@lolyjs/core 0.2.0-alpha.10 → 0.2.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +3 -10
  2. package/dist/cli.cjs +39 -24
  3. package/dist/cli.cjs.map +1 -1
  4. package/dist/cli.js +39 -24
  5. package/dist/cli.js.map +1 -1
  6. package/dist/index.cjs +39 -24
  7. package/dist/index.cjs.map +1 -1
  8. package/dist/index.js +39 -24
  9. package/dist/index.js.map +1 -1
  10. package/dist/react/hooks.cjs.map +1 -1
  11. package/dist/react/hooks.js.map +1 -1
  12. package/dist/runtime.cjs.map +1 -1
  13. package/dist/runtime.js.map +1 -1
  14. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -4657,7 +4657,11 @@ var setupApplication = async ({
4657
4657
  helmetConfig.contentSecurityPolicy = {
4658
4658
  directives: {
4659
4659
  defaultSrc: ["'self'"],
4660
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4660
+ styleSrc: [
4661
+ "'self'",
4662
+ "'unsafe-inline'",
4663
+ "https://fonts.googleapis.com"
4664
+ ],
4661
4665
  scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
4662
4666
  imgSrc: ["'self'", "data:", "https:"],
4663
4667
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4674,7 +4678,11 @@ var setupApplication = async ({
4674
4678
  const defaultCSP = {
4675
4679
  directives: {
4676
4680
  defaultSrc: ["'self'"],
4677
- styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
4681
+ styleSrc: [
4682
+ "'self'",
4683
+ "'unsafe-inline'",
4684
+ "https://fonts.googleapis.com"
4685
+ ],
4678
4686
  scriptSrc: ["'self'", nonceFunction],
4679
4687
  imgSrc: ["'self'", "data:", "https:"],
4680
4688
  // Allow fetch/XHR to any HTTPS endpoint - users can restrict in their config if needed
@@ -4697,10 +4705,7 @@ var setupApplication = async ({
4697
4705
  (src) => typeof src === "function"
4698
4706
  );
4699
4707
  if (!hasNonceSupport) {
4700
- mergedDirectives.scriptSrc = [
4701
- ...userScriptSrc,
4702
- nonceFunction
4703
- ];
4708
+ mergedDirectives.scriptSrc = [...userScriptSrc, nonceFunction];
4704
4709
  } else {
4705
4710
  mergedDirectives.scriptSrc = userScriptSrc;
4706
4711
  }
@@ -4708,19 +4713,25 @@ var setupApplication = async ({
4708
4713
  const userConnectSrc = userDirectives.connectSrc;
4709
4714
  if (userConnectSrc && Array.isArray(userConnectSrc)) {
4710
4715
  const defaultConnectSrc = defaultCSP.directives.connectSrc || [];
4711
- const mergedConnectSrc = [.../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])];
4716
+ const mergedConnectSrc = [
4717
+ .../* @__PURE__ */ new Set([...defaultConnectSrc, ...userConnectSrc])
4718
+ ];
4712
4719
  mergedDirectives.connectSrc = mergedConnectSrc;
4713
4720
  }
4714
4721
  const userStyleSrc = userDirectives.styleSrc;
4715
4722
  if (userStyleSrc && Array.isArray(userStyleSrc)) {
4716
4723
  const defaultStyleSrc = defaultCSP.directives.styleSrc || [];
4717
- const mergedStyleSrc = [.../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])];
4724
+ const mergedStyleSrc = [
4725
+ .../* @__PURE__ */ new Set([...defaultStyleSrc, ...userStyleSrc])
4726
+ ];
4718
4727
  mergedDirectives.styleSrc = mergedStyleSrc;
4719
4728
  }
4720
4729
  const userFontSrc = userDirectives.fontSrc;
4721
4730
  if (userFontSrc && Array.isArray(userFontSrc)) {
4722
4731
  const defaultFontSrc = defaultCSP.directives.fontSrc || [];
4723
- const mergedFontSrc = [.../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])];
4732
+ const mergedFontSrc = [
4733
+ .../* @__PURE__ */ new Set([...defaultFontSrc, ...userFontSrc])
4734
+ ];
4724
4735
  mergedDirectives.fontSrc = mergedFontSrc;
4725
4736
  }
4726
4737
  helmetConfig.contentSecurityPolicy = {
@@ -4740,23 +4751,27 @@ var setupApplication = async ({
4740
4751
  helmetConfig.hsts = false;
4741
4752
  }
4742
4753
  if (process.env.NODE_ENV !== "development" && security?.contentSecurityPolicy !== false) {
4743
- app.use((req, res, next) => {
4744
- const nonce = import_crypto.default.randomBytes(16).toString("base64");
4745
- res.locals.nonce = nonce;
4746
- next();
4747
- });
4754
+ app.use(
4755
+ (req, res, next) => {
4756
+ const nonce = import_crypto.default.randomBytes(16).toString("base64");
4757
+ res.locals.nonce = nonce;
4758
+ next();
4759
+ }
4760
+ );
4748
4761
  }
4749
4762
  app.use((0, import_helmet.default)(helmetConfig));
4750
4763
  const appLogger = createModuleLogger("framework");
4751
- app.use(requestLoggerMiddleware({
4752
- logger: appLogger.child({ component: "server" }),
4753
- logRequests: process.env.LOG_REQUESTS === "true",
4754
- // Default to false (only errors/warnings)
4755
- logResponses: process.env.LOG_RESPONSES !== "false",
4756
- // Default to true (but filtered)
4757
- logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
4758
- // Default to false
4759
- }));
4764
+ app.use(
4765
+ requestLoggerMiddleware({
4766
+ logger: appLogger.child({ component: "server" }),
4767
+ logRequests: process.env.LOG_REQUESTS === "true",
4768
+ // Default to false (only errors/warnings)
4769
+ logResponses: process.env.LOG_RESPONSES !== "false",
4770
+ // Default to true (but filtered)
4771
+ logStaticAssets: process.env.LOG_STATIC_ASSETS === "true"
4772
+ // Default to false
4773
+ })
4774
+ );
4760
4775
  const corsOptions = {
4761
4776
  credentials: true
4762
4777
  };
@@ -4772,7 +4787,7 @@ var setupApplication = async ({
4772
4787
  corsOptions.origin = process.env.NODE_ENV === "development";
4773
4788
  }
4774
4789
  app.use((0, import_cors.default)(corsOptions));
4775
- if (rateLimit2) {
4790
+ if (rateLimit2 && process.env.NODE_ENV !== "development") {
4776
4791
  const generalLimiter = createRateLimiter({
4777
4792
  windowMs: rateLimit2.windowMs,
4778
4793
  max: rateLimit2.max