npm - @nuxt/scripts - Versions diffs - 1.0.0-beta.7 → 1.0.0-rc.10 - Mend

@nuxt/scripts 1.0.0-beta.7 → 1.0.0-rc.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/dist/runtime/utils.js CHANGED Viewed

@@ -1,10 +1,14 @@
 import { defu } from "defu";
-import { useRuntimeConfig } from "nuxt/app";
-import { parseURL, withQuery, parseQuery } from "ufo";
+import { createError, useRuntimeConfig } from "nuxt/app";
+import { parseQuery, parseURL, withQuery } from "ufo";
+import { parse } from "valibot";
 import { useScript } from "./composables/useScript.js";
 import { createNpmScriptStub } from "./npm-script-stub.js";
-import { parse } from "#nuxt-scripts-validator";
-function validateScriptInputSchema(key, schema, options) {
+const URL_MATCH_RE = /https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)/;
+const URL_PAREN_MATCH_RE = /\(https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)\)/;
+const VUE_MATCH_RE = /([^/\s]+\.vue):(\d+):(\d+)/;
+const CLEAN_CALLER_RE = /^\s*at\s+/;
+function validateScriptInputSchema(schema, options) {
   if (import.meta.dev) {
     try {
       parse(schema, options);
@@ -17,9 +21,21 @@ function validateScriptInputSchema(key, schema, options) {
 export function scriptRuntimeConfig(key) {
   return (useRuntimeConfig().public.scripts || {})[key];
 }
+export function scriptsPrefix() {
+  return useRuntimeConfig().public["nuxt-scripts"]?.prefix || "/_scripts";
+}
+export function requireRegistryEndpoint(componentName, registryKey) {
+  const endpoints = useRuntimeConfig().public["nuxt-scripts"]?.endpoints;
+  if (!endpoints?.[registryKey]) {
+    throw createError({
+      message: `${componentName} requires \`scripts.registry.${registryKey}\` to be enabled in nuxt.config`,
+      fatal: import.meta.dev
+    });
+  }
+}
 export function useRegistryScript(registryKey, optionsFn, _userOptions) {
   const scriptConfig = scriptRuntimeConfig(registryKey);
-  const userOptions = Object.assign(_userOptions || {}, typeof scriptConfig === "object" ? scriptConfig : {});
+  const userOptions = defu(_userOptions || {}, typeof scriptConfig === "object" ? scriptConfig : {});
   const options = optionsFn(userOptions, { scriptInput: userOptions.scriptInput });
   if (options.scriptMode === "npm") {
     return createNpmScriptStub({
@@ -45,7 +61,7 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
     };
   }
   const scriptInput = defu(finalScriptInput, userOptions.scriptInput, { key: registryKey });
-  const scriptOptions = Object.assign(userOptions?.scriptOptions || {}, options.scriptOptions || {});
+  const scriptOptions = { ...userOptions?.scriptOptions, ...options.scriptOptions };
   if (import.meta.dev) {
     const error = new Error("Stack trace for component location");
     const stack = error.stack?.split("\n");
@@ -54,25 +70,27 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
     );
     let loadedFrom = "unknown";
     if (callerLine) {
-      const urlMatch = callerLine.match(/https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)/) || callerLine.match(/\(https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)\)/);
+      const urlMatch = callerLine.match(URL_MATCH_RE) || callerLine.match(URL_PAREN_MATCH_RE);
       if (urlMatch) {
         const [, filePath, line, column] = urlMatch;
         loadedFrom = `./${filePath}:${line}:${column}`;
       } else {
-        const vueMatch = callerLine.match(/([^/\s]+\.vue):(\d+):(\d+)/);
+        const vueMatch = callerLine.match(VUE_MATCH_RE);
         if (vueMatch) {
           const [, fileName, line, column] = vueMatch;
           loadedFrom = `./${fileName}:${line}:${column}`;
         } else {
-          loadedFrom = callerLine.trim().replace(/^\s*at\s+/, "");
+          loadedFrom = callerLine.trim().replace(CLEAN_CALLER_RE, "");
         }
       }
     }
-    scriptOptions.devtools = defu(scriptOptions.devtools, { registryKey, loadedFrom });
-    if (options.schema) {
+    const devtoolsConfig = useRuntimeConfig().public["nuxt-scripts-devtools"];
+    const registryDomains = devtoolsConfig?.scripts?.find((s) => s.registryKey === registryKey)?.domains;
+    scriptOptions.devtools = defu(scriptOptions.devtools, { registryKey, loadedFrom, domains: registryDomains });
+    if (options.schema && "entries" in options.schema) {
       const registryMeta = {};
       for (const k in options.schema.entries) {
-        if (options.schema.entries[k].type !== "optional") {
+        if (options.schema.entries[k]?.type !== "optional") {
           registryMeta[k] = String(userOptions[k]);
