@bleedingdev/modern-js-app-tools 3.2.0-ultramodern.99 → 3.4.0-ultramodern.1

package/dist/esm/commands/runtime.mjs

@@ -54,9 +54,39 @@ const parseResponseBody = async (response)=>{
         };
     }
 };
+const INDENT_STEP = '  ';
+const formatScalar = (value)=>'string' == typeof value ? value : JSON.stringify(value) ?? 'undefined';
+const formatHumanReadableLines = (value, indent)=>{
+    if (Array.isArray(value)) {
+        if (0 === value.length) return [
+            `${indent}(empty)`
+        ];
+        return value.flatMap((entry)=>null !== entry && 'object' == typeof entry ? [
+                `${indent}-`,
+                ...formatHumanReadableLines(entry, indent + INDENT_STEP)
+            ] : [
+                `${indent}- ${formatScalar(entry)}`
+            ]);
+    }
+    if (null !== value && 'object' == typeof value) {
+        const entries = Object.entries(value);
+        if (0 === entries.length) return [
+            `${indent}(empty)`
+        ];
+        return entries.flatMap(([key, entry])=>null !== entry && 'object' == typeof entry ? [
+                `${indent}${key}:`,
+                ...formatHumanReadableLines(entry, indent + INDENT_STEP)
+            ] : [
+                `${indent}${key}: ${formatScalar(entry)}`
+            ]);
+    }
+    return [
+        `${indent}${formatScalar(value)}`
+    ];
+};
+const formatRuntimeOutput = (payload, jsonOnly)=>jsonOnly ? JSON.stringify(payload, null, 2) : formatHumanReadableLines(payload, '').join('\n');
 const printOutput = (payload, jsonOnly)=>{
-    if (jsonOnly) return void console.log(JSON.stringify(payload, null, 2));
-    console.log(JSON.stringify(payload, null, 2));
+    console.log(formatRuntimeOutput(payload, jsonOnly));
 };
 const createRuntimeFallbackSignalPayload = (options)=>{
     const payload = {
@@ -113,4 +143,4 @@ const runtimeCommand = async (program, _api)=>{
         printOutput(responsePayload, options.json);
     });
 };
-export { createRuntimeFallbackSignalPayload, resolveRuntimeEndpoint, resolveToken, runtimeCommand };
+export { createRuntimeFallbackSignalPayload, formatRuntimeOutput, resolveRuntimeEndpoint, resolveToken, runtimeCommand };

package/dist/esm/config/default.mjs

@@ -88,4 +88,17 @@ function createDefaultConfig(appContext) {
         builderPlugins: []
     };
 }
-export { createDefaultConfig };
+const isStreamSSRConfig = (ssr)=>{
+    if (!ssr) return false;
+    if ('boolean' == typeof ssr) return ssr;
+    return 'string' !== ssr.mode;
+};
+function isLazyCompilationSafeByDefault(userConfig) {
+    const { server, output } = userConfig;
+    if (output?.ssg || output?.ssgByEntries && Object.keys(output.ssgByEntries).length > 0) return false;
+    if (server?.rsc) return false;
+    if (server?.ssr && !isStreamSSRConfig(server.ssr)) return false;
+    if (server?.ssrByEntries && 'object' == typeof server.ssrByEntries && Object.values(server.ssrByEntries).some((ssr)=>Boolean(ssr) && !isStreamSSRConfig(ssr))) return false;
+    return true;
+}
+export { createDefaultConfig, isLazyCompilationSafeByDefault };

