@nuxt/scripts 0.13.2 → 1.0.0-beta.12

package/dist/runtime/server/utils/privacy.js

@@ -0,0 +1,324 @@
+const FULL_PRIVACY = { ip: true, userAgent: true, language: true, screen: true, timezone: true, hardware: true };
+const NO_PRIVACY = { ip: false, userAgent: false, language: false, screen: false, timezone: false, hardware: false };
+export function resolvePrivacy(input) {
+  if (input === true)
+    return { ...FULL_PRIVACY };
+  if (input === false || input === void 0 || input === null)
+    return { ...NO_PRIVACY };
+  return {
+    ip: input.ip ?? false,
+    userAgent: input.userAgent ?? false,
+    language: input.language ?? false,
+    screen: input.screen ?? false,
+    timezone: input.timezone ?? false,
+    hardware: input.hardware ?? false
+  };
+}
+export function mergePrivacy(base, override) {
+  if (override === void 0 || override === null)
+    return base;
+  if (typeof override === "boolean")
+    return resolvePrivacy(override);
+  return {
+    ip: override.ip !== void 0 ? override.ip : base.ip,
+    userAgent: override.userAgent !== void 0 ? override.userAgent : base.userAgent,
+    language: override.language !== void 0 ? override.language : base.language,
+    screen: override.screen !== void 0 ? override.screen : base.screen,
+    timezone: override.timezone !== void 0 ? override.timezone : base.timezone,
+    hardware: override.hardware !== void 0 ? override.hardware : base.hardware
+  };
+}
+export const IP_HEADERS = [
+  "x-forwarded-for",
+  "x-real-ip",
+  "forwarded",
+  "cf-connecting-ip",
+  "true-client-ip",
+  "x-client-ip",
+  "x-cluster-client-ip"
+];
+export const FINGERPRINT_HEADERS = [
+  "user-agent",
+  "accept-language",
+  "accept-encoding",
+  "sec-ch-ua",
+  "sec-ch-ua-platform",
+  "sec-ch-ua-mobile",
+  "sec-ch-ua-full-version-list"
+];
+export const SENSITIVE_HEADERS = [
+  "cookie",
+  "authorization",
+  "proxy-authorization",
+  "x-csrf-token",
+  "www-authenticate"
+];
+export const STRIP_PARAMS = {
+  // IP addresses — anonymized to subnet
+  ip: ["uip", "ip", "client_ip_address", "ip_address", "user_ip", "ipaddress", "context.ip"],
+  // User identifiers — intentionally preserved for analytics functionality
+  userId: ["uid", "user_id", "userid", "external_id", "cid", "_gid", "fbp", "fbc", "sid", "session_id", "sessionid", "pl_id", "p_user_id", "uuid", "anonymousid", "twclid", "u_c1", "u_sclid", "u_scsid"],
+  // User data (PII) — intentionally preserved; hashed by analytics SDKs before sending
+  userData: ["ud", "user_data", "userdata", "email", "phone", "traits.email", "traits.phone"],
+  // Screen/Hardware — generalized to common buckets
+  screen: ["sr", "vp", "sd", "screen", "viewport", "colordepth", "pixelratio", "sh", "sw"],
+  // Hardware capabilities — generalized to common buckets
+  hardware: ["hardwareconcurrency", "devicememory", "cpu", "mem"],
+  // Platform identifiers — low entropy, kept as-is (e.g. "Linux", "x86")
+  platform: ["plat", "platform", "d_a", "d_ot"],
+  // Version strings — generalized to major version only (d_os = Snapchat OS version, uapv = GA platform version)
+  version: ["d_os", "uapv"],
+  // Browser version lists — generalized to major versions (d_bvs = Snapchat, uafvl = GA Client Hints)
+  browserVersion: ["d_bvs", "uafvl"],
+  // Browser data lists — replaced with empty value
+  browserData: ["plugins", "fonts"],
+  // Location/Timezone — generalized
+  location: ["tz", "timezone", "timezoneoffset"],
+  // Canvas/WebGL/Audio fingerprints — replaced with empty value (pure fingerprints, no analytics value)
+  canvas: ["canvas", "webgl", "audiofingerprint"],
+  // Combined device fingerprinting (X/Twitter dv param contains: timezone, locale, vendor, platform, screen, etc.)
+  deviceInfo: ["dv", "device_info", "deviceinfo"]
+};
+export const NORMALIZE_PARAMS = {
+  language: ["ul", "lang", "language", "languages"],
+  userAgent: ["ua", "useragent", "user_agent", "client_user_agent", "context.useragent"]
+};
