@nuxt/scripts 1.0.5 → 1.1.0

package/dist/runtime/registry/usercentrics.js

@@ -0,0 +1,54 @@
+import { useHead } from "@unhead/vue";
+import { useRegistryScript } from "../utils.js";
+import { UsercentricsOptions } from "./schemas.js";
+export { UsercentricsOptions };
+export function useScriptUsercentrics(_options) {
+  const instance = useRegistryScript("usercentrics", (options) => {
+    if (import.meta.client && options.autoblocker) {
+      useHead({
+        script: [{
+          src: "https://web.cmp.usercentrics.eu/modules/autoblocker.js",
+          tagPosition: "head",
+          tagPriority: "high"
+        }]
+      });
+    }
+    return {
+      scriptInput: {
+        "src": "https://web.cmp.usercentrics.eu/ui/loader.js",
+        "id": "usercentrics-cmp",
+        "data-ruleset-id": options.rulesetId,
+        "data-language": options.language,
+        "crossorigin": false
+      },
+      schema: import.meta.dev ? UsercentricsOptions : void 0,
+      scriptOptions: {
+        use() {
+          return { ucCmp: window.__ucCmp };
+        }
+      }
+    };
+  }, _options);
+  if (import.meta.client && !instance.consent) {
+    const whenReady = () => new Promise((resolve) => {
+      const onReady = () => {
+        window.removeEventListener("UC_CMP_API_READY", onReady);
+        resolve(window.__ucCmp);
+      };
+      window.addEventListener("UC_CMP_API_READY", onReady);
+    });
+    instance.consent = {
+      whenReady,
+      onConsentChange(cb) {
+        const handler = (e) => cb(e.detail, e);
+        window.addEventListener("UC_UI_CMP_EVENT", handler);
+        return () => window.removeEventListener("UC_UI_CMP_EVENT", handler);
+      },
+      showFirstLayer: () => window.__ucCmp?.showFirstLayer?.(),
+      showSecondLayer: () => window.__ucCmp?.showSecondLayer?.(),
+      acceptAll: () => window.__ucCmp?.acceptAllConsents?.(),
+      denyAll: () => window.__ucCmp?.denyAllConsents?.()
+    };
+  }
+  return instance;
+}

package/dist/runtime/server/proxy-handler.js

@@ -230,7 +230,11 @@ export default defineEventHandler(async (event) => {
   });
   log("[proxy] Fetching:", targetUrl);
   const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), 15e3);
+  let timedOut = false;
+  const timeoutId = setTimeout(() => {
+    timedOut = true;
+    controller.abort();
+  }, 15e3);
   let fetchBody;
   if (passthroughBody) {
     fetchBody = getRequestWebStream(event);
@@ -252,9 +256,14 @@ export default defineEventHandler(async (event) => {
   } catch (err) {
     log("[proxy] Upstream error:", err);
     throw createError({
-      statusCode: 502,
-      statusMessage: "Bad Gateway",
-      message: `Proxy upstream request failed: ${targetUrl}`
+      statusCode: timedOut ? 504 : 502,
+      statusMessage: timedOut ? "Gateway Timeout" : "Bad Gateway",
+      message: `Proxy upstream request failed: ${targetUrl}`,
+      cause: err,
+      data: {
+        errorName: err?.name,
+        errorCode: timedOut ? "TIMEOUT" : err?.code
+      }
     });
   } finally {
     clearTimeout(timeoutId);

