@nuxt/scripts 1.0.0-rc.9 → 1.0.1

package/dist/runtime/registry/mixpanel-analytics.js

@@ -1,10 +1,10 @@
 import { useRegistryScript } from "../utils.js";
 import { MixpanelAnalyticsOptions } from "./schemas.js";
 export { MixpanelAnalyticsOptions };
-const methods = ["track", "identify", "reset", "register"];
+const methods = ["track", "identify", "reset", "register", "opt_in_tracking", "opt_out_tracking"];
 const peopleMethods = ["set"];
 export function useScriptMixpanelAnalytics(_options) {
-  return useRegistryScript("mixpanelAnalytics", (options) => {
+  const instance = useRegistryScript("mixpanelAnalytics", (options) => {
     return {
       scriptInput: {
         src: "https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js"
@@ -38,9 +38,21 @@ export function useScriptMixpanelAnalytics(_options) {
             mp._i.push([token, config, name]);
           };
         }
-        if (options?.token)
-          mp.init(options.token);
+        if (options?.token) {
+          const optOutByDefault = options?.defaultConsent === "opt-out";
+          mp.init(options.token, optOutByDefault ? { opt_out_tracking_by_default: true } : void 0);
+          if (options?.defaultConsent === "opt-in") {
+            mp.opt_in_tracking?.();
+          }
+        }
       }
     };
   }, _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      optIn: () => instance.proxy.mixpanel.opt_in_tracking?.(),
+      optOut: () => instance.proxy.mixpanel.opt_out_tracking?.()
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/posthog.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import type { PostHog, PostHogConfig } from 'posthog-js';
 import { PostHogOptions } from './schemas.js';
 export { PostHogOptions };
@@ -22,4 +22,10 @@ declare global {
         }[];
     }
 }
-export declare function useScriptPostHog<T extends PostHogApi>(_options?: PostHogInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface PostHogConsent {
+    /** Call `posthog.opt_in_capturing()`. */
+    optIn: () => void;
+    /** Call `posthog.opt_out_capturing()`. For boot-time opt-out, use `defaultConsent: 'opt-out'` instead. */
+    optOut: () => void;
+}
+export declare function useScriptPostHog<T extends PostHogApi>(_options?: PostHogInput): UseScriptContext<T, PostHogConsent>;

package/dist/runtime/registry/posthog.js

@@ -3,7 +3,7 @@ import { useRegistryScript } from "../utils.js";
 import { PostHogOptions } from "./schemas.js";
 export { PostHogOptions };
 export function useScriptPostHog(_options) {
-  return useRegistryScript("posthog", (options) => {
+  const instance = useRegistryScript("posthog", (options) => {
     return {
       scriptMode: "npm",
       // Use NPM mode - no external script tag
@@ -55,13 +55,17 @@ export function useScriptPostHog(_options) {
             config.capture_pageleave = options.capturePageleave;
           if (typeof options?.disableSessionRecording === "boolean")
             config.disable_session_recording = options.disableSessionRecording;
-          const instance = posthog.init(options.apiKey, config);
-          if (!instance) {
+          if (options?.defaultConsent === "opt-out")
+            config.opt_out_capturing_by_default = true;
+          const instance2 = posthog.init(options.apiKey, config);
+          if (!instance2) {
             logger.error("PostHog init returned undefined - initialization failed");
             delete window._posthogQueue;
             return void 0;
           }
-          window.posthog = instance;
+          window.posthog = instance2;
+          if (options?.defaultConsent === "opt-in")
+            instance2.opt_in_capturing?.();
           if (window._posthogQueue && window._posthogQueue.length > 0) {
             window._posthogQueue.forEach((q) => window.posthog[q.prop]?.(...q.args));
             delete window._posthogQueue;
@@ -76,4 +80,11 @@ export function useScriptPostHog(_options) {
       }
     };
   }, _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      optIn: () => instance.proxy.posthog?.opt_in_capturing?.(),
+      optOut: () => instance.proxy.posthog?.opt_out_capturing?.()
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/schemas.d.ts

