npm - @devvit/start - Versions diffs - 0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0 → 0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0 - Mend

@devvit/start 0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0 → 0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@devvit/start",
-  "version": "0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0",
+  "version": "0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0",
   "license": "BSD-3-Clause",
   "repository": {
     "type": "git",
@@ -21,7 +21,6 @@
     "build": "tsc",
     "clean": "rm -rf .turbo coverage dist",
     "clobber": "yarn clean && rm -rf node_modules",
-    "dev": "tsc -w",
     "lint": "redlint .",
     "lint:fix": "yarn lint --fix",
     "prepublishOnly": "publish-package-json",
@@ -31,19 +30,19 @@
     "test:unit-with-coverage": "vitest run --coverage"
   },
   "dependencies": {
-    "@devvit/shared-types": "0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0",
+    "@devvit/shared-types": "0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0",
     "chalk": "4.1.2"
   },
   "peerDependencies": {
     "vite": ">=6.0.0"
   },
   "devDependencies": {
-    "@devvit/repo-tools": "0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0",
-    "@devvit/tsconfig": "0.12.9-next-2026-01-12-21-31-23-d0283fd9f.0",
+    "@devvit/repo-tools": "0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0",
+    "@devvit/tsconfig": "0.12.9-next-2026-01-13-19-02-46-fb8ecad92.0",
     "eslint": "9.11.1",
     "typescript": "5.8.3",
     "vite": "7.2.7",
     "vitest": "4.0.15"
   },
-  "gitHead": "b71906b170eed394c98a7ef6665c6d6deb90a6d2"
+  "gitHead": "feae516f9beffc266d45383d10850887af164d0e"
 }

package/vite/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vite/index.ts"],"names":[],"mappings":"~~AAQA~~,OAAO,EAEL,KAAK,kBAAkB,EAEvB,KAAK,MAAM,EAEZ,MAAM,MAAM,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,kCAAkC;IAClC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAE5B,kCAAkC;IAClC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAEhD;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;~~AA8DF~~;;;;;;GAMG;AACH,wBAAgB,MAAM,CAAC,IAAI,GAAE,mBAAwB,GAAG,MAAM,~~CA4J7D~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vite/index.ts"],"names":[],"mappings":"AAaA,OAAO,EAEL,KAAK,kBAAkB,EAEvB,KAAK,MAAM,EAEZ,MAAM,MAAM,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,kCAAkC;IAClC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAE5B,kCAAkC;IAClC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAEhD;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAqEF;;;;;;GAMG;AACH,wBAAgB,MAAM,CAAC,IAAI,GAAE,mBAAwB,GAAG,MAAM,CAmO7D"}

package/vite/index.js CHANGED Viewed

@@ -7,6 +7,12 @@ import { mergeConfig, } from 'vite';
 const shouldSuppressWarning = (warning) => {
     return warning.code === 'EVAL' && (warning.id ?? '').includes('node_modules/@protobufjs/inquire');
 };
+const shouldCheckClientForServerImports = (environmentName) => {
+    // When Vite's Environment API is unavailable (or the hook is invoked without environment context),
+    // treat the build as "client" for safety. This prevents accidental bundling of server code into
+    // the browser output.
+    return environmentName === undefined || environmentName === 'client';
+};
 /**
  * Reads and parses the devvit.json configuration file.
  */
@@ -61,9 +67,37 @@ function getServerEntry(projectRoot) {
  */
 export function devvit(opts = {}) {
     let isWatchMode = false;
+    let projectRoot = process.cwd();
     const buildTimes = new Map();
+    const checkViolation = (id, importer) => {
+        const restrictedPaths = ['src/server', 'src/api'].map((p) => path.resolve(projectRoot, p));
+        const normalizedId = path.normalize(id);
+        const violation = restrictedPaths.find((restrictedPath) => {
+            // Use path.relative to determine if the module is inside a restricted directory.
+            // If the relative path doesn't start with '..' and isn't absolute, it's inside.
+            // This handles cross-platform path separators and edge cases better than string matching.
+            const relative = path.relative(restrictedPath, normalizedId);
+            return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
+        });
+        if (violation) {
+            const relativeId = path.relative(projectRoot, id);
+            const relativeViolation = path.relative(projectRoot, violation);
+            const relativeImporter = importer ? path.relative(projectRoot, importer) : undefined;
+            let message = `\n${chalk.red.bold('Detected server code in the client!')}\n\n` +
+                `You are trying to import server code into the client.\n\n`;
+            if (relativeImporter) {
+                message += `  ${chalk.bold('Importer:')} ${chalk.cyan(relativeImporter)}\n`;
+            }
+            message +=
+                `  ${chalk.bold('Imported:')} ${chalk.cyan(relativeId)}\n\n` +
+                    `Server code in "${chalk.cyan(relativeViolation)}" cannot be used in the browser. If you are trying to share code between the client and server, please move the code to a separate file outside of the src/server directory and import it back into the server.`;
+            return message;
+        }
+        return null;
+    };
     return {
         name: 'devvit',
+        enforce: 'pre',
         perEnvironmentStartEndDuringDev: true,
         config(config, env) {
             // Only support build command for now
@@ -74,7 +108,7 @@ export function devvit(opts = {}) {
             }
             // Check if watch mode is enabled
             isWatchMode = !!config.build?.watch;
-            const projectRoot = config.root ?? process.cwd();
+            projectRoot = config.root ?? process.cwd();
             const devvitConfig = readDevvitConfig(projectRoot);
             if (!devvitConfig) {
                 throw new Error(`${chalk.red('✖')} ${chalk.bold('devvit plugin error')}\n\n` +
@@ -166,6 +200,35 @@ export function devvit(opts = {}) {
                 },
             };
         },
+        async resolveId(source, importer, options) {
+            const envName = this.environment?.name;
+            if (!shouldCheckClientForServerImports(envName))
+                return null;
+            const resolved = await this.resolve(source, importer, { skipSelf: true, ...options });
+            const id = resolved?.id ?? source;
+            const message = checkViolation(id, importer);
+            if (message) {
+                const error = new Error(message);
+                error.stack = '';
+                this.error(error);
+            }
+            return null;
+        },
+        load(id) {
+            const envName = this.environment?.name;
+            if (!shouldCheckClientForServerImports(envName))
+                return null;
+            // This is a safety net check.
+            // resolveId should catch the import before it reaches load, but this
+            // ensures that even if something slips through resolution or is loaded
+            // by a different mechanism, we still block server code from the client bundle.
+            const message = checkViolation(id);
+            if (message) {
+                const error = new Error(message);
+                error.stack = '';
+                this.error(error);
+            }
+        },
         buildStart() {
             if (!isWatchMode)
                 return;