package/dist/esm/index.mjs

@@ -3,7 +3,7 @@ import { getLocaleLanguage } from "@modern-js/i18n-utils/language-detector";
 import { createAsyncHook } from "@modern-js/plugin";
 import { cleanRequireCache, deprecatedCommands, emptyDir, getArgv, getCommand } from "@modern-js/utils";
 import path from "path";
-import { buildCommand, deployCommand, devCommand, infoCommand, inspectCommand, runtimeOperationsCommand, serverCommand } from "./commands/index.mjs";
+import { buildCommand, deployCommand, devCommand, infoCommand, inspectCommand, runtimeCommand, serverCommand } from "./commands/index.mjs";
 import { compatPlugin } from "./compat/index.mjs";
 import { DEFAULT_RUNTIME_CONFIG_FILE } from "./constants.mjs";
 import { i18n } from "./locale/index.mjs";
@@ -43,6 +43,7 @@ const appTools = ()=>({
             deploy: createAsyncHook(),
             checkEntryPoint: createAsyncHook(),
             modifyEntrypoints: createAsyncHook(),
+            modifyBuilderEnvironments: createAsyncHook(),
             modifyFileSystemRoutes: createAsyncHook(),
             generateEntryCode: createAsyncHook(),
             onBeforeGenerateRoutes: createAsyncHook(),
@@ -71,7 +72,7 @@ const appTools = ()=>({
                 deployCommand(program, api);
                 inspectCommand(program, api);
                 infoCommand(program, api);
-                await runtimeOperationsCommand(program, api);
+                await runtimeCommand(program, api);
                 deprecatedCommands(program);
             });
             api.onPrepare(async ()=>{

package/dist/esm/plugins/analyze/index.mjs

@@ -122,10 +122,12 @@ const analyze = ()=>({
                         entrypoints
                     });
                     const normalizedConfig = api.getNormalizedConfig();
+                    const { eagerRouteComponentFilesByEntry } = api.getAppContext();
                     const createBuilderForModern = await createBuilderGenerator();
                     const builder = await createBuilderForModern({
                         normalizedConfig: normalizedConfig,
-                        appContext: appContext
+                        appContext: appContext,
+                        eagerRouteComponentFilesByEntry
                     });
                     builder.onBeforeBuild(async ({ bundlerConfigs, isFirstCompile, environments, isWatch })=>{
                         if (!isFirstCompile) return;

package/dist/esm/plugins/analyze/isDefaultExportFunction.mjs

@@ -20,7 +20,7 @@ const isDefaultExportFunction = (file)=>{
             [
                 'pipelineOperator',
                 {
-                    proposal: 'minimal'
+                    proposal: 'fsharp'
                 }
             ],
             'optionalChaining',

