Web dependencies are broken. Can we fix them? • Lea Verou

JavaScript dependency management on the web is fundamentally broken compared to other ecosystems. While Node.js and other platforms treat dependencies as first-class citizens, web developers must choose between fragile workarounds: deploying node_modules directly (security risk), using CDNs (reliability issues), or adopting bundlers for basic needs. Import maps exist but require HTML templating, manual mapping of every transitive dependency, and still need URLs to resolve to. The ecosystem has normalized this complexity, but it harms both newcomers and the platform's architecture. Proposed solutions include external import maps, HTTP header-based resolution, treating specifiers as a URL type, and server-side dependency resolution to make web dependencies truly first-class without requiring bundlers.