@nuxt/scripts 1.0.0-rc.9 → 1.0.1

package/dist/runtime/components/ScriptXEmbed.vue

@@ -1,7 +1,8 @@
 <script setup>
 import { useAsyncData } from "nuxt/app";
 import { computed } from "vue";
-import { formatCount, formatTweetDate, proxyXImageUrl } from "../registry/x-embed";
+import { useScriptProxyUrl } from "../composables/useScriptProxyUrl";
+import { formatCount, formatTweetDate } from "../registry/x-embed";
 import { requireRegistryEndpoint, scriptsPrefix } from "../utils";
 const props = defineProps({
   tweetId: { type: String, required: true },
@@ -15,10 +16,11 @@ const apiEndpoint = computed(() => props.apiEndpoint || `${prefix}/embed/x`);
 const resolvedImageProxyEndpoint = computed(() => props.imageProxyEndpoint || `${prefix}/embed/x-image`);
 if (!props.apiEndpoint)
   requireRegistryEndpoint("ScriptXEmbed", "xEmbed");
+const proxyUrl = useScriptProxyUrl();
 const cacheKey = computed(() => `x-embed-${props.tweetId}`);
 const { data: tweet, status, error } = useAsyncData(
   cacheKey,
-  () => $fetch(`${apiEndpoint.value}?id=${props.tweetId}`)
+  () => $fetch(proxyUrl(apiEndpoint.value, { id: props.tweetId }))
 );
 const slotProps = computed(() => {
   if (!tweet.value)
@@ -30,8 +32,7 @@ const slotProps = computed(() => {
     // User info
     userName: t.user.name,
     userHandle: t.user.screen_name,
-    userAvatar: proxyXImageUrl(t.user.profile_image_url_https, resolvedImageProxyEndpoint.value),
-    userAvatarOriginal: t.user.profile_image_url_https,
+    userAvatar: t.user.profile_image_url_https,
     isVerified: t.user.verified || t.user.is_blue_verified,
     // Tweet content
     text: t.text,
@@ -42,14 +43,14 @@ const slotProps = computed(() => {
     likesFormatted: formatCount(t.favorite_count),
     replies: t.conversation_count,
     repliesFormatted: formatCount(t.conversation_count),
-    // Media
+    // Media (already proxied)
     photos: t.photos?.map((p) => ({
       ...p,
-      proxiedUrl: proxyXImageUrl(p.url, resolvedImageProxyEndpoint.value)
+      proxiedUrl: p.url
     })),
     video: t.video ? {
       ...t.video,
-      posterProxied: proxyXImageUrl(t.video.poster, resolvedImageProxyEndpoint.value)
+      posterProxied: t.video.poster
     } : null,
     // Links
     tweetUrl: `https://x.com/${t.user.screen_name}/status/${t.id_str}`,
@@ -59,8 +60,9 @@ const slotProps = computed(() => {
     // Reply context
     isReply: !!t.parent,
     replyToUser: t.parent?.user.screen_name,
-    // Helpers
-    proxyImage: (url) => proxyXImageUrl(url, resolvedImageProxyEndpoint.value)
+    // Helpers — proxy an arbitrary URL through the image endpoint at runtime.
+    // Uses the page token emitted during SSR so client-generated URLs validate.
+    proxyImage: (url) => proxyUrl(resolvedImageProxyEndpoint.value, { url })
   };
 });
 defineExpose({

package/dist/runtime/components/ScriptXEmbed.vue.d.ts

@@ -31,7 +31,6 @@ declare const slotProps: import("vue").ComputedRef<{
     userName: string;
     userHandle: string;
     userAvatar: string;
-    userAvatarOriginal: string;
     isVerified: boolean | undefined;
     text: string;
     datetime: string;

