@bouygues-telecom/staticjs 1.0.0 → 1.0.1

package/_build/server/config/vite.config.js

@@ -5,6 +5,12 @@ import { loadCacheEntries } from "../../helpers/cachePages.js";
 import { CONFIG } from "./index";
 // Load cache entries using the refactored helper function
 const entries = loadCacheEntries(CONFIG.PROJECT_ROOT);
+// Sanitize entry keys for Rollup: strip dynamic segments [param] and use parent folder name
+// e.g., "partials/dynamic/[id]" -> "partials/dynamic"
+const sanitizedEntries = Object.fromEntries(Object.entries(entries).map(([key, value]) => [
+    key.replace(/\/\[[^\]]+\]$/, ''),
+    value
+]));
 export default defineConfig(({ mode }) => {
     // Load environment variables from .env files
     // const env = loadEnv(mode, CONFIG.PROJECT_ROOT, '');
@@ -15,11 +21,22 @@ export default defineConfig(({ mode }) => {
                 "@": path.resolve(CONFIG.PROJECT_ROOT, "src")
             },
         },
+        css: {
+            // Enable CSS source maps for development
+            devSourcemap: true,
+            preprocessorOptions: {
+                scss: {
+                    // Use modern API and allow importing from src directory
+                    api: "modern-compiler",
+                    loadPaths: [path.resolve(CONFIG.PROJECT_ROOT, "src")],
+                },
+            },
+        },
         build: {
             outDir: path.resolve(CONFIG.PROJECT_ROOT, CONFIG.BUILD_DIR),
             emptyOutDir: false,
             rollupOptions: {
-                input: entries,
+                input: sanitizedEntries,
                 output: {
                     entryFileNames: "[name].js",
                     chunkFileNames: "assets/vendor-[hash].js",

package/_build/server/index.d.ts

@@ -13,7 +13,7 @@ export declare const createApp: () => Promise<Express>;
  * @returns Promise<Express> - Running Express application
  */
 export declare const startStaticJSServer: () => Promise<Express>;
-export { isDevelopment } from "./config/index.js";
+export { CONFIG, DEFAULT_CONFIG, isDevelopment } from "./config/index.js";
 export type { ServerConfig } from "./config/index.js";
 export { initializeViteServer } from "./utils/vite.js";
 export { setupProcessHandlers, startServer } from "./utils/startup.js";

package/_build/server/index.js

@@ -39,12 +39,17 @@ export const createApp = async () => {
     applyRateLimiting(app);
     applyParsing(app);
     applyLogging(app);
-    // Hot reload middleware (development mode only) - MUST be before runtime
-    applyHotReload(app);
+    // Hot reload static middleware MUST be applied before Vite to ensure proper serving
+    if (isDevelopment) {
+        const { hotReloadStaticMiddleware } = await import('./middleware/hotReload.js');
+        app.use(hotReloadStaticMiddleware);
+    }
     // Initialize Vite server and register JavaScript routes BEFORE runtime middleware
     if (isDevelopment) {
         await initializeViteServer(app);
     }
+    // Hot reload injection middleware (development mode only) - MUST be before runtime
+    applyHotReload(app);
     // Runtime rendering middleware (development mode only)
     // JavaScript routes are now registered before this middleware
     applyRuntime(app);
@@ -105,7 +110,7 @@ export const startStaticJSServer = async () => {
     }
 };
 // Export additional utilities for external use
-export { isDevelopment } from "./config/index.js";
+export { CONFIG, DEFAULT_CONFIG, isDevelopment } from "./config/index.js";
 export { initializeViteServer } from "./utils/vite.js";
 export { setupProcessHandlers, startServer } from "./utils/startup.js";
 // Only start the server when this module is run directly (not when imported)