package/dist/esm/plugins/deploy/platforms/cloudflare.mjs

@@ -12,7 +12,88 @@ const PUBLIC_ASSETS_DIRECTORY = 'public';
 const WORKER_BUNDLE_DIRECTORY = 'worker';
 const SERVER_BUNDLE_DIRECTORY = 'bundles';
 const BFF_EFFECT_WORKER_ENTRY = `${WORKER_BUNDLE_DIRECTORY}/__modern_bff_effect.js`;
-const getCompatibilityDate = ()=>new Date().toISOString().slice(0, 10);
+const DEFAULT_COMPATIBILITY_DATE = '2026-06-02';
+const COMPATIBILITY_DATE_PATTERN = /^\d{4}-\d{2}-\d{2}$/u;
+const DEFAULT_SECURITY_HEADERS = {
+    referrerPolicy: 'strict-origin-when-cross-origin',
+    contentTypeOptions: 'nosniff',
+    permissionsPolicy: 'camera=(), geolocation=(), microphone=(), payment=(), usb=()'
+};
+const DEFAULT_CORS_ALLOWED_METHODS = [
+    'GET',
+    'HEAD',
+    'POST',
+    'PUT',
+    'PATCH',
+    'DELETE',
+    'OPTIONS'
+];
+const DEFAULT_CSP_DIRECTIVES = {
+    'base-uri': [
+        "'self'"
+    ],
+    'connect-src': [
+        "'self'",
+        'https:',
+        'http:',
+        'wss:',
+        'ws:'
+    ],
+    'default-src': [
+        "'self'"
+    ],
+    'font-src': [
+        "'self'",
+        'data:',
+        'https:',
+        'http:'
+    ],
+    'form-action': [
+        "'self'"
+    ],
+    'frame-ancestors': [
+        "'self'"
+    ],
+    'img-src': [
+        "'self'",
+        'data:',
+        'blob:',
+        'https:',
+        'http:'
+    ],
+    'manifest-src': [
+        "'self'",
+        'https:',
+        'http:'
+    ],
+    'object-src': [
+        "'none'"
+    ],
+    "script-src": [
+        "'self'",
+        "'unsafe-inline'",
+        "'unsafe-eval'",
+        'https:',
+        'http:',
+        'blob:'
+    ],
+    'style-src': [
+        "'self'",
+        "'unsafe-inline'",
+        'https:',
+        'http:'
+    ],
+    'worker-src': [
+        "'self'",
+        'blob:'
+    ]
+};
+const getCompatibilityDate = (modernConfig)=>{
+    const configuredDate = modernConfig.deploy?.worker?.compatibilityDate?.trim();
+    const compatibilityDate = configuredDate || DEFAULT_COMPATIBILITY_DATE;
+    if (!COMPATIBILITY_DATE_PATTERN.test(compatibilityDate)) throw new Error(`deploy.worker.compatibilityDate must use YYYY-MM-DD, received ${JSON.stringify(compatibilityDate)}.`);
+    return compatibilityDate;
+};
 const getWorkerName = (appDirectory)=>{
     const basename = node_path.basename(appDirectory);
     return basename.replace(/[^a-zA-Z0-9-_]/g, '-') || 'modern-cloudflare-worker';
@@ -21,6 +102,98 @@ const getConfiguredWorkerName = (appDirectory, modernConfig)=>{
     const configuredName = modernConfig.deploy?.worker?.name?.trim();
     return configuredName || getWorkerName(appDirectory);
 };
+const normalizeDirectiveValues = (value)=>{
+    const values = Array.isArray(value) ? value : [
+        value
+    ];
+    return [
+        ...new Set(values.map((entry)=>entry.trim()).filter(Boolean))
+    ];
+};
+const appendDirectiveValues = (directives, name, values)=>{
+    if (!values?.length) return;
+    directives[name] = normalizeDirectiveValues([
+        ...directives[name] ?? [],
+        ...values
+    ]);
+};
+const createContentSecurityPolicy = (config)=>{
+    const mode = config?.mode ?? 'report-only';
+    if ('off' === mode) return {
+        mode,
+        directives: {},
+        reason: config?.reason
+    };
+    const directives = Object.fromEntries(Object.entries(DEFAULT_CSP_DIRECTIVES).map(([name, values])=>[
+            name,
+            [
+                ...values
+            ]
+        ]));
+    for (const [name, value] of Object.entries(config?.directives ?? {}))if (false === value) delete directives[name];
+    else directives[name] = normalizeDirectiveValues(value);
+    if (config?.frameAncestors === false) delete directives['frame-ancestors'];