package/dist/runtime/composables/useScript.js

@@ -26,11 +26,22 @@ function toNetworkRequest(entry, proxyPrefix) {
     isProxied
   };
 }
-function createDomainMatcher(domains, proxyPrefix) {
+function createDomainMatcher(domains, proxyPrefix, scriptSrc) {
   const localHostname = window.location.hostname;
+  const scriptUrl = (() => {
+    if (!scriptSrc)
+      return "";
+    try {
+      return new URL(scriptSrc, window.location.origin).href;
+    } catch {
+      return "";
+    }
+  })();
   return function matchesScript(entry) {
     try {
       const entryUrl = new URL(entry.name, window.location.origin);
+      if (scriptUrl && entryUrl.href === scriptUrl)
+        return true;
       if (entryUrl.hostname !== localHostname && domains.has(entryUrl.hostname))
         return true;
       const proxyPath = `${proxyPrefix}/`;
@@ -46,12 +57,12 @@ function createDomainMatcher(domains, proxyPrefix) {
     return false;
   };
 }
-function observeNetworkRequests(payload, domains, onUpdate) {
+function observeNetworkRequests(payload, domains, onUpdate, scriptSrc) {
   if (typeof PerformanceObserver === "undefined")
     return () => {
     };
   const proxyPrefix = resolveProxyPrefix();
-  const matchesScript = createDomainMatcher(domains, proxyPrefix);
+  const matchesScript = createDomainMatcher(domains, proxyPrefix, scriptSrc);
   const seen = /* @__PURE__ */ new Set();
   function entryKey(entry) {
     return `${entry.name}@${entry.startTime}`;
@@ -148,7 +159,7 @@ export function useScript(input, options) {
         ],
         networkRequests: []
       };
-      disconnectObserver = observeNetworkRequests(payload, domains, syncScripts);
+      disconnectObserver = observeNetworkRequests(payload, domains, syncScripts, src);
       syncScripts();
     }
     return stub;
@@ -274,7 +285,7 @@ export function useScript(input, options) {
         ...scriptHostname ? [scriptHostname] : [],
         ...options.devtools?.domains || []
       ]);
-      let disconnectObserver = observeNetworkRequests(payload, domains, syncScripts);
+      let disconnectObserver = observeNetworkRequests(payload, domains, syncScripts, input.src);
       const _origRemove = instance.remove;
       const _origReload = instance.reload;
       instance.remove = () => {
@@ -284,7 +295,7 @@ export function useScript(input, options) {
       instance.reload = async () => {
         disconnectObserver();
         const result = await _origReload();
-        disconnectObserver = observeNetworkRequests(payload, domains, syncScripts);
+        disconnectObserver = observeNetworkRequests(payload, domains, syncScripts, input.src);
         return result;
       };
       syncScripts();

package/dist/runtime/composables/useScriptProxyToken.d.ts

@@ -0,0 +1,12 @@
+export interface ScriptProxyToken {
+    token: string;
+    ts: number;
+}
+/**
+ * Shared `useState` holding the proxy page token emitted during SSR.
+ *
+ * Populated by the `nuxt-scripts:proxy-token` server plugin when
+ * `runtimeConfig['nuxt-scripts'].proxySecret` is set, and hydrated to the
+ * client via the Nuxt payload. Stays null when signing is disabled.
+ */
+export declare function useScriptProxyToken(): import("vue").Ref<ScriptProxyToken | null, ScriptProxyToken | null>;

package/dist/runtime/composables/useScriptProxyToken.js

@@ -0,0 +1,4 @@
+import { useState } from "nuxt/app";
+export function useScriptProxyToken() {
+  return useState("nuxt-scripts:proxy-token", () => null);
+}

package/dist/runtime/composables/useScriptProxyUrl.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Build proxy URLs that the server's `withSigning` middleware accepts.
+ *
+ * Attaches the page token emitted during SSR (`_pt` + `_ts`) when one is
+ * available, so client-driven proxy calls (e.g. reactive fetches, dynamic
+ * image helpers exposed in slot props) authenticate without needing a
+ * server round-trip to sign each URL.
+ *
+ * When no token is present (signing disabled or no secret), emits plain
+ * `?url=...` URLs, matching the pre-signing behavior.
+ */
+export declare function useScriptProxyUrl(): (path: string, query?: Record<string, unknown>) => string;