package/_build/server/middleware/hotReload.js

@@ -4,7 +4,11 @@
  */
 import fs from 'fs';
 import path from 'path';
-import { isDevelopment } from '../index.js';
+import { fileURLToPath } from 'url';
+import { isDevelopment } from '../config/index.js';
+// ES module equivalent of __dirname
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 // Cache for rendered pages and module cache invalidation
 let hotReloadClientScript = null;
 /**
@@ -13,25 +17,29 @@ let hotReloadClientScript = null;
 const loadHotReloadScript = () => {
     if (!hotReloadClientScript) {
         try {
-            // Always resolve to the centralized server location
-            // Find the project root by looking for the lib/server directory structure
-            let projectRoot = process.cwd();
-            while (projectRoot !== path.dirname(projectRoot)) {
-                const libServerDir = path.join(projectRoot, 'lib/server');
-                const packageJson = path.join(projectRoot, 'package.json');
-                // Look for lib/server directory structure and package.json to ensure we're at the main project root
-                if (fs.existsSync(libServerDir) && fs.existsSync(packageJson)) {
+            // Simplified path resolution - now that build copies static files to _build
+            const possiblePaths = [
+                // Primary: Relative to compiled middleware (_build/server/middleware -> _build/server/static)
+                // Works for both development and npm dependency scenarios
+                path.resolve(__dirname, '../static/hot-reload-client.js'),
+                // Fallback: Source directory (for development when running from source)
+                path.resolve(__dirname, '../../server/static/hot-reload-client.js'),
+                // Safety net: Explicit node_modules path (when used as npm dependency)
+                path.join(process.cwd(), 'node_modules/@bouygues-telecom/staticjs/_build/server/static/hot-reload-client.js')
+            ];
+            let scriptPath = null;
+            for (const possiblePath of possiblePaths) {
+                if (fs.existsSync(possiblePath)) {
+                    scriptPath = possiblePath;
                     break;
                 }
-                projectRoot = path.dirname(projectRoot);
             }
-            const scriptPath = path.join(projectRoot, 'lib/server/static/hot-reload-client.js');
-            if (fs.existsSync(scriptPath)) {
+            if (scriptPath) {
                 hotReloadClientScript = fs.readFileSync(scriptPath, 'utf8');
-                // Hot reload client script loaded
+                console.log(`[HotReload] Hot reload client script loaded from: ${scriptPath}`);
             }
             else {
-                throw new Error(`Script not found at ${scriptPath}`);
+                throw new Error(`Script not found. Tried paths: ${possiblePaths.join(', ')}`);
             }
         }
         catch (error) {
@@ -51,14 +59,16 @@ export const hotReloadStaticMiddleware = (req, res, next) => {
     if (!isDevelopment) {
         return next();
     }
-    // Serve hot reload client script
-    if (req.path === '/hot-reload-client.js') {
+    // Serve hot reload client script - handle this BEFORE any other middleware
+    if (req.path === '/hot-reload-client.js' || req.url === '/hot-reload-client.js') {
+        console.log('[HotReload] Serving hot reload client script');
         const script = loadHotReloadScript();
-        res.setHeader('Content-Type', 'application/javascript');
+        res.setHeader('Content-Type', 'application/javascript; charset=utf-8');
         res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
         res.setHeader('Pragma', 'no-cache');
         res.setHeader('Expires', '0');
-        res.send(script);
+        res.setHeader('X-Content-Type-Options', 'nosniff');
+        res.status(200).send(script);
         return;
     }
     next();
@@ -127,10 +137,8 @@ export const applyHotReload = (app) => {
         // Skipping hot reload middleware in production mode
         return;
     }
-    // Applying hot reload middleware
-    // Apply static file serving middleware first
-    app.use(hotReloadStaticMiddleware);
-    // Apply injection middleware
+    // Applying hot reload injection middleware only
+    // (static middleware is applied separately before Vite)
     app.use(hotReloadInjectionMiddleware);
 };
 /**

package/_build/server/middleware/runtime.d.ts

@@ -17,6 +17,10 @@ export declare const runtimeRenderingMiddleware: (req: Request, res: Response, n
  * Register JavaScript serving middleware for each page
  */
 export declare const registerJavaScriptMiddleware: (app: Express, viteServer: ViteDevServer) => void;
+/**
+ * Register CSS serving middleware for each page with styles
+ */
+export declare const registerCSSMiddleware: (app: Express, viteServer: ViteDevServer) => void;
 /**
  * Apply runtime middleware to Express app (development mode only)
  */

