and its dynamic runtime nature.
systemjs-webpack-interop is a community-maintained npm library that might help you get webpack and systemjs working well together.
As of webpack@4.30.0, it is now possible to compile webpack bundles to System.register format, by modifying your webpack config:
1{ 2 output: { 3 libraryTarget: 'system', 4 } 5}
If using webpack@<5, the following config is needed to avoid rewriting references to the global System
variable:
1{ 2 module: { 3 rules: [ 4 { parser: { system: false } } 5 ] 6 } 7}
Using npm packages
Third party libraries and npm packages may be used as long as they are published in a supported module format. For packages that do not exist in a supported module format, here is a list of github repos that publish System.register
versions of popular third party libraries (such as react, react-dom, rxjs, etc).
Contributing to SystemJS
Project bug fixes and changes are welcome for discussion, provided the project footprint remains minimal.
Task running is handled by Chomp (https://chompbuild.com).
To run the tests:
npm install -g chomp
chomp test
Changes
For the changelog, see CHANGELOG.md.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: test/fixtures/browser/wasm/addbloated.wasm:1
- Warn: binary detected: test/fixtures/browser/wasm/example.wasm:1
Reason
Found 15/30 approved changesets -- score normalized to 5
Reason
0 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/size-impact.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-impact.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/size-impact.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-impact.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/size-impact.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-impact.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/size-impact.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/systemjs/systemjs/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/size-impact.yml:24
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Score
4.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More