package/dist/runtime/composables/useScriptProxyUrl.js

@@ -0,0 +1,27 @@
+import { PAGE_TOKEN_PARAM, PAGE_TOKEN_TS_PARAM } from "../server/utils/sign-constants.js";
+import { useScriptProxyToken } from "./useScriptProxyToken.js";
+export function useScriptProxyUrl() {
+  const token = useScriptProxyToken();
+  return (path, query = {}) => {
+    const parts = [];
+    for (const [key, value] of Object.entries(query)) {
+      if (value === void 0 || value === null)
+        continue;
+      const encodedKey = encodeURIComponent(key);
+      if (Array.isArray(value)) {
+        for (const item of value) {
+          if (item === void 0 || item === null)
+            continue;
+          parts.push(`${encodedKey}=${encodeURIComponent(String(item))}`);
+        }
+      } else {
+        parts.push(`${encodedKey}=${encodeURIComponent(String(value))}`);
+      }
+    }
+    if (token.value) {
+      parts.push(`${PAGE_TOKEN_PARAM}=${encodeURIComponent(token.value.token)}`);
+      parts.push(`${PAGE_TOKEN_TS_PARAM}=${token.value.ts}`);
+    }
+    return parts.length ? `${path}?${parts.join("&")}` : path;
+  };
+}

package/dist/runtime/plugins/proxy-token.server.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Emit a per-request proxy page token into the SSR payload.
+ *
+ * The token authorizes client-side proxy calls (`/embed/x-image?url=...`,
+ * `/embed/bluesky?url=...`, etc.) without needing each URL to be signed
+ * ahead of time. It stays null when no proxy secret is configured, in
+ * which case `withSigning` passes requests through unchecked.
+ */
+declare const _default: import("nuxt/app").Plugin<Record<string, unknown>> & import("nuxt/app").ObjectPlugin<Record<string, unknown>>;
+export default _default;

package/dist/runtime/plugins/proxy-token.server.js

@@ -0,0 +1,17 @@
+import { defineNuxtPlugin, useRuntimeConfig } from "nuxt/app";
+import { useScriptProxyToken } from "../composables/useScriptProxyToken.js";
+import { generateProxyToken } from "../server/utils/sign.js";
+export default defineNuxtPlugin({
+  name: "nuxt-scripts:proxy-token",
+  enforce: "pre",
+  setup() {
+    const secret = useRuntimeConfig()["nuxt-scripts"]?.proxySecret;
+    if (!secret)
+      return;
+    const ts = Math.floor(Date.now() / 1e3);
+    useScriptProxyToken().value = {
+      token: generateProxyToken(secret, ts),
+      ts
+    };
+  }
+});

package/dist/runtime/registry/bing-uet.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { BingUetOptions } from './schemas.js';
 export { BingUetOptions };
 export type BingUetInput = RegistryScriptInput<typeof BingUetOptions, true, false>;
@@ -189,6 +189,10 @@ declare global {
         uetq: any[] | BingUetQueue;
     }
 }
+export interface BingUetConsent {
+    /** Push `['consent','update', state]` with the `ad_storage` signal. */
+    update: (state: BingUetConsentOptions) => void;
+}
 export declare function useScriptBingUet<T extends BingUetApi>(_options?: BingUetInput & {
     onBeforeUetStart?: (uetq: BingUetQueue) => void;
-}): import("#nuxt-scripts/types").UseScriptContext<T>;
+}): UseScriptContext<T, BingUetConsent>;

package/dist/runtime/registry/bing-uet.js

@@ -2,7 +2,7 @@ import { useRegistryScript } from "../utils.js";
 import { BingUetOptions } from "./schemas.js";
 export { BingUetOptions };
 export function useScriptBingUet(_options) {
-  return useRegistryScript("bingUet", (options) => ({
+  const instance = useRegistryScript("bingUet", (options) => ({
     scriptInput: {
       src: "https://bat.bing.com/bat.js",
       crossorigin: false
@@ -25,7 +25,19 @@ export function useScriptBingUet(_options) {
     clientInit: import.meta.server ? void 0 : () => {
       const uetq = window.uetq || [];
       window.uetq = uetq;
+      if (options?.defaultConsent) {
+        uetq.push("consent", "default", options.defaultConsent);
+      }
       _options?.onBeforeUetStart?.(uetq);
     }
   }), _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      update: (state) => {
+        ;
+        instance.proxy.uetq.push("consent", "update", state);
+      }
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/bluesky-embed.d.ts

