@networkpro/web 1.25.3 → 1.25.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/.env.template +1 -1
  2. package/CHANGELOG.md +39 -1
  3. package/package.json +2 -2
  4. package/src/hooks.server.js +14 -11
  5. package/src/lib/stores/posthog.js +12 -4
  6. package/src/lib/utils/env.js +21 -6
  7. package/vite.config.js +2 -1
package/.env.template CHANGED
@@ -5,7 +5,7 @@
5
5
  # Rename to `.env` (or `.env.local`) and customize as needed
6
6
 
7
7
  # Custom environment mode for scripts and tooling
8
- # One of: dev, test, ci, preview, prod
8
+ # One of: dev, test, ci, preview, production
9
9
  ENV_MODE=dev
10
10
 
11
11
  # Optional: API keys or tokens for local dev (never commit real values)
package/CHANGELOG.md CHANGED
@@ -22,6 +22,43 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
22
22
 
23
23
  ---
24
24
 
25
+ ## [1.25.4] - 2025-11-03
26
+
27
+ ### Added
28
+
29
+ - `detectEnvironment()` now returns:
30
+ - `isDebug` boolean (true if `isDev` or `isTest`)
31
+ - `isLocalhost` (optional, in browser contexts)
32
+ - Support for `PUBLIC_POSTHOG_PROJECT_KEY` using `import.meta.env`
33
+ - Dynamic PostHog initialization (`initPostHog`) now uses env-based key injection
34
+ - vite.config.js:
35
+ - `envPrefix: ['PUBLIC_']` added to expose public vars to client
36
+ - Console banner for `ENV_MODE`, `PUBLIC_ENV_MODE`, and audit-mode warning
37
+ - CSP debug logs gated behind `isDebug` and server-only context
38
+ - `.env.production` support via `--mode=production` guidance
39
+ - Conditional `minify` flag for `lightningcssPlugin` based on `mode` (`production` or `audit`)
40
+
41
+ ### Changed
42
+
43
+ - Environment detection (`env.js`) now respects hostname overrides and normalizes fallback logic for SSR/client consistency
44
+ - Logs in `hooks.server.js` and PostHog analytics client are now gated by `isDebug` to avoid unnecessary noise in production
45
+ - Better logging structure for PostHog initialization, including full `import.meta.env` dump in debug mode
46
+ - Bumped project version to `v1.25.4`
47
+
48
+ ### Fixed
49
+
50
+ - Broken or undefined env var behavior due to missing `envPrefix` in `vite.config.js`
51
+ - Client-only `import.meta.env.PUBLIC_*` variables incorrectly resolving as `undefined` in production builds
52
+ - CSP not reflecting audit context due to host-based detection mismatch
53
+
54
+ ### Developer Notes
55
+
56
+ - `.env.production` is **now required** for full environment variable injection during `npm run build --mode=production` or Vercel deployments.
57
+ - Without it, `PUBLIC_` variables (e.g. `PUBLIC_POSTHOG_PROJECT_KEY`) may resolve as undefined in the client bundle.
58
+ - Local builds can still fall back to `.env` or `.env.development` by default.
59
+
60
+ ---
61
+
25
62
  ## [1.25.3] - 2025-11-03
26
63
 
27
64
  ### Changed
@@ -1649,7 +1686,8 @@ This enables analytics filtering and CSP hardening for the audit environment.
1649
1686
 
1650
1687
  <!-- Link references -->
1651
1688
 
1652
- [Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.3...HEAD
1689
+ [Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.4...HEAD
1690
+ [1.25.4]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.4
1653
1691
  [1.25.3]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.3
1654
1692
  [1.25.2]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.2
1655
1693
  [1.25.1]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.1
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@networkpro/web",
3
3
  "private": false,
4
- "version": "1.25.3",
4
+ "version": "1.25.4",
5
5
  "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
6
6
  "keywords": [
7
7
  "advisory",
@@ -38,7 +38,7 @@
38
38
  "dev:audit": "vite --mode audit",
39
39
  "start": "npm run dev",
40
40
  "dev:vercel": "vercel dev",
41
- "build": "vite build",
41
+ "build": "vite build --mode production",
42
42
  "build:audit": "vite build --mode audit",
43
43
  "build:vercel": "vercel build",
44
44
  "preview": "vite preview",
package/src/hooks.server.js CHANGED
@@ -16,16 +16,19 @@ export async function handle({ event, resolve }) {
16
16
  const response = await resolve(event);
17
17
 
18
18
  const env = detectEnvironment(event.url.hostname);
19
- const { isAudit, isTest, isProd, mode, effective } = env;
20
-
21
- console.log('[CSP Debug ENV]', {
22
- mode,
23
- effective,
24
- hostname: event.url.hostname,
25
- isAudit,
26
- isTest,
27
- isProd,
28
- });
19
+ const { isAudit, isDebug, isTest, isProd, mode, effective } = env;
20
+
21
+ // Show logs in dev only
22
+ if (isDebug) {
23
+ console.log('[CSP Debug ENV]', {
24
+ mode,
25
+ effective,
26
+ hostname: event.url.hostname,
27
+ isAudit,
28
+ isTest,
29
+ isProd,
30
+ });
31
+ }
29
32
 
30
33
  // Determine report URI
31
34
  const reportUri =
@@ -49,7 +52,7 @@ export async function handle({ event, resolve }) {
49
52
  ];
50
53
 