+export function anonymizeIP(ip) {
+  if (ip.includes(":")) {
+    return `${ip.split(":").slice(0, 3).join(":")}::`;
+  }
+  const parts = ip.split(".");
+  if (parts.length === 4) {
+    parts[3] = "0";
+    return parts.join(".");
+  }
+  return ip;
+}
+export function normalizeUserAgent(ua) {
+  const tokens = [
+    ["Edg/", "Edge"],
+    ["OPR/", "Opera"],
+    ["Opera/", "Opera"],
+    ["Firefox/", "Firefox"],
+    ["Chrome/", "Chrome"],
+    ["Safari/", "Safari"]
+  ];
+  for (const [pattern, family] of tokens) {
+    const idx = ua.indexOf(pattern);
+    if (idx !== -1) {
+      const versionStart = idx + pattern.length;
+      const majorVersion = ua.slice(versionStart).match(/^(\d+)/)?.[1];
+      if (majorVersion)
+        return `Mozilla/5.0 (compatible; ${family}/${majorVersion}.0)`;
+    }
+  }
+  return "Mozilla/5.0 (compatible)";
+}
+export function normalizeLanguage(lang) {
+  return lang.split(",")[0]?.split(";")[0]?.trim() || "en";
+}
+const SCREEN_BUCKETS = {
+  desktop: { w: 1920, h: 1080 },
+  tablet: { w: 768, h: 1024 },
+  mobile: { w: 360, h: 640 }
+};
+function getDeviceClass(width) {
+  if (width >= 1200)
+    return "desktop";
+  if (width >= 700)
+    return "tablet";
+  return "mobile";
+}
+export function generalizeScreen(value, dimension) {
+  if (typeof value === "string" && value.includes("x")) {
+    const width = Number.parseInt(value.split("x")[0] || "0");
+    const cls = getDeviceClass(width);
+    return `${SCREEN_BUCKETS[cls].w}x${SCREEN_BUCKETS[cls].h}`;
+  }
+  const num = typeof value === "number" ? value : Number(value);
+  if (!Number.isNaN(num)) {
+    const cls = getDeviceClass(num);
+    const bucketed = dimension === "height" ? SCREEN_BUCKETS[cls].h : SCREEN_BUCKETS[cls].w;
+    return typeof value === "number" ? bucketed : String(bucketed);
+  }
+  return "1920x1080";
+}
+export function generalizeHardware(value) {
+  const num = typeof value === "number" ? value : Number(value);
+  if (Number.isNaN(num))
+    return 4;
+  if (num >= 16)
+    return 16;
+  if (num >= 8)
+    return 8;
+  if (num >= 4)
+    return 4;
+  return 2;
+}
+export function generalizeVersion(value) {
+  if (typeof value !== "string")
+    return String(value);
+  const match = value.match(/^(\d+)(([.\-_])\d+)*/);
+  if (!match)
+    return String(value);
+  const major = match[1];
+  const sep = match[3] || ".";
+  const segmentCount = value.split(/[.\-_]/).length;
+  return major + `${sep}0`.repeat(segmentCount - 1);
+}
+export function generalizeBrowserVersions(value) {
+  if (typeof value !== "string")
+    return String(value);
+  const zeroSegments = (ver) => {
+    const parts = ver.split(".");
+    return parts[0] + parts.slice(1).map(() => ".0").join("");
+  };
+  if (value.includes('"version"'))
+    return value.replace(/("version"\s*:\s*")(\d+(?:\.\d+)*)/g, (_, prefix, ver) => prefix + zeroSegments(ver));
+  if (value.includes(";"))
+    return value.replace(/;(\d+(?:\.\d+)*)/g, (_, ver) => `;${zeroSegments(ver)}`);
+  return value;
+}
+export function generalizeTimezone(value) {
+  if (typeof value === "number") {
+    return Math.round(value / 180) * 180;
+  }
+  if (typeof value === "string") {
+    return "UTC";
+  }
+  return 0;
+}
+export function anonymizeDeviceInfo(value) {
+  const sep = value.includes("|") ? "|" : "&";
+  const parts = value.split(sep);
+  if (parts.length < 4)
+    return value;
+  const result = [...parts];
+  for (let i = 0; i < parts.length; i++) {
+    const part = parts[i];
+    if (part.includes("/") && /^[A-Z]/.test(part)) {
+      result[i] = String(generalizeTimezone(part));
+      continue;
+    }
+    if (/^[a-z]{2}(?:-[a-z]{2,})?$/i.test(part)) {
+      result[i] = normalizeLanguage(part);
+      continue;
+    }
+    const num = Number(part);
+    if (!Number.isNaN(num) && num >= 300 && num <= 1e4) {
+      const nextNum = Number(parts[i + 1]);
+      if (!Number.isNaN(nextNum) && nextNum >= 300 && nextNum <= 1e4) {