package/_build/server/middleware/runtime.js

@@ -5,7 +5,9 @@
 import { renderPageRuntime } from "../../helpers/renderPageRuntime.js";
 import { isDevelopment } from "../index.js";
 import { CONFIG } from "../config/index.js";
+import { loadStylesCache } from "../../helpers/cachePages.js";
 import fs from "fs";
+import path from "path";
 // Cache for rendered pages and module cache invalidation
 let pageCache = new Map();
 let lastCacheInvalidation = Date.now();
@@ -172,10 +174,133 @@ export const registerJavaScriptMiddleware = (app, viteServer) => {
             });
         }
         else if (pageName.includes('[') || pageName.includes(']')) {
-            // Dynamic routes are handled differently - could add logging here if needed
+            // Dynamic routes: register JS route at parent path (e.g., partials/dynamic/[id] -> /partials/dynamic.js)
+            const jsRoute = `/${pageName.replace(/\/\[[^\]]+\]$/, '')}.js`;
+            app.get(jsRoute, async (req, res) => {
+                try {
+                    const pageContent = fs.readFileSync(pagesCache[pageName], 'utf8');
+                    const firstLine = pageContent.split('\n')[0];
+                    if (firstLine.includes('no scripts')) {
+                        return res.status(404).json({
+                            success: false,
+                            error: 'Not Found',
+                            message: `JavaScript disabled for ${pageName}`,
+                        });
+                    }
+                    const stats = fs.statSync(pagesCache[pageName]);
+                    const fileModTime = stats.mtime.getTime();
+                    if (fileModTime > lastCacheInvalidation && viteServer.moduleGraph) {
+                        const moduleId = pagesCache[pageName];
+                        const module = viteServer.moduleGraph.getModuleById(moduleId);
+                        if (module) {
+                            viteServer.moduleGraph.invalidateModule(module);
+                        }
+                    }
+                    const transformStartTime = Date.now();
+                    const result = await viteServer.transformRequest(`${pagesCache[pageName]}?t=${transformStartTime}`, {
+                        ssr: false
+                    });
+                    if (result && result.code) {
+                        const crypto = await import('crypto');
+                        const codeHash = crypto.createHash('md5').update(result.code).digest('hex').slice(0, 8);
+                        res.setHeader('Content-Type', 'application/javascript');
+                        res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+                        res.setHeader('Pragma', 'no-cache');
+                        res.setHeader('Expires', '0');
+                        res.setHeader('X-Timestamp', Date.now().toString());
+                        res.setHeader('X-Code-Hash', codeHash);
+                        res.setHeader('X-File-Modified', fileModTime.toString());
+                        return res.send(result.code);
+                    }
+                    else {
+                        return res.status(404).json({
+                            success: false,
+                            error: 'Not Found',
+                            message: `No JavaScript generated for ${pageName}`,
+                        });
+                    }
+                }
+                catch (error) {
+                    console.error(`Error compiling JavaScript for ${pageName}:`, error);
+                    return res.status(500).json({
+                        success: false,
+                        error: 'Internal Server Error',
+                        message: `Failed to compile JavaScript for ${pageName}`,
+                    });
+                }
+            });
         }
     });
 };
+/**
+ * Register CSS serving middleware for each page with styles
+ */
+export const registerCSSMiddleware = (app, viteServer) => {
+    const stylesCache = loadStylesCache(CONFIG.PROJECT_ROOT);
+    // Register a route for each page's CSS file
+    Object.entries(stylesCache).forEach(([pageName, styleFiles]) => {
+        // Handle dynamic routes - use parent path
+        const cssRoute = `/${pageName.replace(/\/\[[^\]]+\]$/, "")}.css`;
+        app.get(cssRoute, async (req, res) => {
+            try {
+                const compiledStyles = [];
+                for (const styleFile of styleFiles) {
+                    // Check file modification time for cache invalidation
+                    const stats = fs.statSync(styleFile);
+                    const fileModTime = stats.mtime.getTime();
+                    if (fileModTime > lastCacheInvalidation && viteServer.moduleGraph) {
+                        const module = viteServer.moduleGraph.getModuleById(styleFile);
+                        if (module) {
+                            viteServer.moduleGraph.invalidateModule(module);
+                        }
+                    }
+                    // Transform the style file using Vite
+                    const transformStartTime = Date.now();
+                    const result = await viteServer.transformRequest(`${styleFile}?t=${transformStartTime}`, { ssr: false });
+                    if (result && result.code) {
+                        // Vite transforms SCSS to JS that exports CSS
+                        // We need to extract the actual CSS content
+                        // For SCSS files, Vite returns CSS wrapped in JS
+                        const cssMatch = result.code.match(/__vite__css\s*=\s*"([^"]*)"/) ||
+                            result.code.match(/export\s+default\s+"([^"]*)"/) ||
+                            result.code.match(/"([^"]*\\n[^"]*)"/);
+                        if (cssMatch && cssMatch[1]) {
+                            // Unescape the CSS string
+                            const css = cssMatch[1]
+                                .replace(/\\n/g, "\n")
+                                .replace(/\\"/g, '"')
+                                .replace(/\\\\/g, "\\");
+                            compiledStyles.push(`/* Source: ${path.basename(styleFile)} */\n${css}`);
+                        }
+                    }
+                }
+                if (compiledStyles.length > 0) {
+                    const finalCss = compiledStyles.join("\n\n");
+                    res.setHeader("Content-Type", "text/css");
+                    res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
+                    res.setHeader("Pragma", "no-cache");
+                    res.setHeader("Expires", "0");
+                    return res.send(finalCss);
+                }
+                else {
+                    return res.status(404).json({
+                        success: false,
+                        error: "Not Found",
+                        message: `No CSS generated for ${pageName}`,
+                    });
+                }
+            }
+            catch (error) {
+                console.error(`Error compiling CSS for ${pageName}:`, error);
+                return res.status(500).json({
+                    success: false,
+                    error: "Internal Server Error",
+                    message: `Failed to compile CSS for ${pageName}`,
+                });
+            }
+        });
+    });
+};
 /**
  * Apply runtime middleware to Express app (development mode only)
  */

