@lolyjs/core 0.2.0-alpha.10 → 0.2.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +3 -10
  2. package/dist/cli.cjs +39 -24
  3. package/dist/cli.cjs.map +1 -1
  4. package/dist/cli.js +39 -24
  5. package/dist/cli.js.map +1 -1
  6. package/dist/index.cjs +39 -24
  7. package/dist/index.cjs.map +1 -1
  8. package/dist/index.js +39 -24
  9. package/dist/index.js.map +1 -1
  10. package/dist/react/hooks.cjs.map +1 -1
  11. package/dist/react/hooks.js.map +1 -1
  12. package/dist/runtime.cjs.map +1 -1
  13. package/dist/runtime.js.map +1 -1
  14. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -4895,7 +4895,11 @@ var setupApplication = async ({
4895
4895
  helmetConfig.contentSecurityPolicy = {
4896
4896
  directives: {
4897
4897
  defaultSrc: ["'self'"],
4898
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4898
+ styleSrc: [
4899
+ "'self'",
4900
+ "'unsafe-inline'",
4901
+ "https://fonts.googleapis.com"
4902
+ ],
4899
4903
  scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
4900
4904
  imgSrc: ["'self'", "data:", "https:"],
4901
4905
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4912,7 +4916,11 @@ var setupApplication = async ({
4912
4916
  const defaultCSP = {
4913
4917
  directives: {
4914
4918
  defaultSrc: ["'self'"],
4915
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4919
+ styleSrc: [
4920
+ "'self'",
4921
+ "'unsafe-inline'",
4922
+ "https://fonts.googleapis.com"
4923
+ ],
4916
4924
  scriptSrc: ["'self'", nonceFunction],
4917
4925
  imgSrc: ["'self'", "data:", "https:"],
4918
4926
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4935,10 +4943,7 @@ var setupApplication = async ({
4935
4943
  (src) => typeof src === "function"
4936
4944
  );
4937
4945
  if (!hasNonceSupport) {
4938
- mergedDirectives.scriptSrc = [
4939
- ...userScriptSrc,
4940
- nonceFunction
4941
- ];
4946
+ mergedDirectives.scriptSrc = [...userScriptSrc, nonceFunction];
4942
4947
  } else {
4943
4948
  mergedDirectives.scriptSrc = userScriptSrc;
4944
4949
  }
@@ -4946,19 +4951,25 @@ var setupApplication = async ({
4946
4951
  const userConnectSrc = userDirectives.connectSrc;
4947
4952
  if (userConnectSrc && Array.isArray(userConnectSrc)) {
4948
4953
  const defaultConnectSrc = defaultCSP.directives.connectSrc || [];
4949
- const mergedConnectSrc = [.../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])];
4954
+ const mergedConnectSrc = [
4955
+ .../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])
4956
+ ];
4950
4957
  mergedDirectives.connectSrc = mergedConnectSrc;
4951
4958
  }
4952
4959
  const userStyleSrc = userDirectives.styleSrc;
4953
4960
  if (userStyleSrc && Array.isArray(userStyleSrc)) {
4954
4961
  const defaultStyleSrc = defaultCSP.directives.styleSrc || [];
4955
- const mergedStyleSrc = [.../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])];
4962
+ const mergedStyleSrc = [
4963
+ .../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])
4964
+ ];
4956
4965
  mergedDirectives.styleSrc = mergedStyleSrc;
4957
4966
  }
4958
4967
  const userFontSrc = userDirectives.fontSrc;
4959
4968
  if (userFontSrc && Array.isArray(userFontSrc)) {
4960
4969
  const defaultFontSrc = defaultCSP.directives.fontSrc || [];
4961
- const mergedFontSrc = [.../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])];
4970
+ const mergedFontSrc = [
4971
+ .../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])
4972
+ ];
4962
4973
  mergedDirectives.fontSrc = mergedFontSrc;
4963
4974
  }
4964
4975
  helmetConfig.contentSecurityPolicy = {
@@ -4978,23 +4989,27 @@ var setupApplication = async ({
4978
4989
  helmetConfig.hsts = false;
4979
4990
  }
4980
4991
  if (process.env.NODE_ENV !== "development" && security?.contentSecurityPolicy !== false) {
4981
- app.use((req, res, next) => {
4982
- const nonce = crypto.randomBytes(16).toString("base64");
4983
- res.locals.nonce = nonce;
4984
- next();
4985
- });
4992
+ app.use(
4993
+ (req, res, next) => {
4994
+ const nonce = crypto.randomBytes(16).toString("base64");
4995
+ res.locals.nonce = nonce;
4996
+ next();
4997
+ }
4998
+ );
4986
4999
  }
4987
5000
  app.use(helmet(helmetConfig));
4988
5001
  const appLogger = createModuleLogger("framework");
4989
- app.use(requestLoggerMiddleware({
4990
- logger: appLogger.child({ component: "server" }),
4991
- logRequests: process.env.LOG_REQUESTS === "true",
4992
- // Default to false (only errors/warnings)
4993
- logResponses: process.env.LOG_RESPONSES !== "false",
4994
- // Default to true (but filtered)
4995
- logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
4996
- // Default to false
4997
- }));
5002
+ app.use(
5003
+ requestLoggerMiddleware({
5004
+ logger: appLogger.child({ component: "server" }),
5005
+ logRequests: process.env.LOG_REQUESTS === "true",
5006
+ // Default to false (only errors/warnings)
5007
+ logResponses: process.env.LOG_RESPONSES !== "false",
5008
+ // Default to true (but filtered)
5009
+ logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
5010
+ // Default to false
5011
+ })
5012
+ );
4998
5013
  const corsOptions = {
4999
5014
  credentials: true
5000
5015
  };
@@ -5010,7 +5025,7 @@ var setupApplication = async ({
5010
5025
  corsOptions.origin = process.env.NODE_ENV === "development";
5011
5026
  }
5012
5027
  app.use(cors(corsOptions));
5013
- if (rateLimit2) {
5028
+ if (rateLimit2 && process.env.NODE_ENV !== "development") {
5014
5029
  const generalLimiter = createRateLimiter({
5015
5030
  windowMs: rateLimit2.windowMs,
5016
5031
  max: rateLimit2.max