         }
       }
@@ -83,7 +101,7 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
   if (import.meta.dev) {
     scriptOptions._validate = () => {
       if (!userOptions.scriptInput?.src && !scriptOptions.skipValidation && options.schema) {
-        return validateScriptInputSchema(registryKey, options.schema, userOptions);
+        return validateScriptInputSchema(options.schema, userOptions);
       }
     };
   }
@@ -95,4 +113,3 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
   };
   return useScript(scriptInput, scriptOptions);
 }
-export * from "./utils/pure.js";

package/dist/stats.d.mts ADDED Viewed

@@ -0,0 +1,202 @@
+type TrackedDataType = 'page-views' | 'events' | 'conversions' | 'user-identity' | 'session-replay' | 'heatmaps' | 'clicks' | 'scrolls' | 'retargeting' | 'audiences' | 'form-submissions' | 'video-engagement' | 'transactions' | 'errors' | 'tag-injection' | 'ab-testing';
+interface ScriptPrivacy {
+    ip: boolean;
+    userAgent: boolean;
+    language: boolean;
+    screen: boolean;
+    timezone: boolean;
+    hardware: boolean;
+}
+interface ScriptSizeDetail {
+    url: string;
+    transferKb: number;
+    decodedKb: number;
+    encoding: string;
+    durationMs: number;
+    initiatorType: string;
+    protocol: string;
+}
+interface ScriptApis {
+    cookies: boolean;
+    localStorage: boolean;
+    sessionStorage: boolean;
+    indexedDB: boolean;
+    canvas: boolean;
+    webgl: boolean;
+    audioContext: boolean;
+    userAgent: boolean;
+    doNotTrack: boolean;
+    hardwareConcurrency: boolean;
+    deviceMemory: boolean;
+    plugins: boolean;
+    languages: boolean;
+    screen: boolean;
+    timezone: boolean;
+    platform: boolean;
+    vendor: boolean;
+    connection: boolean;
+    maxTouchPoints: boolean;
+    devicePixelRatio: boolean;
+    mediaDevices: boolean;
+    getBattery: boolean;
+    referrer: boolean;
+    windowName: boolean;
+    rtcPeerConnection: boolean;
+    geolocation: boolean;
+    serviceWorker: boolean;
+    cacheApi: boolean;
+    sendBeacon: boolean;
+    fetch: boolean;
+    xhr: boolean;
+    websocket: boolean;
+    mutationObserver: boolean;
+    performanceObserver: boolean;
+    intersectionObserver: boolean;
+}
+type PrivacyGrade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+interface PrivacyRating {
+    /** Overall letter grade */
+    grade: PrivacyGrade;
+    /** 0–100, higher = more invasive */
+    score: number;
+    /** Breakdown by privacy concern category */
+    breakdown: {
+        /** Browser fingerprinting APIs — entropy-weighted per AmIUnique/Panopticlick research (0–30) */
+        fingerprinting: {
+            score: number;
+            apis: string[];
+        };
+        /** Persistent storage + cookie tracking (0–25) */
+        persistence: {
+            score: number;
+            thirdPartyCookies: number;
+            longLivedCookies: number;
+            storageApis: string[];
+        };
+        /** Cross-domain data exfiltration & tracking network (0–25) */
+        network: {
+            score: number;
+            domains: number;
+            outboundBytes: number;
+            trackingPixels: number;
+        };
+        /** Behavioral observation APIs (0–10) */
+        monitoring: {
+            score: number;
+            apis: string[];
+        };
+        /** Data collection scope — what types of data are tracked (0–10) */
+        dataScope: {
+            score: number;
+            types: string[];
+        };
+        /** Fingerprint exfiltration — heavy FP APIs combined with outbound channels (0–25) */
+        fpExfiltration: {
+            score: number;
+            heavyApis: string[];
+        };
+    };
+}
+interface ScriptCookie {
+    name: string;
+    domain: string;
+    path: string;
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: string;
+    session: boolean;
+    lifetimeDays: number;
+    firstParty: boolean;
+}
+interface NetworkSummary {
+    requestCount: number;
+    domains: string[];
+    outboundBytes: number;
+    inboundBytes: number;
+    injectedElements: {
+        tag: string;
+        src: string;
+    }[];
+}
+interface CwvEstimate {
+    /** Estimated LCP delay: scriptDurationMs blocks rendering during page load */
+    lcpImpactMs: number;
+    /** CLS risk: true if script injects visible DOM elements (iframes, images) without reserved space */
+    clsRisk: boolean;
+    /** Number of visible elements injected that could cause layout shifts */