+        const cls = getDeviceClass(num);
+        result[i] = String(SCREEN_BUCKETS[cls].w);
+        result[i + 1] = String(SCREEN_BUCKETS[cls].h);
+        i++;
+        continue;
+      }
+      result[i] = String(generalizeScreen(num));
+      continue;
+    }
+    if (!Number.isNaN(num) && num < -60) {
+      result[i] = String(generalizeTimezone(num));
+    }
+  }
+  return result.join(sep);
+}
+export function stripPayloadFingerprinting(payload, privacy) {
+  const p = privacy || FULL_PRIVACY;
+  const result = {};
+  let deviceClass;
+  for (const [key, value] of Object.entries(payload)) {
+    if (key.toLowerCase() === "sw") {
+      const num = typeof value === "number" ? value : Number(value);
+      if (!Number.isNaN(num))
+        deviceClass = getDeviceClass(num);
+    }
+  }
+  for (const [key, value] of Object.entries(payload)) {
+    const lowerKey = key.toLowerCase();
+    const matchesParam = (key2, params) => {
+      const lk = key2.toLowerCase();
+      return params.some((pm) => {
+        const lp = pm.toLowerCase();
+        return lk === lp || lk.startsWith(`${lp}[`);
+      });
+    };
+    const isLanguageParam = NORMALIZE_PARAMS.language.some((pm) => lowerKey === pm.toLowerCase());
+    if (isLanguageParam) {
+      if (Array.isArray(value)) {
+        result[key] = p.language ? value.map((v) => typeof v === "string" ? normalizeLanguage(v) : v) : value;
+      } else if (typeof value === "string") {
+        result[key] = p.language ? normalizeLanguage(value) : value;
+      } else {
+        result[key] = value;
+      }
+      continue;
+    }
+    const isUserAgentParam = NORMALIZE_PARAMS.userAgent.some((pm) => lowerKey === pm.toLowerCase());
+    if (isUserAgentParam && typeof value === "string") {
+      result[key] = p.userAgent ? normalizeUserAgent(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.ip) && typeof value === "string") {
+      result[key] = p.ip ? anonymizeIP(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.screen)) {
+      if (!p.screen) {
+        result[key] = value;
+        continue;
+      }
+      if (["sd", "colordepth", "pixelratio"].includes(lowerKey)) {
+        result[key] = value;
+      } else if (lowerKey === "sh" && deviceClass) {
+        const paired = SCREEN_BUCKETS[deviceClass].h;
+        result[key] = typeof value === "number" ? paired : String(paired);
+      } else {
+        result[key] = generalizeScreen(value, lowerKey === "sw" ? "width" : lowerKey === "sh" ? "height" : void 0);
+      }
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.hardware)) {
+      result[key] = p.screen ? generalizeHardware(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.version)) {
+      result[key] = p.hardware ? generalizeVersion(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.browserVersion)) {
+      result[key] = p.hardware ? generalizeBrowserVersions(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.location)) {
+      result[key] = p.timezone ? generalizeTimezone(value) : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.browserData)) {
+      result[key] = p.hardware ? Array.isArray(value) ? [] : "" : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.canvas)) {
+      result[key] = p.hardware ? typeof value === "number" ? 0 : typeof value === "object" ? {} : "" : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.deviceInfo)) {
+      result[key] = p.hardware ? typeof value === "string" ? anonymizeDeviceInfo(value) : "" : value;
+      continue;
+    }
+    if (matchesParam(key, STRIP_PARAMS.platform)) {
+      result[key] = value;
+      continue;
+    }
+    if (Array.isArray(value)) {
+      result[key] = value.map(
+        (item) => typeof item === "object" && item !== null ? stripPayloadFingerprinting(item, privacy) : item
+      );
+    } else if (typeof value === "object" && value !== null) {
+      result[key] = stripPayloadFingerprinting(value, privacy);
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}

