npm - @nuxt/scripts - Versions diffs - 1.0.0-beta.30 → 1.0.0-beta.31 - Mend

@nuxt/scripts 1.0.0-beta.30 → 1.0.0-beta.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/runtime/server/proxy-handler.js CHANGED Viewed

@@ -11,18 +11,8 @@ import {
   stripPayloadFingerprinting
 } from "./utils/privacy.js";
 const COMPRESSION_RE = /gzip|deflate|br|compress|base64/i;
-const ROUTE_WILDCARD_RE = /\/\*\*$/;
 const CLIENT_HINT_VERSION_RE = /;v="(\d+)\.[^"]*"/g;
 const SKIP_RESPONSE_HEADERS = /* @__PURE__ */ new Set(["set-cookie", "transfer-encoding", "content-encoding", "content-length"]);
-let sortedRoutesCache;
-function getSortedRoutes(routes) {
-  const key = JSON.stringify(routes);
-  if (sortedRoutesCache?.key === key)
-    return sortedRoutesCache.sorted;
-  const sorted = Object.entries(routes).sort((a, b) => b[0].length - a[0].length);
-  sortedRoutesCache = { key, sorted };
-  return sorted;
-}
 function stripQueryFingerprinting(query, privacy) {
   const stripped = stripPayloadFingerprinting(query, privacy);
   const params = new URLSearchParams();
@@ -42,37 +32,41 @@ export default defineEventHandler(async (event) => {
       statusMessage: "First-party proxy not configured"
     });
   }
-  const { routes, privacy: globalPrivacy, routePrivacy, debug = import.meta.dev } = proxyConfig;
+  const { proxyPrefix, domainPrivacy, privacy: globalPrivacy, debug = import.meta.dev } = proxyConfig;
   const path = event.path;
   const log = debug ? (message, ...args) => {
     console.debug(message, ...args);
   } : () => {
   };
-  let targetBase;
-  let matchedPrefix;
-  let matchedRoutePattern;
-  for (const [routePattern, target] of getSortedRoutes(routes)) {
-    const prefix = routePattern.replace(ROUTE_WILDCARD_RE, "");
-    if (path.startsWith(prefix)) {
-      targetBase = target.replace(ROUTE_WILDCARD_RE, "");
-      matchedPrefix = prefix;
-      matchedRoutePattern = routePattern;
-      log("[proxy] Matched:", prefix, "->", targetBase);
+  const afterPrefix = path.slice(proxyPrefix.length + 1);
+  const slashIdx = afterPrefix.indexOf("/");
+  const domain = slashIdx > 0 ? afterPrefix.slice(0, slashIdx) : afterPrefix;
+  const remainingPath = slashIdx > 0 ? afterPrefix.slice(slashIdx) : "/";
+  if (!domain) {
+    log("[proxy] No domain in path:", path);
+    throw createError({
+      statusCode: 404,
+      statusMessage: "No proxy domain found",
+      message: `No domain in proxy path: ${path}`
+    });
+  }
+  let perScriptInput;
+  for (const [configDomain, privacyInput] of Object.entries(domainPrivacy)) {
+    if (domain === configDomain || domain.endsWith(`.${configDomain}`)) {
+      perScriptInput = privacyInput;
       break;
     }
   }
-  if (!targetBase || !matchedPrefix || !matchedRoutePattern) {
-    log("[proxy] No match for path:", path);
+  if (perScriptInput === void 0) {
+    log("[proxy] Rejected: domain not in allowlist:", domain);
     throw createError({
-      statusCode: 404,
-      statusMessage: "No proxy route matched",
-      message: `No proxy target found for path: ${path}`
+      statusCode: 403,
+      statusMessage: "Domain not allowed",
+      message: `Proxy domain not in allowlist: ${domain}`
     });
   }
-  const perScriptInput = routePrivacy[matchedRoutePattern];
-  if (debug && perScriptInput === void 0) {
-    log("[proxy] WARNING: No privacy config for route", matchedRoutePattern, "\u2014 defaulting to full anonymization");
-  }
+  const targetBase = `https://${domain}`;
+  log("[proxy] Matched:", domain, "->", targetBase);
   const perScriptResolved = resolvePrivacy(perScriptInput ?? true);
   const privacy = globalPrivacy !== void 0 ? mergePrivacy(perScriptResolved, globalPrivacy) : perScriptResolved;
   const anyPrivacy = privacy.ip || privacy.userAgent || privacy.language || privacy.screen || privacy.timezone || privacy.hardware;
@@ -83,11 +77,7 @@ export default defineEventHandler(async (event) => {
   const isBinaryBody = Boolean(
     originalHeaders["content-encoding"] || contentType.includes("octet-stream") || compressionParam && COMPRESSION_RE.test(compressionParam)
   );
-  let targetPath = path.slice(matchedPrefix.length);
-  if (targetPath && !targetPath.startsWith("/")) {
-    targetPath = `/${targetPath}`;
-  }
-  let targetUrl = targetBase + targetPath;
+  let targetUrl = targetBase + remainingPath;
   let strippedQueryRecord;
   if (anyPrivacy) {
     if (Object.keys(originalQuery).length > 0) {

