npm - @bquery/bquery - Versions diffs - 1.10.0 → 1.11.1 - Mend

@bquery/bquery 1.10.0 → 1.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/README.md +91 -65
package/dist/{a11y-DG2i4iZN.js → a11y-DgUQ8-fI.js} +1 -1
package/dist/{a11y-DG2i4iZN.js.map → a11y-DgUQ8-fI.js.map} +1 -1
package/dist/a11y.es.mjs +1 -1
package/dist/{component-DRotf1hl.js → component-D8ydhe58.js} +2 -2
package/dist/{component-DRotf1hl.js.map → component-D8ydhe58.js.map} +1 -1
package/dist/component.es.mjs +1 -1
package/dist/concurrency-BU1wPEsZ.js.map +1 -1
package/dist/{constraints-CqjhmpZC.js → constraints-Dlbx_m1b.js} +1 -1
package/dist/{constraints-CqjhmpZC.js.map → constraints-Dlbx_m1b.js.map} +1 -1
package/dist/{core-EMYSLzaT.js → core-tOP6QOrY.js} +2 -2
package/dist/{core-EMYSLzaT.js.map → core-tOP6QOrY.js.map} +1 -1
package/dist/core.es.mjs +1 -1
package/dist/{custom-directives-BjFzFhuf.js → custom-directives-5DlKqvd2.js} +1 -1
package/dist/{custom-directives-BjFzFhuf.js.map → custom-directives-5DlKqvd2.js.map} +1 -1
package/dist/{devtools-C5FExMwv.js → devtools-QosAqo0T.js} +2 -2
package/dist/{devtools-C5FExMwv.js.map → devtools-QosAqo0T.js.map} +1 -1
package/dist/devtools.es.mjs +1 -1
package/dist/{dnd-BAqzPlSo.js → dnd-d2OU4len.js} +1 -1
package/dist/{dnd-BAqzPlSo.js.map → dnd-d2OU4len.js.map} +1 -1
package/dist/dnd.es.mjs +1 -1
package/dist/{forms-Dx1Scvh0.js → forms-BLx4ZzT7.js} +1 -1
package/dist/{forms-Dx1Scvh0.js.map → forms-BLx4ZzT7.js.map} +1 -1
package/dist/forms.es.mjs +1 -1
package/dist/full.d.ts +4 -2
package/dist/full.d.ts.map +1 -1
package/dist/full.es.mjs +258 -219
package/dist/full.iife.js +41 -37
package/dist/full.iife.js.map +1 -1
package/dist/full.umd.js +41 -37
package/dist/full.umd.js.map +1 -1
package/dist/{i18n-Cazyk9RD.js → i18n--p7PM-9r.js} +1 -1
package/dist/{i18n-Cazyk9RD.js.map → i18n--p7PM-9r.js.map} +1 -1
package/dist/i18n.es.mjs +1 -1
package/dist/index.d.ts +3 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.es.mjs +291 -252
package/dist/match-CrZRVC4z.js +174 -0
package/dist/match-CrZRVC4z.js.map +1 -0
package/dist/{media-dAKIGPk3.js → media-gjbWNq50.js} +1 -1
package/dist/{media-dAKIGPk3.js.map → media-gjbWNq50.js.map} +1 -1
package/dist/media.es.mjs +1 -1
package/dist/motion-BBMso9Ir.js.map +1 -1
package/dist/{mount-C8O2vXkQ.js → mount-0A9qtcRJ.js} +3 -3
package/dist/{mount-C8O2vXkQ.js.map → mount-0A9qtcRJ.js.map} +1 -1
package/dist/platform-BPHIXbw8.js.map +1 -1
package/dist/{plugin-DjTqWg-P.js → plugin-SZEirbwq.js} +2 -2
package/dist/{plugin-DjTqWg-P.js.map → plugin-SZEirbwq.js.map} +1 -1
package/dist/plugin.es.mjs +1 -1
package/dist/reactive-BAd2hfl8.js.map +1 -1
package/dist/{registry-Cr6VH8CR.js → registry-jpUQHf4E.js} +1 -1
package/dist/{registry-Cr6VH8CR.js.map → registry-jpUQHf4E.js.map} +1 -1
package/dist/router-C4weu0QL.js +333 -0
package/dist/router-C4weu0QL.js.map +1 -0
package/dist/router.es.mjs +1 -1
package/dist/{sanitize-B1V4JswB.js → sanitize-DOMkRO9G.js} +12 -7
package/dist/{sanitize-B1V4JswB.js.map → sanitize-DOMkRO9G.js.map} +1 -1
package/dist/security.es.mjs +1 -1
package/dist/server/create-server.d.ts +25 -0
package/dist/server/create-server.d.ts.map +1 -0
package/dist/server/index.d.ts +11 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/types.d.ts +396 -0
package/dist/server/types.d.ts.map +1 -0
package/dist/server-QdyKtCS1.js +349 -0
