JavaScript is getting a new feature that makes module imports more explicit and secure. Import Attributes add a way to pass metadata about any module we’re importing - whether it’s JSON, JavaScript, or other module types.
The Core Problem
On the web, file extensions don’t reliably indicate content. A server might return JavaScript when you’re expecting JSON:
The Solution: Import Attributes
Import Attributes create a contract between your code and the runtime. You explicitly declare what type of module you expect:
The syntax works consistently across different module contexts:
Why Import Attributes?
The core problem is security. On the web, file extensions don’t reliably indicate content. A URL ending in .json
might actually serve JavaScript:
Import Attributes make our module system more explicit and secure. JSON modules can’t execute code - they’re pure data. When you mark a module with type: "json"
, you’re guaranteed to get either JSON data or an error, never executable code.
The most immediate impact is on JSON imports, where security is crucial:
This feature creates a foundation for safely handling different module types in JavaScript. When it lands in 2025, we’ll have a standard way to declare our expectations about modules across all JavaScript environments.
Think of it as adding type safety to your module imports - not for the data inside the modules, but for the modules themselves.