package/dist/shared/scripts.D7e2ENu6.mjs ADDED Viewed

@@ -0,0 +1,211 @@
+const FATHOM_SELF_HOSTED_RE = /\.src\.indexOf\("cdn\.usefathom\.com"\)\s*<\s*0/;
+const RYBBIT_HOST_SPLIT_RE = /\w+\.split\(["']\/script\.js["']\)\[0\]/g;
+const PRIVACY_NONE = { ip: false, userAgent: false, language: false, screen: false, timezone: false, hardware: false };
+const PRIVACY_FULL = { ip: true, userAgent: true, language: true, screen: true, timezone: true, hardware: true };
+const PRIVACY_HEATMAP = { ip: true, userAgent: false, language: true, screen: false, timezone: false, hardware: true };
+const PRIVACY_IP_ONLY = { ip: true, userAgent: false, language: false, screen: false, timezone: false, hardware: false };
+function buildProxyConfig(_proxyPrefix) {
+  return {
+    googleAnalytics: {
+      domains: [
+        "www.google-analytics.com",
+        "analytics.google.com",
+        "stats.g.doubleclick.net",
+        "pagead2.googlesyndication.com",
+        "www.googleadservices.com",
+        "googleads.g.doubleclick.net"
+      ],
+      privacy: PRIVACY_HEATMAP
+    },
+    googleTagManager: {
+      domains: ["www.googletagmanager.com"],
+      privacy: PRIVACY_NONE
+    },
+    metaPixel: {
+      domains: [
+        "connect.facebook.net",
+        "www.facebook.com",
+        "facebook.com",
+        "pixel.facebook.com"
+      ],
+      privacy: PRIVACY_FULL
+    },
+    tiktokPixel: {
+      domains: ["analytics.tiktok.com"],
+      privacy: PRIVACY_FULL
+    },
+    segment: {
+      domains: ["api.segment.io", "cdn.segment.com"],
+      privacy: PRIVACY_NONE
+    },
+    xPixel: {
+      domains: ["analytics.twitter.com", "static.ads-twitter.com", "t.co"],
+      privacy: PRIVACY_FULL
+    },
+    snapchatPixel: {
+      domains: ["sc-static.net", "tr.snapchat.com", "pixel.tapad.com"],
+      privacy: PRIVACY_FULL
+    },
+    redditPixel: {
+      domains: ["www.redditstatic.com", "alb.reddit.com", "pixel-config.reddit.com"],
+      privacy: PRIVACY_FULL
+    },
+    clarity: {
+      domains: [
+        "www.clarity.ms",
+        "scripts.clarity.ms",
+        "d.clarity.ms",
+        "e.clarity.ms",
+        "k.clarity.ms"
+      ],
+      privacy: PRIVACY_HEATMAP
+    },
+    posthog: {
+      domains: [
+        "us-assets.i.posthog.com",
+        "us.i.posthog.com",
+        "eu-assets.i.posthog.com",
+        "eu.i.posthog.com"
+      ],
+      privacy: PRIVACY_NONE,
+      autoInject: {
+        configField: "apiHost",
+        computeValue: (proxyPrefix, config) => {
+          const region = config.region || "us";
+          const host = region === "eu" ? "eu.i.posthog.com" : "us.i.posthog.com";
+          return `${proxyPrefix}/${host}`;
+        }
+      }
+    },
+    hotjar: {
+      domains: [
+        "static.hotjar.com",
+        "script.hotjar.com",
+        "vars.hotjar.com",
+        "in.hotjar.com",
+        "vc.hotjar.com",
+        "vc.hotjar.io",
+        "metrics.hotjar.io",
+        "insights.hotjar.com",
+        "ask.hotjar.io",
+        "events.hotjar.io",
+        "identify.hotjar.com",
+        "surveystats.hotjar.io"
+      ],
+      privacy: PRIVACY_HEATMAP
+    },
+    plausibleAnalytics: {
+      domains: ["plausible.io"],
+      privacy: PRIVACY_NONE,