@@ -98,10 +98,6 @@ export declare function extractBlueskyPostId(url: string): {
     actor: string;
     rkey: string;
 } | undefined;
-/**
- * Proxy a Bluesky image URL through the server
- */
-export declare function proxyBlueskyImageUrl(url: string, proxyEndpoint?: string): string;
 /**
  * Format a Bluesky post date for display
  */

package/dist/runtime/registry/bluesky-embed.js

@@ -7,10 +7,6 @@ export function extractBlueskyPostId(url) {
     return void 0;
   return { actor: match[1], rkey: match[2] };
 }
-export function proxyBlueskyImageUrl(url, proxyEndpoint = "/_scripts/embed/bluesky-image") {
-  const separator = proxyEndpoint.includes("?") ? "&" : "?";
-  return `${proxyEndpoint}${separator}url=${encodeURIComponent(url)}`;
-}
 export function formatBlueskyDate(dateString) {
   const date = new Date(dateString);
   const time = date.toLocaleString("en-US", {

package/dist/runtime/registry/clarity.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { ClarityOptions } from './schemas.js';
 export { ClarityOptions };
 type ClarityFunctions = ((fn: 'start', options?: {
@@ -25,4 +25,8 @@ declare global {
     }
 }
 export type ClarityInput = RegistryScriptInput<typeof ClarityOptions>;
-export declare function useScriptClarity<T extends ClarityApi>(_options?: ClarityInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface ClarityConsent {
+    /** Call `clarity('consent', value)` with either a boolean (default) or Clarity's advanced vector. */
+    set: (value: boolean | Record<string, string>) => void;
+}
+export declare function useScriptClarity<T extends ClarityApi>(_options?: ClarityInput): UseScriptContext<T, ClarityConsent>;

package/dist/runtime/registry/clarity.js

@@ -2,7 +2,7 @@ import { useRegistryScript } from "../utils.js";
 import { ClarityOptions } from "./schemas.js";
 export { ClarityOptions };
 export function useScriptClarity(_options) {
-  return useRegistryScript("clarity", (options) => ({
+  const instance = useRegistryScript("clarity", (options) => ({
     scriptInput: {
       src: `https://www.clarity.ms/tag/${options.id}`
     },
@@ -22,6 +22,17 @@ export function useScriptClarity(_options) {
       window.clarity = window.clarity || function(...params) {
         (window.clarity.q = window.clarity.q || []).push(params);
       };
+      if (options?.defaultConsent !== void 0)
+        window.clarity("consent", options.defaultConsent);
     }
   }), _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      set: (value) => {
+        ;
+        instance.proxy.clarity("consent", value);
+      }
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/google-analytics.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { ConsentState, RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { GoogleAnalyticsOptions } from './schemas.js';
 export type GtagCustomParams = Record<string, any>;
 export type ConsentStatus = 'granted' | 'denied';
@@ -58,6 +58,10 @@ export interface GoogleAnalyticsApi {
 }
 export { GoogleAnalyticsOptions };
 export type GoogleAnalyticsInput = RegistryScriptInput<typeof GoogleAnalyticsOptions>;
+export interface GoogleAnalyticsConsent {
+    /** Send `gtag('consent','update', state)` with GCMv2 partial state. */
+    update: (state: ConsentState) => void;
+}
 export declare function useScriptGoogleAnalytics<T extends GoogleAnalyticsApi>(_options?: GoogleAnalyticsInput & {
     onBeforeGtagStart?: (gtag: GTag) => void;
-}): import("#nuxt-scripts/types").UseScriptContext<T>;
+}): UseScriptContext<T, GoogleAnalyticsConsent>;