@@ -21,6 +21,13 @@ export declare const ClarityOptions: import("valibot").ObjectSchema<{
      * @see https://learn.microsoft.com/en-us/clarity/setup-clarity
      */
     readonly id: import("valibot").SchemaWithPipe<readonly [import("valibot").StringSchema<undefined>, import("valibot").MinLengthAction<string, 10, undefined>]>;
+    /**
+     * Default consent state applied before Clarity starts.
+     * - `boolean` - enable / disable cookies.
+     * - `Record<string, string>` - advanced consent vector (see Clarity docs).
+     * @see https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").BooleanSchema<undefined>, import("valibot").RecordSchema<import("valibot").StringSchema<undefined>, import("valibot").StringSchema<undefined>, undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const CloudflareWebAnalyticsOptions: import("valibot").ObjectSchema<{
     /**
@@ -267,6 +274,21 @@ export declare const GoogleAnalyticsOptions: import("valibot").ObjectSchema<{
      * @see https://developers.google.com/analytics/devguides/collection/gtagjs/setting-up-gtag#rename_the_data_layer
      */
     readonly l: import("valibot").OptionalSchema<import("valibot").StringSchema<undefined>, undefined>;
+    /**
+     * Default GCMv2 consent state fired as `gtag('consent', 'default', ...)` before `gtag('js', ...)`.
+     * @see https://developers.google.com/tag-platform/security/guides/consent
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").ObjectSchema<{
+        readonly ad_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly ad_user_data: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly ad_personalization: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly analytics_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly functionality_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly personalization_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly security_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+        readonly wait_for_update: import("valibot").OptionalSchema<import("valibot").NumberSchema<undefined>, undefined>;
+        readonly region: import("valibot").OptionalSchema<import("valibot").ArraySchema<import("valibot").StringSchema<undefined>, undefined>, undefined>;
+    }, undefined>, undefined>;
 }, undefined>;
 export declare const GoogleMapsOptions: import("valibot").ObjectSchema<{
     /**
@@ -533,6 +555,14 @@ export declare const MatomoAnalyticsOptions: import("valibot").ObjectSchema<{
      * @default true
      */
     readonly watch: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;
+    /**
+     * Default tracking-consent state applied BEFORE the tracker is initialised.
+     * - `'required'` — call `requireConsent` without granting (user must opt in later).
+     * - `'given'` — call `requireConsent` then `setConsentGiven`.
+     * - `'not-required'` — no consent gating (default Matomo behaviour).
+     * @see https://developer.matomo.org/guides/tracking-consent
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"required", undefined>, import("valibot").LiteralSchema<"given", undefined>, import("valibot").LiteralSchema<"not-required", undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const MetaPixelOptions: import("valibot").ObjectSchema<{
     /**
@@ -540,6 +570,12 @@ export declare const MetaPixelOptions: import("valibot").ObjectSchema<{
      * @see https://developers.facebook.com/docs/meta-pixel/get-started
      */
     readonly id: import("valibot").UnionSchema<[import("valibot").StringSchema<undefined>, import("valibot").NumberSchema<undefined>], undefined>;
+    /**
+     * Default consent state. `'granted'` fires `fbq('consent', 'grant')`,
+     * `'denied'` fires `fbq('consent', 'revoke')`, both called before `fbq('init', id)`.