package/dist/runtime/server/x-embed-image.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/dist/runtime/server/x-embed-image.js

@@ -0,0 +1,53 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const url = query.url;
+  if (!url) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Image URL is required"
+    });
+  }
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid image URL"
+    });
+  }
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Invalid URL scheme"
+    });
+  }
+  const allowedDomains = [
+    "pbs.twimg.com",
+    "abs.twimg.com",
+    "video.twimg.com"
+  ];
+  if (!allowedDomains.includes(parsedUrl.hostname)) {
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Domain not allowed"
+    });
+  }
+  const response = await $fetch.raw(url, {
+    timeout: 5e3,
+    headers: {
+      "Accept": "image/webp,image/jpeg,image/png,image/*,*/*;q=0.8",
+      "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
+    }
+  }).catch((error) => {
+    throw createError({
+      statusCode: error.statusCode || 500,
+      statusMessage: error.statusMessage || "Failed to fetch image"
+    });
+  });
+  setHeader(event, "Content-Type", response.headers.get("content-type") || "image/jpeg");
+  setHeader(event, "Cache-Control", "public, max-age=3600, s-maxage=3600");
+  return response._data;
+});

package/dist/runtime/server/x-embed.d.ts

@@ -0,0 +1,49 @@
+interface TweetData {
+    id_str: string;
+    text: string;
+    created_at: string;
+    favorite_count: number;
+    conversation_count: number;
+    user: {
+        name: string;
+        screen_name: string;
+        profile_image_url_https: string;
+        verified?: boolean;
+        is_blue_verified?: boolean;
+    };
+    entities?: {
+        media?: Array<{
+            media_url_https: string;
+            type: string;
+            sizes: Record<string, {
+                w: number;
+                h: number;
+            }>;
+        }>;
+        urls?: Array<{
+            url: string;
+            expanded_url: string;
+            display_url: string;
+        }>;
+    };
+    photos?: Array<{
+        url: string;
+        width: number;
+        height: number;
+    }>;
+    video?: {
+        poster: string;
+        variants: Array<{
+            type: string;
+            src: string;
+        }>;
+    };
+    quoted_tweet?: TweetData;
+    parent?: {
+        user: {
+            screen_name: string;
+        };
+    };
+}
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<TweetData>>;
+export default _default;

package/dist/runtime/server/x-embed.js

@@ -0,0 +1,31 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+export default defineEventHandler(async (event) => {
+  const query = getQuery(event);
+  const tweetId = query.id;
+  if (!tweetId || !/^\d+$/.test(tweetId)) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Valid Tweet ID is required"
+    });
+  }
+  const randomToken = [...Array.from({ length: 11 })].map(() => (Math.random() * 36).toString(36)[2]).join("");
+  const params = new URLSearchParams({ id: tweetId, token: randomToken });
+  const tweetData = await $fetch(
+    `https://cdn.syndication.twimg.com/tweet-result?${params.toString()}`,
+    {
+      headers: {
+        "Accept": "application/json",
+        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
+      }
+    }
+  ).catch((error) => {
+    throw createError({
+      statusCode: error.statusCode || 500,
+      statusMessage: error.statusMessage || "Failed to fetch tweet"
+    });
+  });
+  setHeader(event, "Content-Type", "application/json");
+  setHeader(event, "Cache-Control", "public, max-age=600, s-maxage=600");
+  return tweetData;
+});