+      autoInject: {
+        configField: "endpoint",
+        computeValue: (proxyPrefix) => `${proxyPrefix}/plausible.io/api/event`
+      }
+    },
+    cloudflareWebAnalytics: {
+      domains: ["static.cloudflareinsights.com", "cloudflareinsights.com"],
+      privacy: PRIVACY_NONE
+    },
+    rybbitAnalytics: {
+      domains: ["app.rybbit.io"],
+      privacy: PRIVACY_NONE,
+      autoInject: {
+        configField: "analyticsHost",
+        computeValue: (proxyPrefix) => `${proxyPrefix}/app.rybbit.io/api`
+      },
+      postProcess(output, rewrites) {
+        const rybbitRewrite = rewrites.find((r) => r.from === "app.rybbit.io");
+        if (rybbitRewrite) {
+          output = output.replace(
+            RYBBIT_HOST_SPLIT_RE,
+            `self.location.origin+"${rybbitRewrite.to}/api"`
+          );
+        }
+        return output;
+      }
+    },
+    umamiAnalytics: {
+      domains: ["cloud.umami.is", "api-gateway.umami.dev"],
+      privacy: PRIVACY_NONE,
+      autoInject: {
+        configField: "hostUrl",
+        computeValue: (proxyPrefix) => `${proxyPrefix}/cloud.umami.is`
+      }
+    },
+    databuddyAnalytics: {
+      domains: ["cdn.databuddy.cc", "basket.databuddy.cc"],
+      privacy: PRIVACY_NONE,
+      autoInject: {
+        configField: "apiUrl",
+        computeValue: (proxyPrefix) => `${proxyPrefix}/basket.databuddy.cc`
+      }
+    },
+    fathomAnalytics: {
+      domains: ["cdn.usefathom.com"],
+      privacy: PRIVACY_NONE,
+      postProcess(output) {
+        return output.replace(
+          FATHOM_SELF_HOSTED_RE,
+          '.src.indexOf("cdn.usefathom.com")<-1'
+        );
+      }
+    },
+    intercom: {
+      domains: [
+        "widget.intercom.io",
+        "api-iam.intercom.io",
+        "api-iam.eu.intercom.io",
+        "api-iam.au.intercom.io",
+        "js.intercomcdn.com",
+        "downloads.intercomcdn.com",
+        "video-messages.intercomcdn.com"
+      ],
+      privacy: PRIVACY_IP_ONLY
+    },
+    crisp: {
+      domains: [
+        "client.crisp.chat",
+        "client.relay.crisp.chat",
+        "assets.crisp.chat",
+        "go.crisp.chat",
+        "image.crisp.chat"
+      ],
+      privacy: PRIVACY_IP_ONLY
+    },
+    vercelAnalytics: {
+      domains: ["va.vercel-scripts.com"],
+      privacy: PRIVACY_NONE
+    },
+    gravatar: {
+      domains: ["secure.gravatar.com", "gravatar.com"],
+      privacy: PRIVACY_IP_ONLY
+    },
+    carbonAds: {
+      domains: ["cdn.carbonads.com"],
+      privacy: PRIVACY_NONE
+    },
+    lemonSqueezy: {
+      domains: ["assets.lemonsqueezy.com"],
+      privacy: PRIVACY_NONE
+    },
+    matomoAnalytics: {
+      domains: ["cdn.matomo.cloud"],
+      privacy: PRIVACY_NONE
+    },
+    // stripe, paypal: proxy: false in registry (need fingerprinting for fraud detection)
+    youtubePlayer: {
+      domains: ["www.youtube.com"],
+      privacy: PRIVACY_IP_ONLY
+    },
+    vimeoPlayer: {
+      domains: ["player.vimeo.com"],
+      privacy: PRIVACY_IP_ONLY
+    }
+    // googleRecaptcha, googleSignIn: proxy: false in registry (need fingerprinting for bot detection / auth)
+  };
+}
+function getAllProxyConfigs(proxyPrefix) {
+  return buildProxyConfig();
+}
+export { getAllProxyConfigs as g };