+     * @see https://www.facebook.com/business/help/1151321516677370
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const NpmOptions: import("valibot").ObjectSchema<{
     /**
@@ -630,6 +666,13 @@ export declare const PostHogOptions: import("valibot").ObjectSchema<{
      * @see https://posthog.com/docs/libraries/js#config
      */
     readonly config: import("valibot").OptionalSchema<import("valibot").RecordSchema<import("valibot").StringSchema<undefined>, import("valibot").AnySchema, undefined>, undefined>;
+    /**
+     * Default capture-consent state for PostHog.
+     * - `'opt-out'`: passed as `opt_out_capturing_by_default: true` to `posthog.init`, so capturing is suppressed from the first event.
+     * - `'opt-in'`: applied after `posthog.init` via `posthog.opt_in_capturing()` on the returned instance.
+     * @see https://posthog.com/docs/privacy/opting-out
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"opt-in", undefined>, import("valibot").LiteralSchema<"opt-out", undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const RedditPixelOptions: import("valibot").ObjectSchema<{
     /**
@@ -703,6 +746,13 @@ export declare const MixpanelAnalyticsOptions: import("valibot").ObjectSchema<{
      * @see https://docs.mixpanel.com/docs/tracking-methods/sdks/javascript#1-initialize-the-library
      */
     readonly token: import("valibot").StringSchema<undefined>;
+    /**
+     * Default tracking-consent state for Mixpanel.
+     * - `'opt-out'`: passed as `opt_out_tracking_by_default: true` to `mixpanel.init`, so tracking is suppressed from the first call.
+     * - `'opt-in'`: queued via `mixpanel.push(['opt_in_tracking'])` so the real SDK runs it immediately after load.
+     * @see https://docs.mixpanel.com/docs/privacy/opt-out-of-tracking
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"opt-in", undefined>, import("valibot").LiteralSchema<"opt-out", undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const BingUetOptions: import("valibot").ObjectSchema<{
     /**
@@ -715,6 +765,13 @@ export declare const BingUetOptions: import("valibot").ObjectSchema<{
      * @default true
      */
     readonly enableAutoSpaTracking: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;
+    /**
+     * Default consent state fired as `uetq.push('consent', 'default', ...)` before UET init.
+     * @see https://help.ads.microsoft.com/#apex/ads/en/60119/1-500
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").ObjectSchema<{
+        readonly ad_storage: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>], undefined>, undefined>;
+    }, undefined>, undefined>;
 }, undefined>;
 export declare const SegmentOptions: import("valibot").ObjectSchema<{
     /**
@@ -857,6 +914,14 @@ export declare const TikTokPixelOptions: import("valibot").ObjectSchema<{
      * @default true
      */
     readonly trackPageView: import("valibot").OptionalSchema<import("valibot").BooleanSchema<undefined>, undefined>;
+    /**
+     * Default consent state, applied before `ttq('init', id)`.
+     * - `'granted'` fires `ttq.grantConsent()`
+     * - `'denied'` fires `ttq.revokeConsent()`
+     * - `'hold'` fires `ttq.holdConsent()` to defer until an explicit update
+     * @see https://business-api.tiktok.com/portal/docs?id=1739585600931842
+     */
+    readonly defaultConsent: import("valibot").OptionalSchema<import("valibot").UnionSchema<[import("valibot").LiteralSchema<"granted", undefined>, import("valibot").LiteralSchema<"denied", undefined>, import("valibot").LiteralSchema<"hold", undefined>], undefined>, undefined>;
 }, undefined>;
 export declare const UmamiAnalyticsOptions: import("valibot").ObjectSchema<{
     /**