+    else if (config?.frameAncestors) directives['frame-ancestors'] = normalizeDirectiveValues(config.frameAncestors);
+    appendDirectiveValues(directives, "script-src", config?.additionalScriptSrc);
+    appendDirectiveValues(directives, 'style-src', config?.additionalStyleSrc);
+    appendDirectiveValues(directives, 'connect-src', config?.additionalConnectSrc);
+    appendDirectiveValues(directives, 'img-src', config?.additionalImgSrc);
+    if (config?.reportUri) directives['report-uri'] = [
+        config.reportUri
+    ];
+    return {
+        mode,
+        directives,
+        reason: config?.reason
+    };
+};
+const createNoindexPolicy = (noindex)=>{
+    if (false === noindex) return {
+        workersDev: false,
+        localhost: false,
+        previewHostnames: []
+    };
+    if (true === noindex || void 0 === noindex) return {
+        workersDev: true,
+        localhost: true,
+        previewHostnames: []
+    };
+    return {
+        workersDev: noindex.workersDev ?? true,
+        localhost: noindex.localhost ?? true,
+        previewHostnames: noindex.previewHostnames ?? [],
+        reason: noindex.reason
+    };
+};
+const createCloudflareWorkerCorsPolicy = (cors)=>({
+        assets: cors?.assets ?? true,
+        allowedOrigins: normalizeDirectiveValues(cors?.allowedOrigins ?? []),
+        allowedMethods: cors?.allowedMethods?.length ? normalizeDirectiveValues(cors.allowedMethods.map((method)=>method.toUpperCase())) : DEFAULT_CORS_ALLOWED_METHODS,
+        allowedHeaders: cors?.allowedHeaders?.length ? normalizeDirectiveValues(cors.allowedHeaders) : [
+            '*'
+        ],
+        reason: cors?.reason
+    });
+const createCloudflareWorkerSecurityPolicy = (modernConfig)=>{
+    const security = modernConfig.deploy?.worker?.security;
+    if (security?.enabled === false) return {
+        enabled: false,
+        cors: createCloudflareWorkerCorsPolicy(security.cors),
+        reason: security.reason
+    };
+    return {
+        enabled: true,
+        headers: {
+            referrerPolicy: security?.headers?.referrerPolicy ?? DEFAULT_SECURITY_HEADERS.referrerPolicy,
+            contentTypeOptions: security?.headers?.contentTypeOptions ?? DEFAULT_SECURITY_HEADERS.contentTypeOptions,
+            permissionsPolicy: security?.headers?.permissionsPolicy ?? DEFAULT_SECURITY_HEADERS.permissionsPolicy
+        },
+        contentSecurityPolicy: createContentSecurityPolicy(security?.contentSecurityPolicy),
+        noindex: createNoindexPolicy(security?.noindex),
+        cors: createCloudflareWorkerCorsPolicy(security?.cors),
+        reason: security?.reason
+    };
+};
 const readRouteSpec = async (outputDirectory)=>{
     const routeSpecPath = node_path.join(outputDirectory, ROUTE_SPEC_OUTPUT);
     if (!await fs.pathExists(routeSpecPath)) return {
@@ -76,6 +249,7 @@ const createWorkerManifest = async (outputDirectory, modernConfig)=>{
             loadableStats: LOADABLE_STATS_FILE,
             routeManifest: ROUTE_MANIFEST_FILE
         },
+        security: createCloudflareWorkerSecurityPolicy(modernConfig),
         bff: isEffectBff && primaryBffPrefix && effectBffWorkerExists ? {
             runtimeFramework: 'effect',
             prefix: primaryBffPrefix,
@@ -148,7 +322,7 @@ const createCloudflarePreset = ({ appContext, modernConfig })=>{
                 $schema: 'node_modules/wrangler/config-schema.json',
                 name: workerName,
                 main: WORKER_ENTRY,
-                compatibility_date: getCompatibilityDate(),
+                compatibility_date: getCompatibilityDate(modernConfig),
                 compatibility_flags: [
                     'nodejs_compat',
                     'global_fetch_strictly_public'