package/dist/stats.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { g as getAllProxyConfigs } from './shared/scripts.ViOoYQXH.mjs';
+import { g as getAllProxyConfigs } from './shared/scripts.D7e2ENu6.mjs';
 const scriptMeta = {
   // Analytics
@@ -3767,7 +3767,6 @@ function computePerformanceRating(perf, transferKb, network, cwv) {
     }
   };
 }
-const DOMAIN_RE = /^https?:\/\/([^/]+)/;
 const USE_SCRIPT_RE = /^useScript/;
 const WORD_SPLIT_RE = /[\s-]+/;
 function computePrivacyLevel(privacy) {
@@ -3780,14 +3779,8 @@ function computePrivacyLevel(privacy) {
     return "partial";
   return "none";
 }
-function extractDomains(routes) {
-  const domains = /* @__PURE__ */ new Set();
-  for (const { proxy } of Object.values(routes)) {
-    const match = proxy.match(DOMAIN_RE);
-    if (match?.[1])
-      domains.add(match[1]);
-  }
-  return [...domains].sort();
+function extractDomains(proxyDomains) {
+  return [...proxyDomains].sort();
 }
 function deriveMetaKey(importName, label) {
   if (importName) {
@@ -3805,7 +3798,7 @@ function deriveMetaKey(importName, label) {
 async function getScriptStats() {
   const { registry } = await import('./registry.mjs');
   const entries = await registry();
-  const proxyConfigs = getAllProxyConfigs("/_scripts/p");
+  const proxyConfigs = getAllProxyConfigs();
   const sizes = scriptSizes;
   return entries.map((entry) => {
     const id = entry.registryKey || deriveMetaKey(entry.import?.name, entry.label);
@@ -3819,9 +3812,8 @@ async function getScriptStats() {
     else if (!entry.src && typeof entry.scriptBundling === "function")
       loadingMethod = "dynamic";
     const privacy = proxyConfig?.privacy ?? null;
-    const routes = proxyConfig?.routes ?? {};
-    const domains = extractDomains(routes);
-    const endpoints = Object.keys(routes).length;
+    const domains = extractDomains(proxyConfig?.domains ?? []);
+    const endpoints = domains.length;
     const emptyApis = {};
     const emptyNetwork = { requestCount: 0, domains: [], outboundBytes: 0, inboundBytes: 0, injectedElements: [] };
     const emptyPerf = { taskDurationMs: 0, scriptDurationMs: 0, heapDeltaKb: 0 };

