Network-based imports are not allowed.

Q: How to fix Node.js ERR_NETWORK_IMPORT_DISALLOWED Network-based imports are not allowed.?

Enable Experimental Network Imports: Run your Node.js application with this flag to explicitly permit the use of `http:` and `https:` protocols in ES module imports. Be aware of the security implications of running code from the network.

Q: How to fix Node.js ERR_NETWORK_IMPORT_DISALLOWED Network-based imports are not allowed.?

Download and Vendor the Dependency: For stability and security, it is often better to download the dependency and include it in your project directly. This avoids runtime network requests and ensures the code does not change unexpectedly.

Production Risk

Medium. If used, it introduces a dependency on network availability and the security of a remote server, which can be a significant risk.

What this means

This experimental error is thrown when an ES module import statement uses an `http:` or `https:` URL. By default, Node.js disallows importing modules directly from the network for security reasons. To enable this feature, you must use the `--experimental-network-imports` flag.

Why it happens

1Using an `import` statement with an `http://` or `https://` URL.
2Forgetting to add the `--experimental-network-imports` flag when running the Node.js process.

How to reproduce

This error occurs during module resolution when the ES module loader detects a URL with a network protocol and the corresponding experimental flag is not enabled.

trigger — this will error

// In an ES module file, run without any flags.
try {
  await import('https://esm.sh/lodash');
} catch (err) {
  console.error(err.code);
}

expected output

ERR_NETWORK_IMPORT_DISALLOWED

Fix 1

Enable Experimental Network Imports

WHEN You intentionally want to load a module from a URL.

Enable Experimental Network Imports

node --experimental-network-imports your-app.js

Why this works

Run your Node.js application with this flag to explicitly permit the use of `http:` and `https:` protocols in ES module imports. Be aware of the security implications of running code from the network.

Fix 2

Download and Vendor the Dependency

WHEN You want to avoid network dependencies at runtime.

Download and Vendor the Dependency

// 1. Download the module to a local file, e.g., 'vendor/lodash.js'.
// 2. Import it using a relative path.
import lodash from './vendor/lodash.js';

Why this works

For stability and security, it is often better to download the dependency and include it in your project directly. This avoids runtime network requests and ensures the code does not change unexpectedly.

Code examples

Triggerjs

// In an ES module file, run without any flags.
try {
  await import('https://esm.sh/lodash');
} catch (err) {
  console.error(err.code);
}  // this triggers ERR_NETWORK_IMPORT_DISALLOWED

Handle in try/catchjs

try {
  // operation that may throw ERR_NETWORK_IMPORT_DISALLOWED
  riskyOperation()
} catch (err) {
  if (err.code === 'ERR_NETWORK_IMPORT_DISALLOWED') {
    console.error('ERR_NETWORK_IMPORT_DISALLOWED:', err.message)
  } else {
    throw err
  }
}

Defensive pattern to avoid itjs

// Validate inputs before calling the operation
function safe_err_network_import_disallowed(...args) {
  // validate args here
  return performOperation(...args)
}

What not to do

Same error in other languages

ImportErrorin Python→

Version notes

Sources

Official documentation ↗

https://github.com/nodejs/node/blob/main/lib/internal/modules/esm/translators.js

More information ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformNode.js Error Codes

CodeERR_NETWORK_IMPORT_DISALLOWED

ClassModule System

SeverityERROR

TierCommon

ConfidenceHIGH

← All Node.js errors