package/dist/esm/plugins/deploy/platforms/templates/cloudflare-entry.mjs

@@ -3,27 +3,129 @@ const MODERN_WORKER_MANIFEST = p_workerManifest;
 const WORKER_MODULE_LOADERS = p_workerModuleLoaders;
 const workerModulePromises = new Map();
 const remoteJsonPromises = new Map();
-const CORS_HEADERS = {
+const CORS_POLICY = MODERN_WORKER_MANIFEST.security?.cors || {};
+const ASSET_CORS_ENABLED = false !== CORS_POLICY.assets;
+const APP_CORS_ALLOWED_ORIGINS = (CORS_POLICY.allowedOrigins || []).map((origin)=>String(origin).toLowerCase());
+const APP_CORS_ALLOWED_METHODS = (CORS_POLICY.allowedMethods?.length ? CORS_POLICY.allowedMethods : [
+    'GET',
+    'HEAD',
+    'POST',
+    'PUT',
+    'PATCH',
+    'DELETE',
+    'OPTIONS'
+]).join(', ');
+const APP_CORS_ALLOWED_HEADERS = (CORS_POLICY.allowedHeaders?.length ? CORS_POLICY.allowedHeaders : [
+    '*'
+]).join(', ');
+const ASSET_CORS_HEADERS = {
     'access-control-allow-headers': '*',
     'access-control-allow-methods': 'GET, HEAD, OPTIONS',
     'access-control-allow-origin': '*'
 };
 globalThis.__dirname ??= '/';
 globalThis.__filename ??= '/index.js';
-function withCorsHeaders(response) {
+function getAllowedAppCorsOrigin(request) {
+    if (0 === APP_CORS_ALLOWED_ORIGINS.length) return null;
+    const origin = request.headers.get('origin');
+    if (!origin) return null;
+    if (APP_CORS_ALLOWED_ORIGINS.includes('*')) return '*';
+    return APP_CORS_ALLOWED_ORIGINS.includes(origin.toLowerCase()) ? origin : null;
+}
+function appendVaryOrigin(headers) {
+    const vary = headers.get('vary');
+    if (!vary) return void headers.set('vary', 'origin');
+    const varyValues = vary.split(',').map((value)=>value.trim().toLowerCase());
+    if (!varyValues.includes('origin')) headers.set('vary', `${vary}, origin`);
+}
+function withAppCorsHeaders(response, request) {
+    const allowedOrigin = getAllowedAppCorsOrigin(request);
+    if (!allowedOrigin) return response;
     const headers = new Headers(response.headers);
-    for (const [name, value] of Object.entries(CORS_HEADERS))if (!headers.has(name)) headers.set(name, value);
+    if (!headers.has('access-control-allow-origin')) headers.set('access-control-allow-origin', allowedOrigin);
+    if ('*' !== allowedOrigin) appendVaryOrigin(headers);
     return new Response(response.body, {
         headers,
         status: response.status,
         statusText: response.statusText
     });
 }
+function withAssetCorsHeaders(response) {
+    if (!ASSET_CORS_ENABLED) return response;
+    const headers = new Headers(response.headers);
+    for (const [name, value] of Object.entries(ASSET_CORS_HEADERS))if (!headers.has(name)) headers.set(name, value);
+    return new Response(response.body, {
+        headers,
+        status: response.status,
+        statusText: response.statusText
+    });
+}
+function setHeaderIfEnabled(headers, name, value) {
+    if (false === value || 'string' != typeof value || '' === value.trim()) return;
+    if (!headers.has(name)) headers.set(name, value);
+}
+function renderContentSecurityPolicy(directives) {
+    return Object.entries(directives || {}).filter(([, values])=>Array.isArray(values) && values.length > 0).sort(([left], [right])=>left.localeCompare(right)).map(([name, values])=>`${name} ${values.join(' ')}`).join('; ');
+}
+function isHtmlResponse(response) {
+    return (response.headers.get('content-type') || '').includes('text/html');
+}
+function matchesPreviewHostname(hostname, pattern) {
+    const normalizedHostname = hostname.toLowerCase();
+    const normalizedPattern = String(pattern || '').toLowerCase();
+    if (!normalizedPattern) return false;
+    if (normalizedPattern.startsWith('*.')) return normalizedHostname.endsWith(normalizedPattern.slice(1));
+    return normalizedHostname === normalizedPattern;
+}
+function shouldNoindex(request, noindex) {
+    if (!noindex || false === noindex) return false;
+    const { hostname } = new URL(request.url);
+    const normalizedHostname = hostname.toLowerCase();
+    if (false !== noindex.localhost && ('localhost' === normalizedHostname || '127.0.0.1' === normalizedHostname || '[::1]' === normalizedHostname)) return true;
+    if (false !== noindex.workersDev && normalizedHostname.endsWith('.workers.dev')) return true;
+    return (noindex.previewHostnames || []).some((pattern)=>matchesPreviewHostname(normalizedHostname, pattern));
+}
+function withCloudflareSecurityHeaders(response, request) {
+    const security = MODERN_WORKER_MANIFEST.security;
+    if (!security || false === security.enabled) return response;
+    const headers = new Headers(response.headers);
+    const configuredHeaders = security.headers || {};
+    setHeaderIfEnabled(headers, 'referrer-policy', configuredHeaders.referrerPolicy);
+    setHeaderIfEnabled(headers, 'x-content-type-options', configuredHeaders.contentTypeOptions);
+    setHeaderIfEnabled(headers, 'permissions-policy', configuredHeaders.permissionsPolicy);
+    const csp = security.contentSecurityPolicy;
+    const cspHeader = csp?.mode === 'enforce' ? 'content-security-policy' : 'content-security-policy-report-only';