package/dist/runtime/registry/schemas.js

@@ -1,4 +1,16 @@
 import { any, array, boolean, custom, literal, minLength, number, object, optional, pipe, record, string, union } from "valibot";
+const consentCategoryValue = union([literal("granted"), literal("denied")]);
+const gcmConsentState = object({
+  ad_storage: optional(consentCategoryValue),
+  ad_user_data: optional(consentCategoryValue),
+  ad_personalization: optional(consentCategoryValue),
+  analytics_storage: optional(consentCategoryValue),
+  functionality_storage: optional(consentCategoryValue),
+  personalization_storage: optional(consentCategoryValue),
+  security_storage: optional(consentCategoryValue),
+  wait_for_update: optional(number()),
+  region: optional(array(string()))
+});
 export const BlueskyEmbedOptions = object({
   /**
    * The Bluesky post URL to embed.
@@ -21,7 +33,14 @@ export const ClarityOptions = object({
    * The Clarity token.
    * @see https://learn.microsoft.com/en-us/clarity/setup-clarity
    */
-  id: pipe(string(), minLength(10))
+  id: pipe(string(), minLength(10)),
+  /**
+   * Default consent state applied before Clarity starts.
+   * - `boolean` - enable / disable cookies.
+   * - `Record<string, string>` - advanced consent vector (see Clarity docs).
+   * @see https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent
+   */
+  defaultConsent: optional(union([boolean(), record(string(), string())]))
 });
 export const CloudflareWebAnalyticsOptions = object({
   /**
@@ -264,7 +283,12 @@ export const GoogleAnalyticsOptions = object({
    * @default 'dataLayer'
    * @see https://developers.google.com/analytics/devguides/collection/gtagjs/setting-up-gtag#rename_the_data_layer
    */
-  l: optional(string())
+  l: optional(string()),
+  /**
+   * Default GCMv2 consent state fired as `gtag('consent', 'default', ...)` before `gtag('js', ...)`.
+   * @see https://developers.google.com/tag-platform/security/guides/consent
+   */
+  defaultConsent: optional(gcmConsentState)
 });
 export const GoogleMapsOptions = object({
   /**
@@ -527,14 +551,28 @@ export const MatomoAnalyticsOptions = object({
    * Automatically track page views on route change.
    * @default true
    */
-  watch: optional(boolean())
+  watch: optional(boolean()),
+  /**
+   * Default tracking-consent state applied BEFORE the tracker is initialised.
+   * - `'required'` — call `requireConsent` without granting (user must opt in later).
+   * - `'given'` — call `requireConsent` then `setConsentGiven`.
+   * - `'not-required'` — no consent gating (default Matomo behaviour).
+   * @see https://developer.matomo.org/guides/tracking-consent
+   */
+  defaultConsent: optional(union([literal("required"), literal("given"), literal("not-required")]))
 });
 export const MetaPixelOptions = object({
   /**
    * Your Meta (Facebook) Pixel ID.
    * @see https://developers.facebook.com/docs/meta-pixel/get-started
    */
-  id: union([string(), number()])
+  id: union([string(), number()]),
+  /**
+   * Default consent state. `'granted'` fires `fbq('consent', 'grant')`,
+   * `'denied'` fires `fbq('consent', 'revoke')`, both called before `fbq('init', id)`.
+   * @see https://www.facebook.com/business/help/1151321516677370
+   */
+  defaultConsent: optional(union([literal("granted"), literal("denied")]))
 });
 export const NpmOptions = object({
   /**
@@ -627,7 +665,14 @@ export const PostHogOptions = object({
    * Additional PostHog configuration options passed directly to `posthog.init()`.
    * @see https://posthog.com/docs/libraries/js#config
    */
-  config: optional(record(string(), any()))
+  config: optional(record(string(), any())),
+  /**
+   * Default capture-consent state for PostHog.
+   * - `'opt-out'`: passed as `opt_out_capturing_by_default: true` to `posthog.init`, so capturing is suppressed from the first event.
+   * - `'opt-in'`: applied after `posthog.init` via `posthog.opt_in_capturing()` on the returned instance.
+   * @see https://posthog.com/docs/privacy/opting-out
+   */
+  defaultConsent: optional(union([literal("opt-in"), literal("opt-out")]))
 });
 export const RedditPixelOptions = object({
   /**
@@ -700,7 +745,14 @@ export const MixpanelAnalyticsOptions = object({
    * Your Mixpanel project token.
    * @see https://docs.mixpanel.com/docs/tracking-methods/sdks/javascript#1-initialize-the-library
    */
-  token: string()
+  token: string(),
+  /**
+   * Default tracking-consent state for Mixpanel.
+   * - `'opt-out'`: passed as `opt_out_tracking_by_default: true` to `mixpanel.init`, so tracking is suppressed from the first call.
+   * - `'opt-in'`: queued via `mixpanel.push(['opt_in_tracking'])` so the real SDK runs it immediately after load.
+   * @see https://docs.mixpanel.com/docs/privacy/opt-out-of-tracking
+   */
+  defaultConsent: optional(union([literal("opt-in"), literal("opt-out")]))
 });
 export const BingUetOptions = object({
   /**
@@ -712,7 +764,14 @@ export const BingUetOptions = object({
    * Enable automatic SPA page tracking.
    * @default true
    */
-  enableAutoSpaTracking: optional(boolean())
+  enableAutoSpaTracking: optional(boolean()),
+  /**
+   * Default consent state fired as `uetq.push('consent', 'default', ...)` before UET init.
+   * @see https://help.ads.microsoft.com/#apex/ads/en/60119/1-500
+   */
+  defaultConsent: optional(object({
+    ad_storage: optional(consentCategoryValue)
+  }))
 });
 export const SegmentOptions = object({
   /**
@@ -807,7 +866,15 @@ export const TikTokPixelOptions = object({
    * Whether to automatically track a page view on initialization.
    * @default true
    */
-  trackPageView: optional(boolean())
+  trackPageView: optional(boolean()),
+  /**
+   * Default consent state, applied before `ttq('init', id)`.
+   * - `'granted'` fires `ttq.grantConsent()`
+   * - `'denied'` fires `ttq.revokeConsent()`
+   * - `'hold'` fires `ttq.holdConsent()` to defer until an explicit update
+   * @see https://business-api.tiktok.com/portal/docs?id=1739585600931842
+   */
+  defaultConsent: optional(union([literal("granted"), literal("denied"), literal("hold")]))
 });
 export const UmamiAnalyticsOptions = object({
   /**