package/dist/runtime/types.d.ts

@@ -1,36 +1,45 @@
+import type { UseScriptInput, UseScriptOptions, VueScriptInstance } from '@unhead/vue';
 import type { Script } from '@unhead/vue/types';
-import type { UseScriptInput, VueScriptInstance, UseScriptOptions } from '@unhead/vue';
-import type { ComputedRef, Ref } from 'vue';
-import type { InferInput, ObjectSchema, ValiError } from 'valibot';
 import type { Import } from 'unimport';
-import type { SegmentInput } from './registry/segment.js';
+import type { InferInput, ObjectSchema, ValiError } from 'valibot';
+import type { ComputedRef, Ref } from 'vue';
+import type { ClarityInput } from './registry/clarity.js';
 import type { CloudflareWebAnalyticsInput } from './registry/cloudflare-web-analytics.js';
+import type { CrispInput } from './registry/crisp.js';
 import type { DatabuddyAnalyticsInput } from './registry/databuddy-analytics.js';
-import type { MetaPixelInput } from './registry/meta-pixel.js';
 import type { FathomAnalyticsInput } from './registry/fathom-analytics.js';
+import type { GoogleAdsenseInput } from './registry/google-adsense.js';
+import type { GoogleAnalyticsInput } from './registry/google-analytics.js';
+import type { GoogleMapsInput } from './registry/google-maps.js';
+import type { GoogleRecaptchaInput } from './registry/google-recaptcha.js';
+import type { GoogleTagManagerInput } from './registry/google-tag-manager.js';
 import type { HotjarInput } from './registry/hotjar.js';
 import type { IntercomInput } from './registry/intercom.js';
-import type { GoogleMapsInput } from './registry/google-maps.js';
+import type { LemonSqueezyInput } from './registry/lemon-squeezy.js';
 import type { MatomoAnalyticsInput } from './registry/matomo-analytics.js';
+import type { MetaPixelInput } from './registry/meta-pixel.js';
+import type { NpmInput } from './registry/npm.js';
+import type { PayPalInput } from './registry/paypal.js';
+import type { PlausibleAnalyticsInput } from './registry/plausible-analytics.js';
+import type { PostHogInput } from './registry/posthog.js';
+import type { RedditPixelInput } from './registry/reddit-pixel.js';
+import type { RybbitAnalyticsInput } from './registry/rybbit-analytics.js';
+import type { SegmentInput } from './registry/segment.js';
+import type { SnapTrPixelInput } from './registry/snapchat-pixel.js';
 import type { StripeInput } from './registry/stripe.js';
+import type { TikTokPixelInput } from './registry/tiktok-pixel.js';
+import type { UmamiAnalyticsInput } from './registry/umami-analytics.js';
 import type { VimeoPlayerInput } from './registry/vimeo-player.js';
 import type { XPixelInput } from './registry/x-pixel.js';
-import type { SnapTrPixelInput } from './registry/snapchat-pixel.js';
 import type { YouTubePlayerInput } from './registry/youtube-player.js';
-import type { PlausibleAnalyticsInput } from './registry/plausible-analytics.js';
-import type { NpmInput } from './registry/npm.js';
-import type { LemonSqueezyInput } from './registry/lemon-squeezy.js';
-import type { GoogleAdsenseInput } from './registry/google-adsense.js';
-import type { ClarityInput } from './registry/clarity.js';
-import type { CrispInput } from './registry/crisp.js';
-import type { GoogleAnalyticsInput } from './registry/google-analytics.js';
-import type { GoogleTagManagerInput } from './registry/google-tag-manager.js';
-import type { UmamiAnalyticsInput } from './registry/umami-analytics.js';
-import type { RybbitAnalyticsInput } from './registry/rybbit-analytics.js';
-import type { RedditPixelInput } from './registry/reddit-pixel.js';
-import type { PayPalInput } from './registry/paypal.js';
 export type WarmupStrategy = false | 'preload' | 'preconnect' | 'dns-prefetch';