package/_build/server/middleware/security.d.ts

@@ -10,8 +10,8 @@ import { Express } from "express";
  */
 export declare const securityMiddleware: (req: import("http").IncomingMessage, res: import("http").ServerResponse, next: (err?: unknown) => void) => void;
 /**
- * CORS configuration for development
- * Allows cross-origin requests in development mode
+ * CORS configuration
+ * Uses origin validator for secure cross-origin request handling
  */
 export declare const corsMiddleware: (req: cors.CorsRequest, res: {
     statusCode?: number | undefined;

package/_build/server/middleware/security.js

@@ -4,7 +4,7 @@
  */
 import helmet from "helmet";
 import cors from "cors";
-import { isDevelopment } from "../index.js";
+import { CONFIG, isDevelopment } from "../config/index.js";
 /**
  * Security headers middleware using helmet
  * Configures appropriate security headers for the application
@@ -13,7 +13,7 @@ export const securityMiddleware = helmet({
     contentSecurityPolicy: {
         directives: {
             defaultSrc: ["'self'"],
-            styleSrc: ["'self'", "'unsafe-inline'"],
+            styleSrc: ["'self'", "'unsafe-inline'", "https://assets.bouyguestelecom.fr"],
             scriptSrc: ["'self'"],
             imgSrc: ["'self'", "data:", "https:"],
         },
@@ -21,19 +21,63 @@ export const securityMiddleware = helmet({
     crossOriginEmbedderPolicy: false, // Allow embedding for development
 });
 /**
- * CORS configuration for development
- * Allows cross-origin requests in development mode
+ * Get allowed origins for CORS
+ * In development: allows localhost origins if none configured
+ * In production: only allows explicitly configured origins
+ */
+const getAllowedOrigins = () => {
+    if (CONFIG.CORS_ORIGINS.length > 0) {
+        return CONFIG.CORS_ORIGINS;
+    }
+    // Default localhost origins for development
+    if (isDevelopment) {
+        return [
+            `http://localhost:${CONFIG.PORT}`,
+            `http://127.0.0.1:${CONFIG.PORT}`,
+            'http://localhost:3000',
+            'http://127.0.0.1:3000',
+        ];
+    }
+    // In production with no configured origins, deny all cross-origin requests
+    return [];
+};
+/**
+ * CORS origin validator
+ * Validates request origin against allowed origins list
+ */
+const corsOriginValidator = (origin, callback) => {
+    const allowedOrigins = getAllowedOrigins();
+    // Allow requests with no origin (same-origin, curl, etc.)
+    if (!origin) {
+        callback(null, true);
+        return;
+    }
+    // Check if origin is in allowed list
+    if (allowedOrigins.includes(origin)) {
+        callback(null, true);
+        return;
+    }
+    // In development, log rejected origins for debugging
+    if (isDevelopment) {
+        console.warn(`[CORS] Rejected origin: ${origin}. Allowed: ${allowedOrigins.join(', ') || 'none'}`);
+    }
+    callback(new Error('Not allowed by CORS'), false);
+};
+/**
+ * CORS configuration
+ * Uses origin validator for secure cross-origin request handling
  */
 export const corsMiddleware = cors({
-    origin: true,
+    origin: corsOriginValidator,
     credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key'],
+    maxAge: 86400, // 24 hours preflight cache
 });
 /**
  * Apply security middleware to Express app
  */
 export const applySecurity = (app) => {
     app.use(securityMiddleware);
-    if (isDevelopment) {
-        app.use(corsMiddleware);
-    }
+    app.use(corsMiddleware);
 };