package/dist/runtime/registry/google-analytics.js

@@ -3,7 +3,7 @@ import { withQuery } from "ufo";
 import { GoogleAnalyticsOptions } from "./schemas.js";
 export { GoogleAnalyticsOptions };
 export function useScriptGoogleAnalytics(_options) {
-  return useRegistryScript(_options?.key || "googleAnalytics", (options) => {
+  const instance = useRegistryScript(_options?.key || "googleAnalytics", (options) => {
     const dataLayerName = options?.l ?? "dataLayer";
     const w = import.meta.client ? window : {};
     return {
@@ -24,6 +24,8 @@ export function useScriptGoogleAnalytics(_options) {
         w.gtag = function() {
           w[dataLayerName].push(arguments);
         };
+        if (options?.defaultConsent)
+          w.gtag("consent", "default", options.defaultConsent);
         _options?.onBeforeGtagStart?.(w.gtag);
         w.gtag("js", /* @__PURE__ */ new Date());
         if (options?.id) {
@@ -32,4 +34,13 @@ export function useScriptGoogleAnalytics(_options) {
       }
     };
   }, _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      update: (state) => {
+        ;
+        instance.proxy.gtag("consent", "update", state);
+      }
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/google-tag-manager.d.ts

@@ -1,4 +1,4 @@
-import type { NuxtUseScriptOptions, RegistryScriptInput, UseFunctionType, UseScriptContext } from '#nuxt-scripts/types';
+import type { ConsentState, NuxtUseScriptOptions, RegistryScriptInput, UseFunctionType, UseScriptContext } from '#nuxt-scripts/types';
 import type { GTag } from './google-analytics.js';
 import { GoogleTagManagerOptions } from './schemas.js';
 /**
@@ -68,6 +68,10 @@ declare global {
 }
 export { GoogleTagManagerOptions };
 export type GoogleTagManagerInput = RegistryScriptInput<typeof GoogleTagManagerOptions>;
+export interface GoogleTagManagerConsent {
+    /** Push `['consent','update', state]` onto dataLayer with GCMv2 partial state. */
+    update: (state: ConsentState) => void;
+}
 /**
  * Hook to use Google Tag Manager in Nuxt applications
  */
@@ -77,4 +81,4 @@ export declare function useScriptGoogleTagManager<T extends GoogleTagManagerApi>
      * Allows for custom initialization or configuration
      */
     onBeforeGtmStart?: (gtag: DataLayerPush) => void;
-}): UseScriptContext<UseFunctionType<NuxtUseScriptOptions<T>, T>>;
+}): UseScriptContext<UseFunctionType<NuxtUseScriptOptions<T>, T>, GoogleTagManagerConsent>;

package/dist/runtime/registry/google-tag-manager.js

@@ -54,5 +54,14 @@ export function useScriptGoogleTagManager(options) {
     if (gtag)
       options.onBeforeGtmStart(gtag);
   }
-  return instance;
+  const typed = instance;
+  if (import.meta.client && !typed.consent) {
+    typed.consent = {
+      update: (state) => {
+        ;
+        typed.proxy.dataLayer.push(["consent", "update", state]);
+      }
+    };
+  }
+  return typed;
 }

