npm - @flight-framework/core - Versions diffs - 0.6.2 → 0.6.4 - Mend

@flight-framework/core 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/chunk-J7WEZXWH.js +14 -0
package/dist/chunk-J7WEZXWH.js.map +1 -0
package/dist/chunk-MFUJN7RV.js +20 -0
package/dist/chunk-MFUJN7RV.js.map +1 -0
package/dist/plugins/env-plugin.d.ts +15 -33
package/dist/plugins/env-plugin.js +1 -1
package/dist/plugins/index.d.ts +87 -21
package/dist/plugins/index.js +63 -25
package/dist/plugins/index.js.map +1 -1
package/dist/plugins/server-boundary-plugin.d.ts +27 -38
package/dist/plugins/server-boundary-plugin.js +1 -1
package/package.json +235 -235
package/LICENSE +0 -21
package/dist/chunk-NU3HX5T7.js +0 -80
package/dist/chunk-NU3HX5T7.js.map +0 -1
package/dist/chunk-RFTE6JVG.js +0 -88
package/dist/chunk-RFTE6JVG.js.map +0 -1

package/dist/chunk-RFTE6JVG.js DELETED Viewed

@@ -1,88 +0,0 @@
-// src/plugins/env-plugin.ts
-function flightEnvPlugin(options = {}) {
-  const {
-    publicPrefix = "FLIGHT_PUBLIC_",
-    additionalPublicPrefixes = ["VITE_"],
-    privateVarBehavior = "warn",
-    allowList = ["NODE_ENV", "MODE"]
-  } = options;
-  const allPublicPrefixes = [publicPrefix, ...additionalPublicPrefixes];
-  return {
-    name: "flight:env",
-    enforce: "pre",
-    configResolved(resolvedConfig) {
-    },
-    config(_, { isSsrBuild }) {
-      if (isSsrBuild) return {};
-      const publicEnvVars = {};
-      for (const [key, value] of Object.entries(process.env)) {
-        if (value !== void 0 && isPublicKey(key, allPublicPrefixes, allowList)) {
-          publicEnvVars[`process.env.${key}`] = JSON.stringify(value);
-        }
-      }
-      return {
-        define: publicEnvVars
-      };
-    },
-    transform(code, id, options2) {
-      if (options2?.ssr) return null;
-      if (id.includes("node_modules")) return null;
-      if (!code.includes("process.env.")) return null;
-      const envVarPattern = /process\.env\.([A-Z_][A-Z0-9_]*)/g;
-      let hasModifications = false;
-      let modifiedCode = code;
-      let match;
-      const issues = [];
-      while ((match = envVarPattern.exec(code)) !== null) {
-        const varName = match[1];
-        if (isPublicKey(varName, allPublicPrefixes, allowList)) {
-          continue;
-        }
-        hasModifications = true;
-        if (privateVarBehavior === "error") {
-          issues.push(
-            `Private env var "${varName}" accessed in client code.
-  File: ${id}
-  Use FLIGHT_PUBLIC_${varName} if this should be public.`
-          );
-        } else if (privateVarBehavior === "warn") {
-          console.warn(
-            `[Flight] Private env var "process.env.${varName}" in ${id}
-  \u2192 Replaced with undefined for security.