-export type UseScriptContext<T extends Record<symbol | string, any>> = VueScriptInstance<T>;
+export type UseScriptContext<T extends Record<symbol | string, any>> = VueScriptInstance<T> & {
+    /**
+     * Remove and reload the script. Useful for scripts that need to re-execute
+     * after SPA navigation (e.g., DOM-scanning scripts like iubenda).
+     */
+    reload: () => Promise<T>;
+};
 export type NuxtUseScriptOptions<T extends Record<symbol | string, any> = {}> = Omit<UseScriptOptions<T>, 'trigger'> & {
     /**
      * The trigger to load the script:
@@ -48,8 +57,24 @@ export type NuxtUseScriptOptions<T extends Record<symbol | string, any> = {}> =
      * - `false` - Do not bundle the script. (default)
      *
      * Note: Using 'force' may significantly increase build time as scripts will be re-downloaded on every build.
+     *
+     * @deprecated Use `scripts.firstParty: true` in nuxt.config instead for bundling and routing scripts through your domain.
      */
     bundle?: boolean | 'force';
+    /**
+     * Opt-out of first-party routing for this specific script when global `scripts.firstParty` is enabled.
+     * Set to `false` to load this script directly from its original source instead of through your domain.
+     *
+     * Note: This option only works as an opt-out. To enable first-party routing, use the global `scripts.firstParty` option in nuxt.config.
+     */
+    firstParty?: false;
+    /**
+     * Load the script in a web worker using Partytown.
+     * When enabled, adds `type="text/partytown"` to the script tag.
+     * Requires @nuxtjs/partytown to be installed and configured separately.
+     * @see https://partytown.qwik.dev/
+     */
+    partytown?: boolean;
     /**
      * Skip any schema validation for the script input. This is useful for loading the script stubs for development without
      * loading the actual script and not getting warnings.
@@ -90,6 +115,8 @@ export type NuxtUseScriptOptionsSerializable = Omit<NuxtUseScriptOptions, 'use'
         idleTimeout: number;
     } | {
         interaction: string[];
+    } | {
+        serviceWorker: true;
     };
 };
 export type NuxtUseScriptInput = UseScriptInput;
@@ -135,16 +162,19 @@ export interface ScriptRegistry {
     googleAdsense?: GoogleAdsenseInput;
     googleAnalytics?: GoogleAnalyticsInput;
     googleMaps?: GoogleMapsInput;
+    googleRecaptcha?: GoogleRecaptchaInput;
     lemonSqueezy?: LemonSqueezyInput;
     googleTagManager?: GoogleTagManagerInput;
     hotjar?: HotjarInput;
     intercom?: IntercomInput;
     paypal?: PayPalInput;
+    posthog?: PostHogInput;
     matomoAnalytics?: MatomoAnalyticsInput;
     rybbitAnalytics?: RybbitAnalyticsInput;
     redditPixel?: RedditPixelInput;
     segment?: SegmentInput;
     stripe?: StripeInput;
+    tiktokPixel?: TikTokPixelInput;
     xPixel?: XPixelInput;
     snapchatPixel?: SnapTrPixelInput;
     youtubePlayer?: YouTubePlayerInput;
@@ -181,6 +211,17 @@ export type RegistryScriptInput<T = EmptyOptionsSchema, Bundelable extends boole
 export interface RegistryScript {
     import?: Import;
     scriptBundling?: false | ((options?: any) => string | false);
+    /**
+     * First-party routing configuration for this script.
+     * - `string` - The proxy config key to use (e.g., 'googleAnalytics', 'metaPixel')
+     * - `false` - Explicitly disable first-party routing for this script
+     * - `undefined` - Use the default key derived from the function name
+     *
+     * When set to a string, the script's URLs will be rewritten and collection
+     * endpoints will be routed through your server when `scripts.firstParty` is enabled.
+     * @internal
+     */
+    proxy?: string | false;
     label?: string;
     src?: string | false;
     category?: string;