package/dist/runtime/registry/gravatar.js

@@ -1,4 +1,5 @@
 import { scriptsPrefix, useRegistryScript } from "#nuxt-scripts/utils";
+import { useScriptProxyUrl } from "../composables/useScriptProxyUrl.js";
 import { GravatarOptions } from "./schemas.js";
 export { GravatarOptions } from "./schemas.js";
 export function useScriptGravatar(_options) {
@@ -6,13 +7,11 @@ export function useScriptGravatar(_options) {
     const size = options?.size ?? 80;
     const defaultImg = options?.default ?? "mp";
     const rating = options?.rating ?? "g";
-    const buildQuery = (overrides) => {
-      const params = new URLSearchParams();
-      params.set("s", String(overrides?.size ?? size));
-      params.set("d", overrides?.default ?? defaultImg);
-      params.set("r", overrides?.rating ?? rating);
-      return params.toString();
-    };
+    const buildQuery = (overrides) => ({
+      s: overrides?.size ?? size,
+      d: overrides?.default ?? defaultImg,
+      r: overrides?.rating ?? rating
+    });
     return {
       scriptInput: {
         src: "https://secure.gravatar.com/js/gprofiles.js"
@@ -21,13 +20,11 @@ export function useScriptGravatar(_options) {
       scriptOptions: {
         use: () => {
           const prefix = scriptsPrefix();
+          const proxyUrl = useScriptProxyUrl();
+          const path = `${prefix}/proxy/gravatar`;
           return {
-            getAvatarUrl: (hash, overrides) => {
-              return `${prefix}/proxy/gravatar?hash=${encodeURIComponent(hash)}&${buildQuery(overrides)}`;
-            },
-            getAvatarUrlFromEmail: (email, overrides) => {
-              return `${prefix}/proxy/gravatar?email=${encodeURIComponent(email)}&${buildQuery(overrides)}`;
-            }
+            getAvatarUrl: (hash, overrides) => proxyUrl(path, { hash, ...buildQuery(overrides) }),
+            getAvatarUrlFromEmail: (email, overrides) => proxyUrl(path, { email, ...buildQuery(overrides) })
           };
         }
       }

package/dist/runtime/registry/matomo-analytics.d.ts

@@ -1,12 +1,18 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { MatomoAnalyticsOptions } from './schemas.js';
 export { MatomoAnalyticsOptions };
 export type MatomoAnalyticsInput = RegistryScriptInput<typeof MatomoAnalyticsOptions, false, false>;
-interface MatomoAnalyticsApi {
+export interface MatomoAnalyticsApi {
     _paq: unknown[];
 }
 declare global {
     interface Window extends MatomoAnalyticsApi {
     }
 }
-export declare function useScriptMatomoAnalytics<T extends MatomoAnalyticsApi>(_options?: MatomoAnalyticsInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface MatomoConsent {
+    /** Push `setConsentGiven`. Requires `defaultConsent: 'required' | 'given'` at registration to have an effect. */
+    give: () => void;
+    /** Push `forgetConsentGiven`. Requires `defaultConsent: 'required' | 'given'` at registration to have an effect. */
+    forget: () => void;
+}
+export declare function useScriptMatomoAnalytics<T extends MatomoAnalyticsApi>(_options?: MatomoAnalyticsInput): UseScriptContext<T, MatomoConsent>;

package/dist/runtime/registry/matomo-analytics.js

@@ -5,7 +5,7 @@ import { useRegistryScript } from "../utils.js";
 import { MatomoAnalyticsOptions } from "./schemas.js";
 export { MatomoAnalyticsOptions };
 export function useScriptMatomoAnalytics(_options) {
-  return useRegistryScript("matomoAnalytics", (options) => {
+  const instance = useRegistryScript("matomoAnalytics", (options) => {
     const normalizedCloudId = options?.cloudId ? withoutTrailingSlash(withoutProtocol(options.cloudId)) : void 0;
     const origin = options?.matomoUrl ? options.matomoUrl : `https://cdn.matomo.cloud/${normalizedCloudId}/`;
     const _paq = import.meta.client ? window._paq = window._paq || [] : [];
@@ -30,6 +30,12 @@ export function useScriptMatomoAnalytics(_options) {
         }
       },
       clientInit: import.meta.server ? void 0 : () => {
+        if (options?.defaultConsent === "required") {
+          _paq.push(["requireConsent"]);
+        } else if (options?.defaultConsent === "given") {
+          _paq.push(["requireConsent"]);
+          _paq.push(["setConsentGiven"]);
+        }
         if (options?.enableLinkTracking) {
           _paq.push(["enableLinkTracking"]);
         }
@@ -59,4 +65,25 @@ export function useScriptMatomoAnalytics(_options) {
       }
     };
   }, _options);
+  if (import.meta.client && !instance.consent) {
+    const requiresConsent = _options?.defaultConsent === "required" || _options?.defaultConsent === "given";
+    const warnIfUnsafe = import.meta.dev ? (method) => {
+      if (!requiresConsent) {
+        logger.warn(`matomo consent.${method}() is a no-op unless \`defaultConsent: 'required'\` or \`'given'\` is set at registration.`);
+      }
+    } : () => {
+    };
+    const paq = instance.proxy._paq;
+    instance.consent = {
+      give: () => {
+        warnIfUnsafe("give");
+        paq.push(["setConsentGiven"]);
+      },
+      forget: () => {
+        warnIfUnsafe("forget");
+        paq.push(["forgetConsentGiven"]);
+      }
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/meta-pixel.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { MetaPixelOptions } from './schemas.js';
 type StandardEvents = 'AddPaymentInfo' | 'AddToCart' | 'AddToWishlist' | 'CompleteRegistration' | 'Contact' | 'CustomizeProduct' | 'Donate' | 'FindLocation' | 'InitiateCheckout' | 'Lead' | 'Purchase' | 'Schedule' | 'Search' | 'StartTrial' | 'SubmitApplication' | 'Subscribe' | 'ViewContent';
 interface EventObjectProperties {
@@ -38,4 +38,10 @@ declare global {
 }
 export { MetaPixelOptions };
 export type MetaPixelInput = RegistryScriptInput<typeof MetaPixelOptions, true, false>;
-export declare function useScriptMetaPixel<T extends MetaPixelApi>(_options?: MetaPixelInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface MetaPixelConsent {
+    /** Call `fbq('consent','grant')`. */
+    grant: () => void;
+    /** Call `fbq('consent','revoke')`. */
+    revoke: () => void;
+}
+export declare function useScriptMetaPixel<T extends MetaPixelApi>(_options?: MetaPixelInput): UseScriptContext<T, MetaPixelConsent>;