package/dist/server-QdyKtCS1.js.map +1 -0
package/dist/server.es.mjs +6 -0
package/dist/ssr/adapters.d.ts +74 -0
package/dist/ssr/adapters.d.ts.map +1 -0
package/dist/ssr/async.d.ts +40 -0
package/dist/ssr/async.d.ts.map +1 -0
package/dist/ssr/config.d.ts +60 -0
package/dist/ssr/config.d.ts.map +1 -0
package/dist/ssr/context.d.ts +73 -0
package/dist/ssr/context.d.ts.map +1 -0
package/dist/ssr/defer-brand.d.ts +5 -0
package/dist/ssr/defer-brand.d.ts.map +1 -0
package/dist/ssr/escape.d.ts +17 -0
package/dist/ssr/escape.d.ts.map +1 -0
package/dist/ssr/expression.d.ts +44 -0
package/dist/ssr/expression.d.ts.map +1 -0
package/dist/ssr/hash.d.ts +39 -0
package/dist/ssr/hash.d.ts.map +1 -0
package/dist/ssr/head.d.ts +102 -0
package/dist/ssr/head.d.ts.map +1 -0
package/dist/ssr/html-parser.d.ts +58 -0
package/dist/ssr/html-parser.d.ts.map +1 -0
package/dist/ssr/index.d.ts +49 -43
package/dist/ssr/index.d.ts.map +1 -1
package/dist/ssr/mismatch.d.ts +60 -0
package/dist/ssr/mismatch.d.ts.map +1 -0
package/dist/ssr/render-async.d.ts +84 -0
package/dist/ssr/render-async.d.ts.map +1 -0
package/dist/ssr/render.d.ts.map +1 -1
package/dist/ssr/renderer.d.ts +25 -0
package/dist/ssr/renderer.d.ts.map +1 -0
package/dist/ssr/resumability.d.ts +65 -0
package/dist/ssr/resumability.d.ts.map +1 -0
package/dist/ssr/router-bridge.d.ts +101 -0
package/dist/ssr/router-bridge.d.ts.map +1 -0
package/dist/ssr/runtime.d.ts +63 -0
package/dist/ssr/runtime.d.ts.map +1 -0
package/dist/ssr/serialize.d.ts.map +1 -1
package/dist/ssr/store-snapshot.d.ts +87 -0
package/dist/ssr/store-snapshot.d.ts.map +1 -0
package/dist/ssr/strategies.d.ts +43 -0
package/dist/ssr/strategies.d.ts.map +1 -0
package/dist/ssr/suspense.d.ts +47 -0
package/dist/ssr/suspense.d.ts.map +1 -0
package/dist/ssr/types.d.ts +17 -0
package/dist/ssr/types.d.ts.map +1 -1
package/dist/ssr-Bt6BQA3J.js +2127 -0
package/dist/ssr-Bt6BQA3J.js.map +1 -0
package/dist/ssr.es.mjs +42 -7
package/dist/{store-CjmEeX9-.js → store-DnXuu6Li.js} +2 -2
package/dist/{store-CjmEeX9-.js.map → store-DnXuu6Li.js.map} +1 -1
package/dist/store.es.mjs +2 -2
package/dist/storybook.es.mjs +1 -1
package/dist/{testing-TdfaL7VE.js → testing-CeMUwrRD.js} +2 -2
package/dist/{testing-TdfaL7VE.js.map → testing-CeMUwrRD.js.map} +1 -1
package/dist/testing.es.mjs +1 -1
package/dist/view.es.mjs +1 -1
package/package.json +19 -14
package/src/full.ts +99 -0
package/src/index.ts +5 -2
package/src/server/create-server.ts +754 -0
package/src/server/index.ts +33 -0
package/src/server/types.ts +490 -0
package/src/ssr/adapters.ts +330 -0
package/src/ssr/async.ts +125 -0
package/src/ssr/config.ts +86 -0
package/src/ssr/context.ts +245 -0
package/src/ssr/defer-brand.ts +3 -0
package/src/ssr/escape.ts +25 -0
package/src/ssr/expression.ts +669 -0
package/src/ssr/hash.ts +71 -0
package/src/ssr/head.ts +240 -0
package/src/ssr/html-parser.ts +387 -0
package/src/ssr/index.ts +136 -43
package/src/ssr/mismatch.ts +110 -0
package/src/ssr/render-async.ts +286 -0
package/src/ssr/render.ts +130 -59
package/src/ssr/renderer.ts +453 -0
package/src/ssr/resumability.ts +142 -0
package/src/ssr/router-bridge.ts +177 -0
package/src/ssr/runtime.ts +131 -0
package/src/ssr/serialize.ts +1 -27
package/src/ssr/store-snapshot.ts +209 -0
package/src/ssr/strategies.ts +245 -0
package/src/ssr/suspense.ts +504 -0
