Why not a package manager for browsers

I think package manager is one of the most useful tools in programming. In the web ecosystem library developers try to sell their libraries or frameworks by file size. I think this is the consequence of the existence of a problem in web environment so you have to download all of the code to run in a web page. There is no shared libraries to use except for the browser native api.
Think of the situation in which a web application could use a polyfill that is downloaded before and is reusable as a shared library in that web application. Or your web application could expect popular libraries like React or Angular to be preinstalled on the browser.

Dreaming of the api

I think the javascript module system could handle the needed api to some extents:

1
2
require("angular");
var _ = require("underscore");

And when needed, we can explicitly mention the version. Just like the npm conventions. For example:

1
2
require("angular@1.3");
var _ = require("underscore@'>=0.1.0 <0.2.0'");

The browser should look for the package in its cache. If the package exists in the cache, load it into the window and if it does not exist, download it from the repository and save to cache then load it.

Another way of handling can be adding something to the head tag of the page to tell the browser to install the needed libraries. This can be something like the dependencies part of the package.json in npm.

Problems

  1. Backward Compatibility: The api must be backward compatible because some websites could change libraries or use other libraries with known names. So the require itself is not enough. We should build another api or extend the require to support using shared libraries and leave the old require api as is.
  2. Security: The most important problem with this approach is security problems. If the shared library be a thief, then this will cause a disaster! But in my opinion this can be solved by building trusted repositories and put only trustworthy libraries into it. This is the primary approach of markets like app store, google play store and repositories like apt.

So, why not a package manager like apt for browsers?!