+    clsElements: number;
+    /** INP risk level based on script weight + DOM observation */
+    inpRiskLevel: 'low' | 'medium' | 'high';
+}
+interface PerformanceSummary {
+    taskDurationMs: number;
+    scriptDurationMs: number;
+    heapDeltaKb: number;
+}
+type PerformanceGrade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+interface PerformanceRating {
+    /** Overall letter grade */
+    grade: PerformanceGrade;
+    /** 0–100, higher = worse performance impact */
+    score: number;
+    /** Breakdown by impact area */
+    breakdown: {
+        /** Network cost — transfer size relative to performance budgets (0–30) */
+        networkCost: {
+            score: number;
+            transferKb: number;
+        };
+        /** Main thread blocking — task duration that delays interactivity (0–30) */
+        mainThread: {
+            score: number;
+            taskDurationMs: number;
+            scriptDurationMs: number;
+        };
+        /** Memory pressure — heap allocation impact (0–20) */
+        memory: {
+            score: number;
+            heapDeltaKb: number;
+        };
+        /** Connection overhead — additional HTTP requests (0–10) */
+        connections: {
+            score: number;
+            requestCount: number;
+        };
+        /** CWV risk — estimated Core Web Vitals impact (0–10) */
+        cwvRisk: {
+            score: number;
+            lcpImpactMs: number;
+            clsRisk: boolean;
+            inpRiskLevel: string;
+        };
+    };
+}
+interface ScriptStats {
+    id: string;
+    label: string;
+    category: string;
+    scripts: ScriptSizeDetail[];
+    totalTransferKb: number;
+    totalDecodedKb: number;
+    trackedData: TrackedDataType[];
+    collectsWebVitals: boolean;
+    apis: ScriptApis;
+    privacyRating: PrivacyRating;
+    cookies: ScriptCookie[];
+    network: NetworkSummary;
+    performance: PerformanceSummary;
+    performanceRating: PerformanceRating;
+    cwvEstimate: CwvEstimate;
+    hasBundling: boolean;
+    hasProxy: boolean;
+    proxyDomains: string[];
+    proxyEndpoints: number;
+    privacy: ScriptPrivacy | null;
+    privacyLevel: 'full' | 'partial' | 'none' | 'unknown';
+    loadingMethod: 'cdn' | 'npm' | 'dynamic';
+}
+declare function getScriptStats(): Promise<ScriptStats[]>;
+export { getScriptStats };
+export type { CwvEstimate, NetworkSummary, PerformanceGrade, PerformanceRating, PerformanceSummary, PrivacyGrade, PrivacyRating, ScriptApis, ScriptCookie, ScriptPrivacy, ScriptSizeDetail, ScriptStats, TrackedDataType };

package/dist/stats.d.ts ADDED Viewed

@@ -0,0 +1,202 @@
+type TrackedDataType = 'page-views' | 'events' | 'conversions' | 'user-identity' | 'session-replay' | 'heatmaps' | 'clicks' | 'scrolls' | 'retargeting' | 'audiences' | 'form-submissions' | 'video-engagement' | 'transactions' | 'errors' | 'tag-injection' | 'ab-testing';
+interface ScriptPrivacy {
+    ip: boolean;
+    userAgent: boolean;
+    language: boolean;
+    screen: boolean;
+    timezone: boolean;
+    hardware: boolean;
+}
+interface ScriptSizeDetail {
+    url: string;
+    transferKb: number;
+    decodedKb: number;
+    encoding: string;
+    durationMs: number;
+    initiatorType: string;
+    protocol: string;
+}
+interface ScriptApis {
+    cookies: boolean;
+    localStorage: boolean;
+    sessionStorage: boolean;
+    indexedDB: boolean;
+    canvas: boolean;
+    webgl: boolean;
+    audioContext: boolean;
+    userAgent: boolean;
+    doNotTrack: boolean;
+    hardwareConcurrency: boolean;
+    deviceMemory: boolean;
+    plugins: boolean;
+    languages: boolean;
+    screen: boolean;
+    timezone: boolean;
+    platform: boolean;
+    vendor: boolean;
+    connection: boolean;
+    maxTouchPoints: boolean;
+    devicePixelRatio: boolean;
+    mediaDevices: boolean;
+    getBattery: boolean;
+    referrer: boolean;
+    windowName: boolean;
+    rtcPeerConnection: boolean;
+    geolocation: boolean;
+    serviceWorker: boolean;
+    cacheApi: boolean;
+    sendBeacon: boolean;
+    fetch: boolean;
+    xhr: boolean;
+    websocket: boolean;
+    mutationObserver: boolean;
+    performanceObserver: boolean;
+    intersectionObserver: boolean;
+}
+type PrivacyGrade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+interface PrivacyRating {
+    /** Overall letter grade */
+    grade: PrivacyGrade;
+    /** 0–100, higher = more invasive */
+    score: number;
+    /** Breakdown by privacy concern category */
+    breakdown: {