package/src/ssr/types.ts +18 -0
package/dist/router-CCepRMpC.js +0 -493
package/dist/router-CCepRMpC.js.map +0 -1
package/dist/ssr-D-1IPcfw.js +0 -248
package/dist/ssr-D-1IPcfw.js.map +0 -1

package/src/ssr/context.ts ADDED Viewed

@@ -0,0 +1,245 @@
+/**
+ * Server-side rendering context.
+ *
+ * Encapsulates everything a render path may need to know about the incoming
+ * request and to produce response-side metadata (head tags, asset hints,
+ * nonces, etc.). The context is propagated explicitly through the public
+ * async APIs (`renderToStringAsync`, `renderToStream`, `renderToResponse`)
+ * and is available to template loaders.
+ *
+ * @module bquery/ssr
+ */
+import { generateNonce } from '../security/csp';
+import { isPrototypePollutionKey } from '../core/utils/object';
+import { createAssetManager, createHeadManager, type AssetManager, type HeadManager } from './head';
+/** Options for `createSSRContext()`. */
+export interface CreateSSRContextOptions {
+  /** Pre-built request to use as the source of URL/headers/cookies/etc. */
+  request?: Request;
+  /** Override the URL (defaults to `request.url` or `'http://localhost/'`). */
+  url?: string | URL;
+  /** Override the user agent string. */
+  userAgent?: string;
+  /** Override the request locale; defaults to `Accept-Language` parsing. */
+  locale?: string;
+  /** Provide an `AbortSignal` for cancellation. Default: `request.signal`. */
+  signal?: AbortSignal;
+  /** Pre-computed CSP nonce. If omitted and `crypto.getRandomValues` exists, a fresh nonce is generated. */
+  nonce?: string;
+  /** Render mode hint — used by streaming/string renderers for diagnostics. */
+  mode?: 'string' | 'stream';
+  /** Optional error sink invoked for non-fatal render errors. */
+  onError?: (error: unknown) => void;
+}
+/** Public SSR context shape. */
+export interface SSRContext {
+  /** The originating `Request` (may be a synthetic one if none was provided). */
+  request: Request;
+  /** Parsed URL of the request. */
+  url: URL;
+  /** Request headers (via `Request.headers`). */
+  headers: Headers;
+  /** Resolved cookie map from `Cookie` header. */
+  cookies: Record<string, string>;
+  /** Best-effort user agent string. */
+  userAgent: string;
+  /** Best-effort locale parsed from `Accept-Language`. */
+  locale: string;
+  /** Cancellation signal — render paths must respect it. */
+  signal: AbortSignal;
+  /** CSP nonce applied to all generated `<script>` tags. */
+  nonce: string;
+  /** Render mode hint. */
+  mode: 'string' | 'stream';
+  /** Head manager — call `head.add(...)`, `head.render()`, or read `head.state()`. */
+  head: HeadManager;
+  /** Asset manifest — call `assets.preload()`/`module()`/`style()`. */
+  assets: AssetManager;
+  /** Status code suggested by render paths (loaders, error boundaries). */
+  status: number;
+  /** Outgoing response headers (used by `renderToResponse()`). */
+  responseHeaders: Headers;
+  /** Reports a non-fatal error. */
+  reportError(error: unknown): void;
+}
+const parseCookies = (header: string): Record<string, string> => {
+  const out = Object.create(null) as Record<string, string>;
+  if (!header) return out;
+  for (const pair of header.split(/;\s*/)) {
+    const idx = pair.indexOf('=');
+    if (idx === -1) continue;
+    const name = pair.slice(0, idx).trim();