51
54
  // 🧪 Looser CSP for local/CI test environments
52
- if (isTest) {
55
+ if (isDebug) {
53
56
  cspDirectives[1] =
54
57
  "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* ws://localhost:*;";
55
58
  cspDirectives[2] = "style-src 'self' 'unsafe-inline' http://localhost:*;";
package/src/lib/stores/posthog.js CHANGED
@@ -45,13 +45,13 @@ let ph = null;
45
45
  export async function initPostHog() {
46
46
  if (initialized || typeof window === 'undefined') return;
47
47
 
48
- const { isAudit, isDev, isTest, mode, effective } = detectEnvironment();
48
+ const { isAudit, isDebug, isDev, isTest, mode, effective } =
49
+ detectEnvironment();
49
50
 
50
51
  // 🌐 Hybrid hostname + environment guard
51
52
  const host = window.location.hostname;
52
53
  const isAuditHost = /(^|\.)audit\.netwk\.pro$/i.test(host);
53
54
  const effectiveAudit = isAudit || isAuditHost;
54
- const isDebug = isDev || isTest;
55
55
 
56
56
  // 🧭 Log environment context before any conditional logic
57
57
  if (isDebug) {
@@ -95,9 +95,17 @@ export async function initPostHog() {
95
95
  const posthogModule = await import('posthog-js');
96
96
  ph = posthogModule.default;
97
97
 
98
+ // ✅ Load public key from env
99
+ const key = import.meta.env.PUBLIC_POSTHOG_PROJECT_KEY;
100
+ //console.log('✅ Key in runtime:', key);
101
+
102
+ if (!key) {
103
+ console.warn('[PostHog] ⚠️ PUBLIC_POSTHOG_PROJECT_KEY is not set.');
104
+ return;
105
+ }
106
+
98
107
  // ✅ Initialize PostHog
99
- // cspell:disable-next-line
100
- ph.init('phc_Qshfo6AXzh4pS7aPigfqyeo4qj1qlyh7gDuHDeVMSR0', {
108
+ ph.init(key, {
101
109
  api_host: '/relay-MSR0/',
102
110
  ui_host: 'https://us.posthog.com',
103
111
  autocapture: true,
package/src/lib/utils/env.js CHANGED
@@ -33,6 +33,8 @@ This file is part of Network Pro.
33
33
  * @property {boolean} isAudit
34
34
  * @property {boolean} isCI
35
35
  * @property {boolean} isTest
36
+ * @property {boolean} isDebug - True in dev or test mode (but not prod/audit)
37
+ * @property {boolean} isLocalhost - True if running on localhost (client context only)
36
38
  */
37
39
 
38
40
  /**
@@ -51,7 +53,7 @@ export const BUILD_ENV_MODE =
51
53
  * @returns {EnvironmentInfo}
52
54
  */
53
55
  export function detectEnvironment(hostOverride) {
54
- const mode = BUILD_ENV_MODE;
56
+ const mode = (BUILD_ENV_MODE || '').toLowerCase();
55
57
 
56
58
  // Determine host based on execution context
57
59
  const host =
@@ -59,22 +61,35 @@ export function detectEnvironment(hostOverride) {
59
61
  (typeof window !== 'undefined' ? window.location.hostname : '');
60
62
 
61
63
  const hostIsAudit = /(^|\.)audit\.netwk\.pro$/i.test(host);
64
+ const isLocalhost = /^localhost$|^127\.0\.0\.1$/.test(host);
62
65
 
63
66
  const isDev = ['development', 'dev'].includes(mode);
64
67
  const isProd = ['production', 'prod'].includes(mode);
65
68
  const isAudit = mode === 'audit' || hostIsAudit;
66
69
  const isCI = mode === 'ci';
67
70
  const isTest = mode === 'test';
71
+ const isDebug = isDev || isTest;
68
72
 
69
73
  const effective = hostIsAudit && !isAudit ? 'audit(host)' : mode;
70
74
 
71
- if (typeof window === 'undefined') {
72
- console.log('[detectEnvironment] Server-side build mode:', mode);
73
- console.log('[detectEnvironment] Hostname:', host || '(none)');
75
+ if (typeof window === 'undefined' && isDebug) {
76
+ console.log('🧭 [env] Server-side build mode:', mode);
77
+ console.log('🧭 [env] Hostname:', host || '(none)');
78
+ console.log('🧭 [env] Raw env:', import.meta.env);
74
79
  if (hostIsAudit && mode !== 'audit') {
75
- console.log('[detectEnvironment] Host suggests audit, overriding mode.');
80
+ console.log('[env] Host suggests audit, overriding mode.');
76
81
  }
77
82
  }
78
83
 
79
- return { mode, effective, isDev, isProd, isAudit, isCI, isTest };
84
+ return {
85
+ mode,
86
+ effective,
87
+ isDev,
88
+ isProd,
89
+ isAudit,
90
+ isCI,
91
+ isTest,
92
+ isDebug,
93
+ isLocalhost,
94
+ };
80
95
  }
package/vite.config.js CHANGED
@@ -48,6 +48,7 @@ export default defineConfig(({ mode }) => {
48
48
  // -----------------------------------------------------------------------
49
49
 
50
50
  return {
51
+ envPrefix: ['PUBLIC_'],
51
52
  plugins: [
52
53
  tsconfigPaths(),
53
54
  devtoolsJson({
@@ -57,7 +58,7 @@ export default defineConfig(({ mode }) => {
57
58
  }),
58
59
  sveltekit(),
59
60
  lightningcssPlugin({
60
- minify: process.env.NODE_ENV === 'production',
61
+ minify: ['production', 'audit'].includes(mode),
61
62
  pruneUnusedFontFaceRules: true,
62
63
  pruneUnusedKeyframes: true,
63
64
  removeUnusedFontFaces: true,