fix: export package.json required by react-native and bundlers

[ctavan]

It appears that react-native and some bundlers rely on being able to
introspect the package.json file of a npm module. After adding the
exports field to package.json, only the paths defined in that field
are accessible to Node.js. In order to support introspection of the
package.json file itself it has to be listed as an export as well (see:
ai/nanoevents#44 (comment)).

It is currently being discussed to change Node.js' behavior again, see:
nodejs/node#33460

Fixes #444

[broofa]

Something about this smells a bit off. I don't really consider package.json to be part of our public API. Thus, adding it to exports seems wrong. But I guess there's no alternative. 'Really wish RN had figured out a different approach that didn't require 100's or 1000's of projects to all make the same change. :-(

[ctavan]

Something about this smells a bit off. I don't really consider package.json to be part of our public API. Thus, adding it to exports seems wrong. But I guess there's no alternative. 'Really wish RN had figured out a different approach that didn't require 100's or 1000's of projects to all make the same change. :-(

I think this is only half-true: We have been using the browser field of package.json for module bundlers for ages, I believe the spec for it (by @defunctzombie) even emerged out of this very use case that we had to provide different rng and hashing functions for the browser! So in reality parts of the package.json have been part of the public API of this package for a long time.

While I also believe that RN should degrade gracefully if it cannot read the package.json (apparently webpack and rollup didn't have any problems) I still think that the fact that now it's no longer only webpack and rollup but also RN who need to package.json to work well with this library is not a big game changer.

Speaking of: @TrySound do you have any clue why rollup and webpack worked just fine (continuing to respect the browser field from package.json) but RN requires this change?

[TrySound]

rollup and webpack use only fs calls for resolving which is not harmed by exports isolation. Metro may use require or require.resolve for some reason but I'm not confident about it as never used metro before.

[ctavan]

Given the discussion in nodejs/node#33460 I believe the correct thing to do right now is to treat our package.json as part of the public API, at least this section should be considered as such since it defines how module bundlers and Node.js environments should import this module:

uuid/package.json

Lines 19 to 31 in a21e4d8

	"sideEffects": false,
	"main": "./dist/index.js",
	"exports": {
	"require": "./dist/index.js",
	"import": "./wrapper.mjs"
	},
	"module": "./dist/esm-node/index.js",
	"browser": {
	"./dist/md5.js": "./dist/md5-browser.js",
	"./dist/rng.js": "./dist/rng-browser.js",
	"./dist/sha1.js": "./dist/sha1-browser.js",
	"./dist/esm-node/index.js": "./dist/esm-browser/index.js"
	},

If node changes behavior of package.json exports in the future we can still adjust. For the time being exporting package.json should lead to minimum breakage in other environments.