+    const cspValue = renderContentSecurityPolicy(csp?.directives);
+    if (isHtmlResponse(response) && csp?.mode !== 'off' && cspValue && !headers.has(cspHeader)) headers.set(cspHeader, cspValue);
+    if (shouldNoindex(request, security.noindex)) headers.set('x-robots-tag', 'noindex, nofollow');
+    return new Response(response.body, {
+        headers,
+        status: response.status,
+        statusText: response.statusText
+    });
+}
+function createRenderableRequest(request) {
+    if ('HEAD' !== request.method) return request;
+    return new Request(request, {
+        method: 'GET'
+    });
+}
+function finalizeResponseForRequest(response, request) {
+    const securedResponse = withCloudflareSecurityHeaders(response, request);
+    if ('HEAD' !== request.method) return securedResponse;
+    const headers = new Headers(securedResponse.headers);
+    headers.delete('content-length');
+    return new Response(null, {
+        headers,
+        status: securedResponse.status,
+        statusText: securedResponse.statusText
+    });
+}
 function isFingerprintedAssetPathname(pathname) {
     return /(?:^|\/)[^/]+\.[a-f0-9]{8,}\.(?:css|js|mjs|json|svg|png|jpe?g|webp|avif|gif|woff2?|ttf)$/iu.test(pathname);
 }
 function withAssetHeaders(response, request) {
-    const corsResponse = withCorsHeaders(response);
+    const corsResponse = withAssetCorsHeaders(response);
     const headers = new Headers(corsResponse.headers);
     const { pathname } = new URL(request.url);
     if (isFingerprintedAssetPathname(pathname)) headers.set('cache-control', 'public, max-age=31536000, immutable');
@@ -33,10 +135,30 @@ function withAssetHeaders(response, request) {
         statusText: corsResponse.statusText
     });
 }
-function createCorsPreflightResponse(request) {
+async function createCorsPreflightResponse(request, env) {
     if ('OPTIONS' !== request.method) return null;
+    const allowedOrigin = getAllowedAppCorsOrigin(request);
+    if (allowedOrigin) {
+        const headers = new Headers({
+            'access-control-allow-headers': APP_CORS_ALLOWED_HEADERS,
+            'access-control-allow-methods': APP_CORS_ALLOWED_METHODS,
+            'access-control-allow-origin': allowedOrigin
+        });
+        if ('*' !== allowedOrigin) headers.set('vary', 'origin');
+        return new Response(null, {
+            headers,
+            status: 204
+        });
+    }
+    if (!ASSET_CORS_ENABLED) return null;
+    const assets = env?.[ASSETS_BINDING];
+    if (!assets || 'function' != typeof assets.fetch) return null;
+    const assetResponse = await assets.fetch(new Request(request.url, {
+        method: 'HEAD'
+    }));
+    if (!assetResponse || 404 === assetResponse.status) return null;
     return new Response(null, {
-        headers: CORS_HEADERS,
+        headers: ASSET_CORS_HEADERS,
         status: 204
     });
 }
@@ -417,22 +539,25 @@ async function dispatchBffRequest(request, env) {
 }
 export default {
     async fetch (request, env, ctx) {
-        const corsPreflightResponse = createCorsPreflightResponse(request);
-        if (corsPreflightResponse) return corsPreflightResponse;
+        const corsPreflightResponse = await createCorsPreflightResponse(request, env);
+        if (corsPreflightResponse) return finalizeResponseForRequest(corsPreflightResponse, request);
         const assetResponse = await fetchAsset(request, env);
-        if (assetResponse) return assetResponse;
+        if (assetResponse) return finalizeResponseForRequest(assetResponse, request);
         const bffResponse = await dispatchBffRequest(request, env);
-        if (bffResponse) return withCorsHeaders(bffResponse);
+        if (bffResponse) return finalizeResponseForRequest(withAppCorsHeaders(bffResponse, request), request);
         const route = findRoute(request);
         const { pathname } = new URL(request.url);
-        if (isAssetLikePathname(pathname) && !routeMatchesExactly(route, pathname)) return withCorsHeaders(new Response('Not found', {
+        if (isAssetLikePathname(pathname) && !routeMatchesExactly(route, pathname)) return finalizeResponseForRequest(withAppCorsHeaders(new Response('Not found', {
             status: 404
-        }));
-        if (route?.worker) return withCorsHeaders(await dispatchRouteWorker(route, request, env, ctx));
+        }), request), request);
+        if (route?.worker) {
+            const renderableRequest = createRenderableRequest(request);
+            return finalizeResponseForRequest(withAppCorsHeaders(await dispatchRouteWorker(route, renderableRequest, env, ctx), request), request);
+        }
         const htmlResponse = await fetchRouteHtml(route, request, env);
-        if (htmlResponse) return htmlResponse;
-        return withCorsHeaders(new Response('Not found', {
+        if (htmlResponse) return finalizeResponseForRequest(htmlResponse, request);
+        return finalizeResponseForRequest(withAppCorsHeaders(new Response('Not found', {
             status: 404
-        }));
+        }), request), request);
     }
 };

