@lolyjs/core 0.2.0-alpha.10 → 0.2.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/cli.cjs +39 -24
  2. package/dist/cli.cjs.map +1 -1
  3. package/dist/cli.js +39 -24
  4. package/dist/cli.js.map +1 -1
  5. package/dist/index.cjs +39 -24
  6. package/dist/index.cjs.map +1 -1
  7. package/dist/index.js +39 -24
  8. package/dist/index.js.map +1 -1
  9. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -4615,7 +4615,11 @@ var setupApplication = async ({
4615
4615
  helmetConfig.contentSecurityPolicy = {
4616
4616
  directives: {
4617
4617
  defaultSrc: ["'self'"],
4618
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4618
+ styleSrc: [
4619
+ "'self'",
4620
+ "'unsafe-inline'",
4621
+ "https://fonts.googleapis.com"
4622
+ ],
4619
4623
  scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
4620
4624
  imgSrc: ["'self'", "data:", "https:"],
4621
4625
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4632,7 +4636,11 @@ var setupApplication = async ({
4632
4636
  const defaultCSP = {
4633
4637
  directives: {
4634
4638
  defaultSrc: ["'self'"],
4635
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4639
+ styleSrc: [
4640
+ "'self'",
4641
+ "'unsafe-inline'",
4642
+ "https://fonts.googleapis.com"
4643
+ ],
4636
4644
  scriptSrc: ["'self'", nonceFunction],
4637
4645
  imgSrc: ["'self'", "data:", "https:"],
4638
4646
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4655,10 +4663,7 @@ var setupApplication = async ({
4655
4663
  (src) => typeof src === "function"
4656
4664
  );
4657
4665
  if (!hasNonceSupport) {
4658
- mergedDirectives.scriptSrc = [
4659
- ...userScriptSrc,
4660
- nonceFunction
4661
- ];
4666
+ mergedDirectives.scriptSrc = [...userScriptSrc, nonceFunction];
4662
4667
  } else {
4663
4668
  mergedDirectives.scriptSrc = userScriptSrc;
4664
4669
  }
@@ -4666,19 +4671,25 @@ var setupApplication = async ({
4666
4671
  const userConnectSrc = userDirectives.connectSrc;
4667
4672
  if (userConnectSrc && Array.isArray(userConnectSrc)) {
4668
4673
  const defaultConnectSrc = defaultCSP.directives.connectSrc || [];
4669
- const mergedConnectSrc = [.../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])];
4674
+ const mergedConnectSrc = [
4675
+ .../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])
4676
+ ];
4670
4677
  mergedDirectives.connectSrc = mergedConnectSrc;
4671
4678
  }
4672
4679
  const userStyleSrc = userDirectives.styleSrc;
4673
4680
  if (userStyleSrc && Array.isArray(userStyleSrc)) {
4674
4681
  const defaultStyleSrc = defaultCSP.directives.styleSrc || [];
4675
- const mergedStyleSrc = [.../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])];
4682
+ const mergedStyleSrc = [
4683
+ .../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])
4684
+ ];
4676
4685
  mergedDirectives.styleSrc = mergedStyleSrc;
4677
4686
  }
4678
4687
  const userFontSrc = userDirectives.fontSrc;
4679
4688
  if (userFontSrc && Array.isArray(userFontSrc)) {
4680
4689
  const defaultFontSrc = defaultCSP.directives.fontSrc || [];
4681
- const mergedFontSrc = [.../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])];
4690
+ const mergedFontSrc = [
4691
+ .../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])
4692
+ ];
4682
4693
  mergedDirectives.fontSrc = mergedFontSrc;
4683
4694
  }
4684
4695
  helmetConfig.contentSecurityPolicy = {
@@ -4698,23 +4709,27 @@ var setupApplication = async ({
4698
4709
  helmetConfig.hsts = false;
4699
4710
  }
4700
4711
  if (process.env.NODE_ENV !== "development" && security?.contentSecurityPolicy !== false) {
4701
- app.use((req, res, next) => {
4702
- const nonce = crypto.randomBytes(16).toString("base64");
4703
- res.locals.nonce = nonce;
4704
- next();
4705
- });
4712
+ app.use(
4713
+ (req, res, next) => {
4714
+ const nonce = crypto.randomBytes(16).toString("base64");
4715
+ res.locals.nonce = nonce;
4716
+ next();
4717
+ }
4718
+ );
4706
4719
  }
4707
4720
  app.use(helmet(helmetConfig));
4708
4721
  const appLogger = createModuleLogger("framework");
4709
- app.use(requestLoggerMiddleware({
4710
- logger: appLogger.child({ component: "server" }),
4711
- logRequests: process.env.LOG_REQUESTS === "true",
4712
- // Default to false (only errors/warnings)
4713
- logResponses: process.env.LOG_RESPONSES !== "false",
4714
- // Default to true (but filtered)
4715
- logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
4716
- // Default to false
4717
- }));
4722
+ app.use(
4723
+ requestLoggerMiddleware({
4724
+ logger: appLogger.child({ component: "server" }),
4725
+ logRequests: process.env.LOG_REQUESTS === "true",
4726
+ // Default to false (only errors/warnings)
4727
+ logResponses: process.env.LOG_RESPONSES !== "false",
4728
+ // Default to true (but filtered)
4729
+ logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
4730
+ // Default to false
4731
+ })
4732
+ );
4718
4733
  const corsOptions = {
4719
4734
  credentials: true
4720
4735
  };
@@ -4730,7 +4745,7 @@ var setupApplication = async ({
4730
4745
  corsOptions.origin = process.env.NODE_ENV === "development";
4731
4746
  }
4732
4747
  app.use(cors(corsOptions));
4733
- if (rateLimit2) {
4748
+ if (rateLimit2 && process.env.NODE_ENV !== "development") {
4734
4749
  const generalLimiter = createRateLimiter({
4735
4750
  windowMs: rateLimit2.windowMs,
4736
4751
  max: rateLimit2.max