package/dist/runtime/registry/tiktok-pixel.d.ts

@@ -1,4 +1,4 @@
-import type { RegistryScriptInput } from '#nuxt-scripts/types';
+import type { RegistryScriptInput, UseScriptContext } from '#nuxt-scripts/types';
 import { TikTokPixelOptions } from './schemas.js';
 type StandardEvents = 'ViewContent' | 'ClickButton' | 'Search' | 'AddToWishlist' | 'AddToCart' | 'InitiateCheckout' | 'AddPaymentInfo' | 'CompletePayment' | 'PlaceAnOrder' | 'Contact' | 'Download' | 'SubmitForm' | 'CompleteRegistration' | 'Subscribe';
 interface EventProperties {
@@ -29,6 +29,12 @@ export interface TikTokPixelApi {
         push: TtqFns;
         loaded: boolean;
         queue: any[];
+        /** Opt user in to tracking. Queued before the script loads; live once `events.js` binds. */
+        grantConsent: () => void;
+        /** Opt user out of tracking. Queued before the script loads; live once `events.js` binds. */
+        revokeConsent: () => void;
+        /** Defer consent until an explicit grant/revoke. Queued before the script loads; live once `events.js` binds. */
+        holdConsent: () => void;
     };
 }
 declare global {
@@ -38,4 +44,12 @@ declare global {
 }
 export { TikTokPixelOptions };
 export type TikTokPixelInput = RegistryScriptInput<typeof TikTokPixelOptions, true, false>;
-export declare function useScriptTikTokPixel<T extends TikTokPixelApi>(_options?: TikTokPixelInput): import("#nuxt-scripts/types").UseScriptContext<T>;
+export interface TikTokPixelConsent {
+    /** Call `ttq.grantConsent()`. */
+    grant: () => void;
+    /** Call `ttq.revokeConsent()`. */
+    revoke: () => void;
+    /** Call `ttq.holdConsent()` to defer the decision. */
+    hold: () => void;
+}
+export declare function useScriptTikTokPixel<T extends TikTokPixelApi>(_options?: TikTokPixelInput): UseScriptContext<T, TikTokPixelConsent>;

package/dist/runtime/registry/tiktok-pixel.js

@@ -3,7 +3,7 @@ import { useRegistryScript } from "../utils.js";
 import { TikTokPixelOptions } from "./schemas.js";
 export { TikTokPixelOptions };
 export function useScriptTikTokPixel(_options) {
-  return useRegistryScript("tiktokPixel", (options) => ({
+  const instance = useRegistryScript("tiktokPixel", (options) => ({
     scriptInput: {
       src: withQuery("https://analytics.tiktok.com/i18n/pixel/events.js", {
         sdkid: options?.id,
@@ -29,6 +29,19 @@ export function useScriptTikTokPixel(_options) {
       ttq.push = ttq;
       ttq.loaded = true;
       ttq.queue = [];
+      const consentMethods = ["grantConsent", "revokeConsent", "holdConsent"];
+      for (const name of consentMethods) {
+        ;
+        ttq[name] = function(...params) {
+          ttq.queue.push([name, ...params]);
+        };
+      }
+      if (options?.defaultConsent === "granted")
+        ttq.grantConsent();
+      else if (options?.defaultConsent === "denied")
+        ttq.revokeConsent();
+      else if (options?.defaultConsent === "hold")
+        ttq.holdConsent();
       if (options?.id) {
         ttq("init", options.id);
         if (options?.trackPageView !== false) {
@@ -37,4 +50,12 @@ export function useScriptTikTokPixel(_options) {
       }
     }
   }), _options);
+  if (import.meta.client && !instance.consent) {
+    instance.consent = {
+      grant: () => instance.proxy.ttq.grantConsent(),
+      revoke: () => instance.proxy.ttq.revokeConsent(),
+      hold: () => instance.proxy.ttq.holdConsent()
+    };
+  }
+  return instance;
 }

package/dist/runtime/registry/x-embed.d.ts

@@ -49,10 +49,6 @@ export interface XEmbedTweetData {
     };
 }
 export type XEmbedInput = RegistryScriptInput<typeof XEmbedOptions, false, false>;
-/**
- * Proxy an X/Twitter image URL through the server
- */
-export declare function proxyXImageUrl(url: string, proxyEndpoint?: string): string;
 /**
  * Format a tweet date for display
  */