package/dist/types-source.mjs CHANGED Viewed

@@ -276,7 +276,7 @@ const types = {
 		{
 			name: "ScriptGoogleMapsOverlayViewProps",
 			kind: "interface",
-			code: "interface ScriptGoogleMapsOverlayViewProps {\n  /**\n   * Geographic position for the overlay. Falls back to parent marker position if omitted.\n   * @see https://developers.google.com/maps/documentation/javascript/reference/overlay-view#OverlayView\n   */\n  position?: google.maps.LatLngLiteral\n  /**\n   * Anchor point of the overlay relative to its position.\n   * @default 'bottom-center'\n   */\n  anchor?: OverlayAnchor\n  /**\n   * Pixel offset from the anchor position.\n   */\n  offset?: { x: number, y: number }\n  /**\n   * The map pane on which to render the overlay.\n   * @default 'floatPane'\n   * @see https://developers.google.com/maps/documentation/javascript/reference/overlay-view#MapPanes\n   */\n  pane?: OverlayPane\n  /**\n   * CSS z-index for the overlay element.\n   */\n  zIndex?: number\n  /**\n   * Whether to block map click and gesture events from passing through the overlay.\n   * @default true\n   */\n  blockMapInteraction?: boolean\n}"
+			code: "interface ScriptGoogleMapsOverlayViewProps {\n  /**\n   * Geographic position for the overlay. Falls back to parent marker position if omitted.\n   * @see https://developers.google.com/maps/documentation/javascript/reference/overlay-view#OverlayView\n   */\n  position?: google.maps.LatLngLiteral\n  /**\n   * Anchor point of the overlay relative to its position.\n   * @default 'bottom-center'\n   */\n  anchor?: OverlayAnchor\n  /**\n   * Pixel offset from the anchor position.\n   */\n  offset?: { x: number, y: number }\n  /**\n   * The map pane on which to render the overlay.\n   * @default 'floatPane'\n   * @see https://developers.google.com/maps/documentation/javascript/reference/overlay-view#MapPanes\n   */\n  pane?: OverlayPane\n  /**\n   * CSS z-index for the overlay element.\n   */\n  zIndex?: number\n  /**\n   * Whether to block map click and gesture events from passing through the overlay.\n   * @default true\n   */\n  blockMapInteraction?: boolean\n  /**\n   * Pan the map so the overlay is fully visible when opened, similar to InfoWindow behavior.\n   * Set to `true` for default 40px padding, or a number for custom padding.\n   * @default true\n   */\n  panOnOpen?: boolean | number\n  /**\n   * Automatically hide the overlay when its parent marker joins a cluster (on zoom out).\n   * Only applies when nested inside a ScriptGoogleMapsMarkerClusterer.\n   * @default true\n   */\n  hideWhenClustered?: boolean\n}"
 		},
 		{
 			name: "ScriptGoogleMapsPinElementProps",
@@ -2697,6 +2697,20 @@ const schemaFields = {
 			description: "Whether to block map click and gesture events from passing through the overlay.",
 			defaultValue: "true"
 		},
+		{
+			name: "panOnOpen",
+			type: "boolean | number",
+			required: false,
+			description: "Pan the map so the overlay is fully visible when opened, similar to InfoWindow behavior. Set to `true` for default 40px padding, or a number for custom padding.",
+			defaultValue: "true"
+		},
+		{
+			name: "hideWhenClustered",
+			type: "boolean",
+			required: false,
+			description: "Automatically hide the overlay when its parent marker joins a cluster (on zoom out). Only applies when nested inside a ScriptGoogleMapsMarkerClusterer.",
+			defaultValue: "true"
+		},
 		{
 			name: "v-model:open",
 			type: "boolean",

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@nuxt/scripts",
   "type": "module",
-  "version": "1.0.0-beta.30",
+  "version": "1.0.0-beta.31",
   "description": "Load third-party scripts with better performance, privacy and DX in Nuxt Apps.",
   "author": {
     "name": "Harlan Wilton",
@@ -144,7 +144,7 @@
     "vue": "^3.5.30",
     "vue-router": "^5.0.4",
     "vue-tsc": "^3.2.6",
-    "@nuxt/scripts": "1.0.0-beta.30"
+    "@nuxt/scripts": "1.0.0-beta.31"
   },
   "resolutions": {
     "@nuxt/scripts": "workspace:*"

package/dist/client/_nuxt/builds/meta/f0b4dd20-8496-4003-b7a3-05cbae515923.json DELETED Viewed

	@@ -1 +0,0 @@
1	- {"id":"f0b4dd20-8496-4003-b7a3-05cbae515923","timestamp":1774019040423,"prerendered":[]}