-  \u2192 Use FLIGHT_PUBLIC_${varName} if this should be public.`
-          );
-        }
-        modifiedCode = modifiedCode.replace(
-          new RegExp(`process\\.env\\.${varName}`, "g"),
-          "undefined"
-        );
-      }
-      if (issues.length > 0 && privateVarBehavior === "error") {
-        throw new Error(
-          `[Flight] Environment variable security violations:
-${issues.join("\n\n")}`
-        );
-      }
-      if (hasModifications) {
-        return {
-          code: modifiedCode,
-          map: null
-          // TODO: source map
-        };
-      }
-      return null;
-    }
-  };
-}
-function isPublicKey(key, prefixes, allowList) {
-  if (allowList.includes(key)) return true;
-  for (const prefix of prefixes) {
-    if (key.startsWith(prefix)) return true;
-  }
-  return false;
-}
-export { flightEnvPlugin };
-//# sourceMappingURL=chunk-RFTE6JVG.js.map
-//# sourceMappingURL=chunk-RFTE6JVG.js.map

package/dist/chunk-RFTE6JVG.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/plugins/env-plugin.ts"],"names":["options"],"mappings":";AA0EO,SAAS,eAAA,CAAgB,OAAA,GAAkC,EAAC,EAAW;AAC1E,EAAA,MAAM;AAAA,IACF,YAAA,GAAe,gBAAA;AAAA,IACf,wBAAA,GAA2B,CAAC,OAAO,CAAA;AAAA,IACnC,kBAAA,GAAqB,MAAA;AAAA,IACrB,SAAA,GAAY,CAAC,UAAA,EAAY,MAAM;AAAA,GACnC,GAAI,OAAA;AAEJ,EAAA,MAAM,iBAAA,GAAoB,CAAC,YAAA,EAAc,GAAG,wBAAwB,CAAA;AAGpE,EAAA,OAAO;AAAA,IACH,IAAA,EAAM,YAAA;AAAA,IACN,OAAA,EAAS,KAAA;AAAA,IAET,eAAe,cAAA,EAAgB;AAClB,IACb,CAAA;AAAA,IAEA,MAAA,CAAO,CAAA,EAAG,EAAE,UAAA,EAAW,EAAG;AAEtB,MAAA,IAAI,UAAA,SAAmB,EAAC;AAGxB,MAAA,MAAM,gBAAwC,EAAC;AAE/C,MAAA,KAAA,MAAW,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA,EAAG;AACpD,QAAA,IAAI,UAAU,MAAA,IAAa,WAAA,CAAY,GAAA,EAAK,iBAAA,EAAmB,SAAS,CAAA,EAAG;AACvE,UAAA,aAAA,CAAc,eAAe,GAAG,CAAA,CAAE,CAAA,GAAI,IAAA,CAAK,UAAU,KAAK,CAAA;AAAA,QAC9D;AAAA,MACJ;AAEA,MAAA,OAAO;AAAA,QACH,MAAA,EAAQ;AAAA,OACZ;AAAA,IACJ,CAAA;AAAA,IAEA,SAAA,CAAU,IAAA,EAAM,EAAA,EAAIA,QAAAA,EAAS;AAEzB,MAAA,IAAIA,QAAAA,EAAS,KAAK,OAAO,IAAA;AAGzB,MAAA,IAAI,EAAA,CAAG,QAAA,CAAS,cAAc,CAAA,EAAG,OAAO,IAAA;AAGxC,MAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,cAAc,GAAG,OAAO,IAAA;AAG3C,MAAA,MAAM,aAAA,GAAgB,mCAAA;AACtB,MAAA,IAAI,gBAAA,GAAmB,KAAA;AACvB,MAAA,IAAI,YAAA,GAAe,IAAA;AAEnB,MAAA,IAAI,KAAA;AACJ,MAAA,MAAM,SAAmB,EAAC;AAE1B,MAAA,OAAA,CAAQ,KAAA,GAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,OAAO,IAAA,EAAM;AAChD,QAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AAGvB,QAAA,IAAI,WAAA,CAAY,OAAA,EAAS,iBAAA,EAAmB,SAAS,CAAA,EAAG;AACpD,UAAA;AAAA,QACJ;AAGA,QAAA,gBAAA,GAAmB,IAAA;AAEnB,QAAA,IAAI,uBAAuB,OAAA,EAAS;AAChC,UAAA,MAAA,CAAO,IAAA;AAAA,YACH,oBAAoB,OAAO,CAAA;AAAA,QAAA,EAChB,EAAE;AAAA,oBAAA,EACU,OAAO,CAAA,0BAAA;AAAA,WAClC;AAAA,QACJ,CAAA,MAAA,IAAW,uBAAuB,MAAA,EAAQ;AACtC,UAAA,OAAA,CAAQ,IAAA;AAAA,YACJ,CAAA,sCAAA,EAAyC,OAAO,CAAA,KAAA,EAAQ,EAAE;AAAA;AAAA,2BAAA,EAEjC,OAAO,CAAA,0BAAA;AAAA,WACpC;AAAA,QACJ;AAGA,QAAA,YAAA,GAAe,YAAA,CAAa,OAAA;AAAA,UACxB,IAAI,MAAA,CAAO,CAAA,gBAAA,EAAmB,OAAO,IAAI,GAAG,CAAA;AAAA,UAC5C;AAAA,SACJ;AAAA,MACJ;AAGA,MAAA,IAAI,MAAA,CAAO,MAAA,GAAS,CAAA,IAAK,kBAAA,KAAuB,OAAA,EAAS;AACrD,QAAA,MAAM,IAAI,KAAA;AAAA,UACN,CAAA;;AAAA,EAAyD,MAAA,CAAO,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,SAChF;AAAA,MACJ;AAEA,MAAA,IAAI,gBAAA,EAAkB;AAClB,QAAA,OAAO;AAAA,UACH,IAAA,EAAM,YAAA;AAAA,UACN,GAAA,EAAK;AAAA;AAAA,SACT;AAAA,MACJ;AAEA,MAAA,OAAO,IAAA;AAAA,IACX;AAAA,GACJ;AACJ;AAMA,SAAS,WAAA,CACL,GAAA,EACA,QAAA,EACA,SAAA,EACO;AAEP,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AAGpC,EAAA,KAAA,MAAW,UAAU,QAAA,EAAU;AAC3B,IAAA,IAAI,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG,OAAO,IAAA;AAAA,EACvC;AAEA,EAAA,OAAO,KAAA;AACX","file":"chunk-RFTE6JVG.js","sourcesContent":["/**\r\n * @flight-framework/core - Environment Variables Plugin\r\n * \r\n * Vite plugin for environment variable protection.\r\n * OPTIONAL - use if you want build-time protection.\r\n * \r\n * Features:\r\n * - FLIGHT_PUBLIC_* and VITE_* accessible on client\r\n * - Other vars replaced with undefined on client\r\n * - Configurable behavior (warn, error, silent)\r\n * \r\n * @example\r\n * ```typescript\r\n * // vite.config.ts\r\n * import { flightEnvPlugin } from '@flight-framework/core/plugins';\r\n * \r\n * export default {\r\n * plugins: [flightEnvPlugin()],\r\n * };\r\n * ```\r\n */\r\n\r\nimport type { Plugin, ResolvedConfig } from 'vite';\r\n\r\n// ============================================================================\r\n// Types\r\n// ============================================================================\r\n\r\nexport interface FlightEnvPluginOptions {\r\n /**\r\n * Prefix for public environment variables.\r\n * Variables with this prefix will be accessible on the client.\r\n * @default 'FLIGHT_PUBLIC_'\r\n */\r\n publicPrefix?: string;\r\n\r\n /**\r\n * Additional prefixes to treat as public.\r\n * @default ['VITE_']\r\n */\r\n additionalPublicPrefixes?: string[];\r\n\r\n /**\r\n * How to handle private vars accessed in client code.\r\n * - 'warn': Log warning, replace with undefined\r\n * - 'error': Throw build error\r\n * - 'silent': Replace with undefined, no warning\r\n * @default 'warn'\r\n */\r\n privateVarBehavior?: 'warn' | 'error' | 'silent';\r\n\r\n /**\r\n * Specific variables to allow (bypass prefix check).\r\n * @default ['NODE_ENV', 'MODE']\r\n */\r\n allowList?: string[];\r\n}\r\n\r\n// ============================================================================\r\n// Plugin\r\n// ============================================================================\r\n\r\n/**\r\n * Vite plugin to protect environment variables.\r\n * \r\n * This plugin is OPTIONAL. Use it if you want build-time\r\n * protection for your environment variables.\r\n * \r\n * By default, it will:\r\n * - Allow FLIGHT_PUBLIC_* and VITE_* on client\r\n * - Allow NODE_ENV and MODE\r\n * - Replace other process.env.