package/_build/server/routes/api.d.ts

@@ -2,7 +2,7 @@
  * API route handlers
  * Handles health check, pages listing, and revalidate endpoints
  */
-import { Request, Response, Express } from "express";
+import { Request, Response, NextFunction, Express } from "express";
 /**
  * Health check endpoint
  * Returns server status and basic information
@@ -13,6 +13,11 @@ export declare const healthCheck: (req: Request, res: Response) => void;
  * In development mode, uses readPages helper; in production, scans static directory
  */
 export declare const listPages: (req: Request, res: Response) => Promise<void>;
+/**
+ * Authentication middleware for revalidate endpoint
+ * Requires API key in production, optional in development
+ */
+export declare const revalidateAuth: (req: Request, res: Response, next: NextFunction) => void;
 /**
  * Revalidate endpoint with enhanced error handling and rate limiting
  */

package/_build/server/routes/api.js

@@ -8,6 +8,7 @@ import { readdir } from "fs/promises";
 import { extname, join } from "path";
 import { CONFIG, isDevelopment } from "../config/index.js";
 import { revalidateLimiter } from "../middleware/rateLimiting.js";
+import crypto from "crypto";
 /**
  * Health check endpoint
  * Returns server status and basic information
@@ -65,6 +66,56 @@ export const listPages = async (req, res) => {
         res.status(500).json(errorResponse);
     }
 };
+/**
+ * Authentication middleware for revalidate endpoint
+ * Requires API key in production, optional in development
+ */
+export const revalidateAuth = (req, res, next) => {
+    const apiKey = CONFIG.REVALIDATE_API_KEY;
+    // In development, allow requests without API key if none is configured
+    if (isDevelopment && !apiKey) {
+        return next();
+    }
+    // In production, API key is required
+    if (!apiKey) {
+        console.error('[Security] REVALIDATE_API_KEY not configured in production');
+        res.status(503).json({
+            success: false,
+            error: 'Revalidation endpoint not configured',
+        });
+        return;
+    }
+    // Check for API key in Authorization header (Bearer token) or X-API-Key header
+    const authHeader = req.headers.authorization;
+    const apiKeyHeader = req.headers['x-api-key'];
+    let providedKey;
+    if (authHeader?.startsWith('Bearer ')) {
+        providedKey = authHeader.slice(7);
+    }
+    else if (typeof apiKeyHeader === 'string') {
+        providedKey = apiKeyHeader;
+    }
+    if (!providedKey) {
+        res.status(401).json({
+            success: false,
+            error: 'Authentication required',
+            message: 'Provide API key via Authorization: Bearer <key> or X-API-Key header',
+        });
+        return;
+    }
+    // Use timing-safe comparison to prevent timing attacks
+    const isValid = providedKey.length === apiKey.length &&
+        crypto.timingSafeEqual(Buffer.from(providedKey), Buffer.from(apiKey));
+    if (!isValid) {
+        console.warn('[Security] Invalid API key attempt for revalidate endpoint');
+        res.status(403).json({
+            success: false,
+            error: 'Invalid API key',
+        });
+        return;
+    }
+    next();
+};
 /**
  * Revalidate endpoint with enhanced error handling and rate limiting
  */
@@ -120,5 +171,5 @@ async function getAvailablePages() {
 export const registerApiRoutes = (app) => {
     app.get('/health', healthCheck);
     app.get('/api/pages', listPages);
-    app.post('/revalidate', revalidateLimiter, revalidateEndpoint);
+    app.post('/revalidate', revalidateLimiter, revalidateAuth, revalidateEndpoint);
 };