+    const value = pair.slice(idx + 1).trim();
+    if (!name || isPrototypePollutionKey(name)) continue;
+    try {
+      out[name] = decodeURIComponent(value);
+    } catch {
+      out[name] = value;
+    }
+  }
+  return out;
+};
+const parseLocale = (acceptLanguage: string | null): string => {
+  if (!acceptLanguage) return 'en';
+  // Pick the highest-quality entry. Header parsing is intentionally minimal.
+  const entries = acceptLanguage
+    .split(',')
+    .map((entry) => {
+      const [tag, ...params] = entry.trim().split(';');
+      const qParam = params.find((p) => p.trim().startsWith('q='));
+      const q = qParam ? Number.parseFloat(qParam.split('=')[1]) : 1;
+      return { tag: tag.trim(), q: Number.isFinite(q) ? q : 0 };
+    })
+    .filter((e) => e.tag);
+  if (!entries.length) return 'en';
+  entries.sort((a, b) => b.q - a.q);
+  return entries[0].tag;
+};
+const safeNonce = (): string => {
+  try {
+    return generateNonce();
+  } catch {
+    // Runtime lacks `crypto.getRandomValues` / `btoa` — fall back to empty.
+    return '';
+  }
+};
+const createHeadersFallback = (): Headers => {
+  const store = new Map<string, string[]>();
+  const api = {
+    append(name: string, value: string): void {
+      const key = String(name).toLowerCase();
+      const existing = store.get(key);
+      if (existing) existing.push(String(value));
+      else store.set(key, [String(value)]);
+    },
+    delete(name: string): void {
+      store.delete(String(name).toLowerCase());
+    },
+    get(name: string): string | null {
+      const values = store.get(String(name).toLowerCase());
+      return values ? values.join(', ') : null;
+    },
+    has(name: string): boolean {
+      return store.has(String(name).toLowerCase());
+    },
+    set(name: string, value: string): void {
+      store.set(String(name).toLowerCase(), [String(value)]);
+    },
+    forEach(
+      callback: (value: string, key: string, parent: Headers) => void,
+      thisArg?: unknown
+    ): void {
+      for (const [key, values] of store) {
+        callback.call(thisArg, values.join(', '), key, api as unknown as Headers);
+      }
+    },
+    *entries(): IterableIterator<[string, string]> {
+      for (const [key, values] of store) {
+        yield [key, values.join(', ')];
+      }
+    },
+    [Symbol.iterator](): IterableIterator<[string, string]> {
+      return api.entries();
+    },
+  };
+  return api as unknown as Headers;
+};
+const createAbortSignalFallback = (): AbortSignal =>
+  ({
+    aborted: false,
+    onabort: null,
+    reason: undefined,
+    addEventListener() {
+      /* no-op */
+    },
+    removeEventListener() {
+      /* no-op */
+    },
+    dispatchEvent() {
+      return false;
+    },
+    throwIfAborted() {
+      /* no-op */
+    },
+  }) as unknown as AbortSignal;
+const hasHeadersApi = (value: unknown): value is Headers =>
+  typeof value === 'object' && value !== null && typeof (value as Headers).get === 'function';
+const hasAbortSignalApi = (value: unknown): value is AbortSignal =>
+  typeof value === 'object' && value !== null && typeof (value as AbortSignal).aborted === 'boolean';
+const createHeadersLike = (): Headers =>
+  typeof Headers === 'function' ? new Headers() : createHeadersFallback();
+/**
+ * Creates a fully populated SSR context.