package/dist/runtime/utils/pure.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Proxy configuration for third-party scripts.
+ */
+export interface ProxyRewrite {
+    /** Domain and path to match (e.g., 'www.google-analytics.com/g/collect') */
+    from: string;
+    /** Local path to rewrite to (e.g., '/_scripts/c/ga/g/collect') */
+    to: string;
+}

package/dist/runtime/utils.d.ts

@@ -1,6 +1,6 @@
-import type { ObjectSchema } from 'valibot';
+import type { EmptyOptionsSchema, InferIfSchema, NuxtUseScriptOptions, RegistryScriptInput, ScriptRegistry, UseFunctionType, UseScriptContext } from '#nuxt-scripts/types';
 import type { UseScriptInput } from '@unhead/vue';
-import type { EmptyOptionsSchema, InferIfSchema, NuxtUseScriptOptions, RegistryScriptInput, UseFunctionType, ScriptRegistry, UseScriptContext } from '#nuxt-scripts/types';
+import type { ObjectSchema } from 'valibot';
 export type MaybePromise<T> = Promise<T> | T;
 type OptionsFn<O> = (options: InferIfSchema<O>, ctx: {
     scriptInput?: UseScriptInput & {
@@ -10,8 +10,9 @@ type OptionsFn<O> = (options: InferIfSchema<O>, ctx: {
     scriptInput?: UseScriptInput;
     scriptOptions?: NuxtUseScriptOptions;
     schema?: O extends ObjectSchema<any, any> ? O : undefined;
-    clientInit?: () => void;
+    clientInit?: () => void | Promise<any>;
+    scriptMode?: 'external' | 'npm';
 });
 export declare function scriptRuntimeConfig<T extends keyof ScriptRegistry>(key: T): ScriptRegistry[T];
 export declare function useRegistryScript<T extends Record<string | symbol, any>, O = EmptyOptionsSchema>(registryKey: keyof ScriptRegistry | string, optionsFn: OptionsFn<O>, _userOptions?: RegistryScriptInput<O>): UseScriptContext<UseFunctionType<NuxtUseScriptOptions<T>, T>>;
-export {};
+export * from './utils/pure.js';

package/dist/runtime/utils.js

@@ -1,8 +1,9 @@
+import { parse } from "#nuxt-scripts-validator";
 import { defu } from "defu";
 import { useRuntimeConfig } from "nuxt/app";
+import { parseQuery, parseURL, withQuery } from "ufo";
 import { useScript } from "./composables/useScript.js";
-import { parse } from "#nuxt-scripts-validator";
-import { parseURL, withQuery, parseQuery } from "ufo";
+import { createNpmScriptStub } from "./npm-script-stub.js";
 function validateScriptInputSchema(key, schema, options) {
   if (import.meta.dev) {
     try {
@@ -20,6 +21,14 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
   const scriptConfig = scriptRuntimeConfig(registryKey);
   const userOptions = Object.assign(_userOptions || {}, typeof scriptConfig === "object" ? scriptConfig : {});
   const options = optionsFn(userOptions, { scriptInput: userOptions.scriptInput });
+  if (options.scriptMode === "npm") {
+    return createNpmScriptStub({
+      key: String(registryKey),
+      use: options.scriptOptions?.use,
+      clientInit: options.clientInit,
+      trigger: userOptions.scriptOptions?.trigger
+    });
+  }
   let finalScriptInput = options.scriptInput;
   const userSrc = userOptions.scriptInput?.src;
   const optionsSrc = options.scriptInput?.src;
@@ -86,3 +95,4 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
   };
   return useScript(scriptInput, scriptOptions);
 }
+export * from "./utils/pure.js";