package/dist/runtime/registry/x-embed.js

@@ -1,9 +1,5 @@
 import { XEmbedOptions } from "./schemas.js";
 export { XEmbedOptions };
-export function proxyXImageUrl(url, proxyEndpoint = "/_scripts/embed/x-image") {
-  const separator = proxyEndpoint.includes("?") ? "&" : "?";
-  return `${proxyEndpoint}${separator}url=${encodeURIComponent(url)}`;
-}
 export function formatTweetDate(dateString) {
   const date = new Date(dateString);
   const time = date.toLocaleString("en-US", {

package/dist/runtime/server/bluesky-embed-image.d.ts

@@ -1,2 +1,2 @@
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Buffer<ArrayBufferLike>>>;
 export default _default;

package/dist/runtime/server/bluesky-embed.d.ts

@@ -1,16 +1,2 @@
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
-    uri: string;
-    cid: string;
-    author: Record<string, any>;
-    record: Record<string, any>;
-    embed?: Record<string, any>;
-    likeCount: number;
-    repostCount: number;
-    replyCount: number;
-    quoteCount: number;
-    indexedAt: string;
-    labels: Array<{
-        val: string;
-    }>;
-}>>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Record<string, any>>>;
 export default _default;

package/dist/runtime/server/bluesky-embed.js

@@ -1,7 +1,20 @@
 import { createError, defineEventHandler, getQuery, setHeader } from "h3";
-import { $fetch } from "ofetch";
+import { useRuntimeConfig } from "nitropack/runtime";
+import { createCachedJsonFetch } from "./utils/cached-upstream.js";
+import { rewriteBlueskyPostImages } from "./utils/embed-rewriters.js";
 import { withSigning } from "./utils/withSigning.js";
 const BSKY_POST_URL_RE = /^https:\/\/bsky\.app\/profile\/([^/]+)\/post\/([^/?]+)$/;
+const EMBED_BSKY_SUFFIX_RE = /\/embed\/bluesky$/;
+const cachedProfileFetch = createCachedJsonFetch(
+  "nuxt-scripts-bsky-profile",
+  86400,
+  (url) => url
+);
+const cachedPostFetch = createCachedJsonFetch(
+  "nuxt-scripts-bsky-post",
+  600,
+  (url) => url
+);
 export default withSigning(defineEventHandler(async (event) => {
   const query = getQuery(event);
   const postUrl = query.url;
@@ -21,7 +34,7 @@ export default withSigning(defineEventHandler(async (event) => {
   const [, actor, rkey] = match;
   let did = actor;
   if (!actor.startsWith("did:")) {
-    const profile = await $fetch(
+    const profile = await cachedProfileFetch(
       `https://public.api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=${encodeURIComponent(actor)}`
     ).catch((error) => {
       throw createError({
@@ -32,7 +45,7 @@ export default withSigning(defineEventHandler(async (event) => {
     did = profile.did;
   }
   const uri = `at://${did}/app.bsky.feed.post/${rkey}`;
-  const response = await $fetch(
+  const response = await cachedPostFetch(
     `https://public.api.bsky.app/xrpc/app.bsky.feed.getPostThread?uri=${encodeURIComponent(uri)}&depth=0&parentHeight=0`
   ).catch((error) => {
     throw createError({
@@ -46,7 +59,7 @@ export default withSigning(defineEventHandler(async (event) => {
       statusMessage: "Post not found"
     });
   }
-  const post = response.thread.post;
+  const post = structuredClone(response.thread.post);
   const hasOptOut = post.labels?.some((l) => l.val === "!no-unauthenticated") || post.author?.labels?.some((l) => l.val === "!no-unauthenticated");
   if (hasOptOut) {
     throw createError({
@@ -54,6 +67,11 @@ export default withSigning(defineEventHandler(async (event) => {
       statusMessage: "Author has opted out of external embedding"
     });
   }
+  const handlerPath = event.path?.split("?")[0] || "";
+  const prefix = handlerPath.replace(EMBED_BSKY_SUFFIX_RE, "") || "/_scripts";
+  const imagePath = `${prefix}/embed/bluesky-image`;
+  const secret = useRuntimeConfig(event)["nuxt-scripts"]?.proxySecret;
+  rewriteBlueskyPostImages(post, imagePath, secret);
   setHeader(event, "Content-Type", "application/json");
   setHeader(event, "Cache-Control", "public, max-age=600, s-maxage=600");
   return post;