package/dist/esm/plugins/deploy/utils/index.mjs

@@ -1,5 +1,6 @@
 import { createRequire } from "node:module";
-import { ROUTE_SPEC_FILE, SERVER_DIR, fs, getMeta } from "@modern-js/utils";
+import { pathToFileURL } from "node:url";
+import { ROUTE_SPEC_FILE, SERVER_DIR, dynamicImport, fs, getMeta } from "@modern-js/utils";
 import path from "path";
 const normalizePath = (filePath)=>filePath.replace(/\\/g, '/');
 const getProjectUsage = (appDirectory, distDirectory, metaName)=>{
@@ -25,43 +26,17 @@ const getProjectUsage = (appDirectory, distDirectory, metaName)=>{
 };
 const getTemplatePath = (file)=>path.join(__dirname, '../platforms/templates', file);
 const readTemplate = async (file)=>(await fs.readFile(getTemplatePath(file))).toString();
-const localRequire = createRequire(path.join(__dirname, 'package.json'));
-const findNearestPackageJson = (resolvedEntry)=>{
-    let currentDir = path.dirname(resolvedEntry);
-    while(currentDir !== path.dirname(currentDir)){
-        const manifestPath = path.join(currentDir, 'package.json');
-        if (fs.existsSync(manifestPath)) return manifestPath;
-        currentDir = path.dirname(currentDir);
-    }
-};
-const splitPackageSpecifier = (entry)=>{
-    const segments = entry.split('/');
-    if (entry.startsWith('@')) {
-        const [scope, name, ...rest] = segments;
-        return {
-            packageName: `${scope}/${name}`,
-            exportKey: rest.length > 0 ? `./${rest.join('/')}` : '.'
-        };
-    }
-    const [name, ...rest] = segments;
-    return {
-        packageName: name,
-        exportKey: rest.length > 0 ? `./${rest.join('/')}` : '.'
-    };
-};
 const resolveESMDependency = async (entry)=>{
+    const conditions = new Set([
+        'node',
+        'import',
+        'module',
+        'default'
+    ]);
     try {
-        const { packageName, exportKey } = splitPackageSpecifier(entry);
-        const resolvedEntry = localRequire.resolve(entry);
-        const packageJsonPath = findNearestPackageJson(localRequire.resolve(packageName));
-        if (!packageJsonPath) return normalizePath(resolvedEntry);
-        const packageDir = path.dirname(packageJsonPath);
-        const packageJson = fs.readJSONSync(packageJsonPath);
-        const exportConfig = packageJson.exports?.[exportKey];
-        if ('string' == typeof exportConfig) return normalizePath(path.join(packageDir, exportConfig));
-        const esmExportPath = exportConfig?.node?.import || exportConfig?.import || exportConfig?.default;
-        if ('string' == typeof esmExportPath) return normalizePath(path.join(packageDir, esmExportPath));
-        return normalizePath(resolvedEntry);
+        const resolverPath = pathToFileURL(createRequire(__filename).resolve('import-meta-resolve')).href;
+        const { moduleResolve } = await dynamicImport(resolverPath);
+        return normalizePath(moduleResolve(entry, pathToFileURL(`${__dirname}/`), conditions, false).pathname.replace(/^\/(\w):/, '$1:'));
     } catch (err) {}
 };
 export { getProjectUsage, getTemplatePath, normalizePath, readTemplate, resolveESMDependency };

package/dist/esm/plugins/initialize/index.mjs

@@ -1,5 +1,5 @@
 import { ensureAbsolutePath, getPort, isDev, isDevCommand } from "@modern-js/utils";
-import { createDefaultConfig } from "../../config/index.mjs";
+import { createDefaultConfig, isLazyCompilationSafeByDefault } from "../../config/index.mjs";
 const initialize = ()=>({
         name: '@modern-js/plugin-initialize',
         post: [
@@ -11,7 +11,16 @@ const initialize = ()=>({
         setup (api) {
             api.config(()=>{
                 const appContext = api.getAppContext();
-                return createDefaultConfig(appContext);
+                const userConfig = api.getConfig();
+                const defaultConfig = createDefaultConfig(appContext);
+                if (userConfig.dev?.lazyCompilation === void 0 && isLazyCompilationSafeByDefault(userConfig)) defaultConfig.dev = {
+                    ...defaultConfig.dev,
+                    lazyCompilation: {
+                        imports: true,
+                        entries: false
+                    }
+                };
+                return defaultConfig;
             });
             api.modifyResolvedConfig(async (resolved)=>{
                 let appContext = api.getAppContext();