+ *
+ * @example
+ * ```ts
+ * const ctx = createSSRContext({ request });
+ * const { html } = await renderToStringAsync(template, data, { context: ctx });
+ * ```
+ */
+export const createSSRContext = (options: CreateSSRContextOptions = {}): SSRContext => {
+  // SSRContext relies on Web `Request`/`Headers`/`AbortSignal`. All target
+  // runtimes (Node ≥ 24, Deno, Bun, browsers) provide these natively. The
+  // structural fallback below only exists so the helper does not throw in
+  // exotic embedded runtimes; downstream code that expects real `Request`
+  // methods should ensure the runtime ships them.
+  const fallbackRequestUrl =
+    options.url instanceof URL
+      ? options.url.toString()
+      : typeof options.url === 'string'
+        ? new URL(options.url, 'http://localhost/').toString()
+        : 'http://localhost/';
+  const request =
+    options.request ??
+    (typeof Request === 'function'
+      ? new Request(fallbackRequestUrl)
+      : ({
+          url: fallbackRequestUrl,
+          headers: createHeadersFallback(),
+          signal: createAbortSignalFallback(),
+        } as unknown as Request));
+  const urlSource = options.url ?? request.url;
+  const url =
+    urlSource instanceof URL ? urlSource : new URL(String(urlSource), 'http://localhost/');
+  const headers = hasHeadersApi(request.headers) ? request.headers : createHeadersLike();
+  const cookies = parseCookies(headers.get('cookie') ?? '');
+  const userAgent = options.userAgent ?? headers.get('user-agent') ?? '';
+  const locale = options.locale ?? parseLocale(headers.get('accept-language'));
+  const signal = options.signal ?? (hasAbortSignalApi(request.signal) ? request.signal : createAbortSignalFallback());
+  const nonce = options.nonce ?? safeNonce();
+  const ctx: SSRContext = {
+    request,
+    url,
+    headers,
+    cookies,
+    userAgent,
+    locale,
+    signal,
+    nonce,
+    mode: options.mode ?? 'string',
+    head: createHeadManager(),
+    assets: createAssetManager(),
+    status: 200,
+    responseHeaders: createHeadersLike(),
+    reportError(error) {
+      options.onError?.(error);
+    },
+  };
+  return ctx;
+};

package/src/ssr/defer-brand.ts ADDED Viewed

@@ -0,0 +1,3 @@
+/** Shared internal brand for SSR deferred values and tagged loaders. */
+declare const _deferBrandSymbol: unique symbol;
+export const DEFER_BRAND = Symbol.for('bquery.ssr.defer') as typeof _deferBrandSymbol;

package/src/ssr/escape.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Shared escaping helpers for SSR inline script payloads and HTML attributes.
+ *
+ * @module bquery/ssr
+ * @internal
+ */
+/**
+ * Escapes a string for safe embedding in an inline `<script>` body.
+ * @internal
+ */
+export const escapeForScript = (str: string): string =>
+  str
+    .replace(/</g, '\\u003c')
+    .replace(/>/g, '\\u003e')
+    .replace(/\//g, '\\u002f')
+    .replace(/\u2028/g, '\\u2028')
+    .replace(/\u2029/g, '\\u2029');
+/**
+ * Escapes a string for safe embedding in an HTML attribute value.
+ * @internal
+ */
+export const escapeForHtmlAttribute = (str: string): string =>
+  str.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');