package/dist/runtime/server/google-maps-geocode-proxy.js

@@ -1,8 +1,13 @@
 import { createError, defineEventHandler, getQuery, setHeader } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
-import { $fetch } from "ofetch";
 import { withQuery } from "ufo";
+import { createCachedJsonFetch } from "./utils/cached-upstream.js";
 import { withSigning } from "./utils/withSigning.js";
+const cachedGeocodeFetch = createCachedJsonFetch(
+  "nuxt-scripts-geocode",
+  2592e3,
+  (url) => url
+);
 export default withSigning(defineEventHandler(async (event) => {
   const runtimeConfig = useRuntimeConfig();
   const privateConfig = runtimeConfig["nuxt-scripts"]?.googleMapsGeocodeProxy;
@@ -19,10 +24,8 @@ export default withSigning(defineEventHandler(async (event) => {
     ...safeQuery,
     key: apiKey
   });
-  const data = await $fetch(geocodeUrl, {
-    headers: {
-      "User-Agent": "Nuxt Scripts Google Geocode Proxy"
-    }
+  const data = await cachedGeocodeFetch(geocodeUrl, {
+    headers: { "User-Agent": "Nuxt Scripts Google Geocode Proxy" }
   }).catch((error) => {
     throw createError({
       statusCode: error.statusCode || 500,

package/dist/runtime/server/google-static-maps-proxy.d.ts

@@ -1,2 +1,2 @@
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Buffer<ArrayBufferLike>>>;
 export default _default;

package/dist/runtime/server/google-static-maps-proxy.js

@@ -1,8 +1,11 @@
 import { createError, defineEventHandler, getQuery, setHeader } from "h3";
 import { useRuntimeConfig } from "nitropack/runtime";
-import { $fetch } from "ofetch";
 import { withQuery } from "ufo";
+import { createCachedBinaryFetch } from "./utils/cached-upstream.js";
+import { PAGE_TOKEN_PARAM, PAGE_TOKEN_TS_PARAM, SIG_PARAM } from "./utils/sign-constants.js";
 import { withSigning } from "./utils/withSigning.js";
+const cachedMapFetch = createCachedBinaryFetch("nuxt-scripts-static-map", 604800);
+const STRIP_PARAMS = /* @__PURE__ */ new Set([SIG_PARAM, PAGE_TOKEN_PARAM, PAGE_TOKEN_TS_PARAM, "key"]);
 export default withSigning(defineEventHandler(async (event) => {
   const runtimeConfig = useRuntimeConfig();
   const publicConfig = runtimeConfig.public["nuxt-scripts"]?.googleStaticMapsProxy;
@@ -21,15 +24,17 @@ export default withSigning(defineEventHandler(async (event) => {
     });
   }
   const query = getQuery(event);
-  const { key: _clientKey, ...safeQuery } = query;
+  const safeQuery = {};
+  for (const [k, v] of Object.entries(query)) {
+    if (!STRIP_PARAMS.has(k))
+      safeQuery[k] = v;
+  }
   const googleMapsUrl = withQuery("https://maps.googleapis.com/maps/api/staticmap", {
     ...safeQuery,
     key: apiKey
   });
-  const response = await $fetch.raw(googleMapsUrl, {
-    headers: {
-      "User-Agent": "Nuxt Scripts Google Static Maps Proxy"
-    }
+  const result = await cachedMapFetch(googleMapsUrl, {
+    headers: { "User-Agent": "Nuxt Scripts Google Static Maps Proxy" }
   }).catch((error) => {
     throw createError({
       statusCode: error.statusCode || 500,
@@ -37,8 +42,8 @@ export default withSigning(defineEventHandler(async (event) => {
     });
   });
   const cacheMaxAge = publicConfig.cacheMaxAge || 3600;
-  setHeader(event, "Content-Type", response.headers.get("content-type") || "image/png");
+  setHeader(event, "Content-Type", result.contentType || "image/png");
   setHeader(event, "Cache-Control", `public, max-age=${cacheMaxAge}, s-maxage=${cacheMaxAge}`);
   setHeader(event, "Vary", "Accept-Encoding");
-  return response._data;
+  return result.body;
 }));

package/dist/runtime/server/gravatar-proxy.d.ts

@@ -1,2 +1,2 @@
-declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;
+declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<Buffer<ArrayBufferLike>>>;
 export default _default;