* with undefined on client\r\n * - Show warnings in development\r\n */\r\nexport function flightEnvPlugin(options: FlightEnvPluginOptions = {}): Plugin {\r\n const {\r\n publicPrefix = 'FLIGHT_PUBLIC_',\r\n additionalPublicPrefixes = ['VITE_'],\r\n privateVarBehavior = 'warn',\r\n allowList = ['NODE_ENV', 'MODE'],\r\n } = options;\r\n\r\n const allPublicPrefixes = [publicPrefix, ...additionalPublicPrefixes];\r\n let config: ResolvedConfig;\r\n\r\n return {\r\n name: 'flight:env',\r\n enforce: 'pre',\r\n\r\n configResolved(resolvedConfig) {\r\n config = resolvedConfig;\r\n },\r\n\r\n config(_, { isSsrBuild }) {\r\n // For SSR builds, don't modify anything\r\n if (isSsrBuild) return {};\r\n\r\n // Collect public environment variables\r\n const publicEnvVars: Record<string, string> = {};\r\n\r\n for (const [key, value] of Object.entries(process.env)) {\r\n if (value !== undefined && isPublicKey(key, allPublicPrefixes, allowList)) {\r\n publicEnvVars[`process.env.${key}`] = JSON.stringify(value);\r\n }\r\n }\r\n\r\n return {\r\n define: publicEnvVars,\r\n };\r\n },\r\n\r\n transform(code, id, options) {\r\n // Skip SSR builds - server can access everything\r\n if (options?.ssr) return null;\r\n\r\n // Skip node_modules\r\n if (id.includes('node_modules')) return null;\r\n\r\n // Skip if no process.env references\r\n if (!code.includes('process.env.')) return null;\r\n\r\n // Find all process.env.VARIABLE_NAME patterns\r\n const envVarPattern = /process\\.env\\.([A-Z_][A-Z0-9_]*)/g;\r\n let hasModifications = false;\r\n let modifiedCode = code;\r\n\r\n let match;\r\n const issues: string[] = [];\r\n\r\n while ((match = envVarPattern.exec(code)) !== null) {\r\n const varName = match[1];\r\n\r\n // Skip public vars\r\n if (isPublicKey(varName, allPublicPrefixes, allowList)) {\r\n continue;\r\n }\r\n\r\n // Private var accessed in client code\r\n hasModifications = true;\r\n\r\n if (privateVarBehavior === 'error') {\r\n issues.push(\r\n `Private env var \"${varName}\" accessed in client code.\\n` +\r\n ` File: ${id}\\n` +\r\n ` Use FLIGHT_PUBLIC_${varName} if this should be public.`\r\n );\r\n } else if (privateVarBehavior === 'warn') {\r\n console.warn(\r\n `[Flight] Private env var \"process.env.${varName}\" in ${id}\\n` +\r\n ` → Replaced with undefined for security.\\n` +\r\n ` → Use FLIGHT_PUBLIC_${varName} if this should be public.`\r\n );\r\n }\r\n\r\n // Replace with undefined\r\n modifiedCode = modifiedCode.replace(\r\n new RegExp(`process\\\\.env\\\\.${varName}`, 'g'),\r\n 'undefined'\r\n );\r\n }\r\n\r\n // Throw if using error mode\r\n if (issues.length > 0 && privateVarBehavior === 'error') {\r\n throw new Error(\r\n `[Flight] Environment variable security violations:\\n\\n${issues.join('\\n\\n')}`\r\n );\r\n }\r\n\r\n if (hasModifications) {\r\n return {\r\n code: modifiedCode,\r\n map: null, // TODO: source map\r\n };\r\n }\r\n\r\n return null;\r\n },\r\n };\r\n}\r\n\r\n// ============================================================================\r\n// Helpers\r\n// ============================================================================\r\n\r\nfunction isPublicKey(\r\n key: string,\r\n prefixes: string[],\r\n allowList: string[]\r\n): boolean {\r\n // Check allow list\r\n if (allowList.includes(key)) return true;\r\n\r\n // Check prefixes\r\n for (const prefix of prefixes) {\r\n if (key.startsWith(prefix)) return true;\r\n }\r\n\r\n return false;\r\n}\r\n"]}