+        /** Browser fingerprinting APIs — entropy-weighted per AmIUnique/Panopticlick research (0–30) */
+        fingerprinting: {
+            score: number;
+            apis: string[];
+        };
+        /** Persistent storage + cookie tracking (0–25) */
+        persistence: {
+            score: number;
+            thirdPartyCookies: number;
+            longLivedCookies: number;
+            storageApis: string[];
+        };
+        /** Cross-domain data exfiltration & tracking network (0–25) */
+        network: {
+            score: number;
+            domains: number;
+            outboundBytes: number;
+            trackingPixels: number;
+        };
+        /** Behavioral observation APIs (0–10) */
+        monitoring: {
+            score: number;
+            apis: string[];
+        };
+        /** Data collection scope — what types of data are tracked (0–10) */
+        dataScope: {
+            score: number;
+            types: string[];
+        };
+        /** Fingerprint exfiltration — heavy FP APIs combined with outbound channels (0–25) */
+        fpExfiltration: {
+            score: number;
+            heavyApis: string[];
+        };
+    };
+}
+interface ScriptCookie {
+    name: string;
+    domain: string;
+    path: string;
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: string;
+    session: boolean;
+    lifetimeDays: number;
+    firstParty: boolean;
+}
+interface NetworkSummary {
+    requestCount: number;
+    domains: string[];
+    outboundBytes: number;
+    inboundBytes: number;
+    injectedElements: {
+        tag: string;
+        src: string;
+    }[];
+}
+interface CwvEstimate {
+    /** Estimated LCP delay: scriptDurationMs blocks rendering during page load */
+    lcpImpactMs: number;
+    /** CLS risk: true if script injects visible DOM elements (iframes, images) without reserved space */
+    clsRisk: boolean;
+    /** Number of visible elements injected that could cause layout shifts */
+    clsElements: number;
+    /** INP risk level based on script weight + DOM observation */
+    inpRiskLevel: 'low' | 'medium' | 'high';
+}
+interface PerformanceSummary {
+    taskDurationMs: number;
+    scriptDurationMs: number;
+    heapDeltaKb: number;
+}
+type PerformanceGrade = 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';
+interface PerformanceRating {
+    /** Overall letter grade */
+    grade: PerformanceGrade;
+    /** 0–100, higher = worse performance impact */
+    score: number;
+    /** Breakdown by impact area */
+    breakdown: {
+        /** Network cost — transfer size relative to performance budgets (0–30) */
+        networkCost: {
+            score: number;
+            transferKb: number;
+        };
+        /** Main thread blocking — task duration that delays interactivity (0–30) */
+        mainThread: {
+            score: number;
+            taskDurationMs: number;
+            scriptDurationMs: number;
+        };
+        /** Memory pressure — heap allocation impact (0–20) */
+        memory: {
+            score: number;
+            heapDeltaKb: number;
+        };
+        /** Connection overhead — additional HTTP requests (0–10) */
+        connections: {
+            score: number;
+            requestCount: number;
+        };
+        /** CWV risk — estimated Core Web Vitals impact (0–10) */
+        cwvRisk: {
+            score: number;
+            lcpImpactMs: number;
+            clsRisk: boolean;
+            inpRiskLevel: string;
+        };
+    };
+}
+interface ScriptStats {
+    id: string;
+    label: string;
+    category: string;
+    scripts: ScriptSizeDetail[];
+    totalTransferKb: number;
+    totalDecodedKb: number;
+    trackedData: TrackedDataType[];
+    collectsWebVitals: boolean;
+    apis: ScriptApis;
+    privacyRating: PrivacyRating;
+    cookies: ScriptCookie[];
+    network: NetworkSummary;
+    performance: PerformanceSummary;
+    performanceRating: PerformanceRating;
+    cwvEstimate: CwvEstimate;
+    hasBundling: boolean;
+    hasProxy: boolean;
+    proxyDomains: string[];
+    proxyEndpoints: number;
+    privacy: ScriptPrivacy | null;
+    privacyLevel: 'full' | 'partial' | 'none' | 'unknown';
+    loadingMethod: 'cdn' | 'npm' | 'dynamic';
+}
+declare function getScriptStats(): Promise<ScriptStats[]>;
+export { getScriptStats };
+export type { CwvEstimate, NetworkSummary, PerformanceGrade, PerformanceRating, PerformanceSummary, PrivacyGrade, PrivacyRating, ScriptApis, ScriptCookie, ScriptPrivacy, ScriptSizeDetail, ScriptStats, TrackedDataType };