package/dist/runtime/registry/meta-pixel.js

@@ -2,7 +2,7 @@ import { useRegistryScript } from "../utils.js";
 import { MetaPixelOptions } from "./schemas.js";
 export { MetaPixelOptions };
 export function useScriptMetaPixel(_options) {
-  return useRegistryScript("metaPixel", (options) => ({
+  const instance = useRegistryScript("metaPixel", (options) => ({
     scriptInput: {
       src: "https://connect.facebook.net/en_US/fbevents.js",
       crossorigin: false
@@ -27,8 +27,17 @@ export function useScriptMetaPixel(_options) {
       fbq.loaded = true;
       fbq.version = "2.0";
       fbq.queue = [];
+      if (options?.defaultConsent)
+        fbq("consent", options.defaultConsent === "granted" ? "grant" : "revoke");
       fbq("init", options?.id);
       fbq("track", "PageView");
     }
   }), _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      grant: () => instance.proxy.fbq("consent", "grant"),
+      revoke: () => instance.proxy.fbq("consent", "revoke")
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/mixpanel-analytics.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { MixpanelAnalyticsOptions } from './schemas.js';
 export { MixpanelAnalyticsOptions };
 export type MixpanelAnalyticsInput = RegistryScriptInput<typeof MixpanelAnalyticsOptions>;
@@ -12,6 +12,10 @@ export interface MixpanelAnalyticsApi {
         };
         register: (properties: Record<string, any>) => void;
         init: (token: string, config?: Record<string, any>) => void;
+        /** Opt the user in to tracking. Available after the real SDK loads. */
+        opt_in_tracking?: () => void;
+        /** Opt the user out of tracking. Available after the real SDK loads. */
+        opt_out_tracking?: () => void;
     };
 }
 declare global {
@@ -19,4 +23,10 @@ declare global {
         mixpanel: MixpanelAnalyticsApi['mixpanel'];
     }
 }
-export declare function useScriptMixpanelAnalytics<T extends MixpanelAnalyticsApi>(_options?: MixpanelAnalyticsInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface MixpanelConsent {
+    /** Call `mixpanel.opt_in_tracking()`. */
+    optIn: () => void;
+    /** Call `mixpanel.opt_out_tracking()`. For boot-time opt-out, use `defaultConsent: 'opt-out'` instead. */
+    optOut: () => void;
+}
+export declare function useScriptMixpanelAnalytics<T extends MixpanelAnalyticsApi>(_options?: MixpanelAnalyticsInput): UseScriptContext<T, MixpanelConsent>;