package/_build/server/scripts/revalidate.js

@@ -1,24 +1,97 @@
-import { exec } from "child_process";
+import { execFile } from "child_process";
 import { dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import path from "path";
+import fs from "fs";
 const __dirname = dirname(fileURLToPath(import.meta.url));
+/**
+ * Maximum allowed path length to prevent buffer overflow attacks
+ */
+const MAX_PATH_LENGTH = 256;
+/**
+ * Strict path validation:
+ * - Must be a string
+ * - Must match safe characters only (alphanumeric, underscore, hyphen)
+ * - No slashes allowed (paths are relative page names, not file paths)
+ * - Must not be empty
+ * - Must not exceed max length
+ */
+const isValidPath = (p) => {
+    if (typeof p !== "string")
+        return false;
+    if (p.length === 0 || p.length > MAX_PATH_LENGTH)
+        return false;
+    // Only allow alphanumeric, underscores, and hyphens - NO slashes
+    if (!/^[a-zA-Z0-9_-]+$/.test(p))
+        return false;
+    return true;
+};
+/**
+ * Validate that a path resolves within the expected pages directory
+ */
+const isPathWithinPagesDir = (pageName, projectRoot) => {
+    const pagesDir = path.resolve(projectRoot, 'src/pages');
+    const resolvedPath = path.resolve(pagesDir, pageName);
+    // Ensure the resolved path starts with the pages directory
+    if (!resolvedPath.startsWith(pagesDir + path.sep)) {
+        return false;
+    }
+    // Verify the page directory actually exists
+    try {
+        return fs.existsSync(resolvedPath) && fs.statSync(resolvedPath).isDirectory();
+    }
+    catch {
+        return false;
+    }
+};
+/**
+ * Get safe environment variables for child processes
+ * Only passes necessary, non-sensitive variables
+ */
+const getSafeEnv = () => {
+    return {
+        PATH: process.env.PATH,
+        HOME: process.env.HOME,
+        NODE_ENV: process.env.NODE_ENV,
+        // Add other safe variables as needed
+    };
+};
 export const revalidate = (req, res) => {
     try {
-        const paths = req?.body?.paths || [];
-        const pathsArg = paths.length > 0 ? paths.join(" ") : "";
+        const rawPaths = req?.body?.paths;
+        const projectRoot = process.cwd();
+        // Validate and filter paths
+        const paths = Array.isArray(rawPaths)
+            ? rawPaths
+                .filter(isValidPath)
+                .filter((p) => isPathWithinPagesDir(p, projectRoot))
+            : [];
+        // Log any rejected paths for security monitoring
+        if (Array.isArray(rawPaths)) {
+            const rejectedPaths = rawPaths.filter((p) => !isValidPath(p) || (typeof p === 'string' && !isPathWithinPagesDir(p, projectRoot)));
+            if (rejectedPaths.length > 0) {
+                console.warn('[Security] Rejected invalid revalidation paths:', rejectedPaths);
+            }
+        }
         const cachePages = path.resolve(__dirname, "../../../helpers/cachePages.js");
         const buildHtmlConfig = path.resolve(__dirname, "../../../scripts/build-html.js");
-        const buildCommand = `NODE_TLS_REJECT_UNAUTHORIZED=0 node ${cachePages} ${pathsArg && `${pathsArg}`} && npx tsx ${buildHtmlConfig}`;
-        exec(buildCommand, (error, stdout, stderr) => {
+        execFile("node", [cachePages, ...paths], { env: getSafeEnv() }, (error, stdout, stderr) => {
             if (error) {
-                console.error(`Exec error: ${error}`);
+                console.error(`Cache pages error: ${error}`);
                 return;
             }
-            if (!error) {
-                console.log(`stdout: ${stdout}`);
+            console.log(`stdout: ${stdout}`);
+            if (stderr)
                 console.error(`stderr: ${stderr}`);
-            }
+            execFile("npx", ["tsx", buildHtmlConfig], { env: getSafeEnv() }, (error, stdout, stderr) => {
+                if (error) {
+                    console.error(`Build HTML error: ${error}`);
+                    return;
+                }
+                console.log(`stdout: ${stdout}`);
+                if (stderr)
+                    console.error(`stderr: ${stderr}`);
+            });
         });
         res
             .status(200)