package/dist/runtime/types.d.ts

@@ -3,8 +3,10 @@ import type { Script } from '@unhead/vue/types';
 import type { Import } from 'unimport';
 import type { InferInput, ObjectEntries, ObjectSchema, UnionSchema, ValiError } from 'valibot';
 import type { ComputedRef, Ref } from 'vue';
+import type { AhrefsAnalyticsInput } from './registry/ahrefs-analytics.js';
 import type { BingUetInput } from './registry/bing-uet.js';
 import type { BlueskyEmbedInput } from './registry/bluesky-embed.js';
+import type { CalendlyInput } from './registry/calendly.js';
 import type { ClarityInput } from './registry/clarity.js';
 import type { CloudflareWebAnalyticsInput } from './registry/cloudflare-web-analytics.js';
 import type { CrispInput } from './registry/crisp.js';
@@ -21,6 +23,7 @@ import type { HotjarInput } from './registry/hotjar.js';
 import type { InstagramEmbedInput } from './registry/instagram-embed.js';
 import type { IntercomInput } from './registry/intercom.js';
 import type { LemonSqueezyInput } from './registry/lemon-squeezy.js';
+import type { LinkedInInsightInput } from './registry/linkedin-insight.js';
 import type { MatomoAnalyticsInput } from './registry/matomo-analytics.js';
 import type { MetaPixelInput } from './registry/meta-pixel.js';
 import type { MixpanelAnalyticsInput } from './registry/mixpanel-analytics.js';
@@ -35,6 +38,7 @@ import type { SnapTrPixelInput } from './registry/snapchat-pixel.js';
 import type { StripeInput } from './registry/stripe.js';
 import type { TikTokPixelInput } from './registry/tiktok-pixel.js';
 import type { UmamiAnalyticsInput } from './registry/umami-analytics.js';
+import type { UsercentricsInput } from './registry/usercentrics.js';
 import type { VercelAnalyticsInput } from './registry/vercel-analytics.js';
 import type { VimeoPlayerInput } from './registry/vimeo-player.js';
 import type { XEmbedInput } from './registry/x-embed.js';
@@ -61,6 +65,20 @@ export interface ConsentState {
     functionality_storage?: ConsentCategoryValue;
     personalization_storage?: ConsentCategoryValue;
     security_storage?: ConsentCategoryValue;
+    /** Region/subdivision codes (ISO 3166-1 alpha-2 or `XX-YY`) this default applies to. */
+    region?: string[];
+    /** Milliseconds to wait for `consent.update()` before firing queued tags. */
+    wait_for_update?: number;
+}
+/**
+ * Auto-attached `consent` API on scripts that adhere to the GCMv2 Consent Mode
+ * contract (Google Analytics, Google Tag Manager, …).
+ */
+export interface GcmConsentApi {
+    /** Push `['consent','default', state]` (or equivalent gtag call) with GCMv2 partial state. */
+    default: (state: ConsentState) => void;
+    /** Push `['consent','update', state]` (or equivalent gtag call) with GCMv2 partial state. */
+    update: (state: ConsentState) => void;
 }
 export type UseScriptContext<T extends Record<symbol | string, any>, C = unknown> = VueScriptInstance<T> & {
     /**
@@ -138,6 +156,13 @@ export type NuxtUseScriptOptions<T extends Record<symbol | string, any> = {}> =
          * @internal
          */
         registryMeta?: Record<string, string>;
+        /**
+         * Source location (file:line:col) the script was registered from, captured
+         * via dev-only stack-trace parsing in `useRegistryScript`. Surfaced in
+         * debug logs and Nuxt DevTools.
+         * @internal
+         */
+        loadedFrom?: string;
         /**
          * Known third-party domains this script communicates with.
          * @internal
@@ -208,9 +233,11 @@ export interface NuxtDevToolsScriptInstance {
     networkRequests: NuxtDevToolsNetworkRequest[];
 }
 export interface ScriptRegistry {
+    ahrefsAnalytics?: AhrefsAnalyticsInput;
     bingUet?: BingUetInput;
     blueskyEmbed?: BlueskyEmbedInput;
     carbonAds?: true;
+    calendly?: CalendlyInput;
     crisp?: CrispInput;
     clarity?: ClarityInput;
     cloudflareWebAnalytics?: CloudflareWebAnalyticsInput;
@@ -228,6 +255,7 @@ export interface ScriptRegistry {
     googleTagManager?: GoogleTagManagerInput;
     hotjar?: HotjarInput;
     intercom?: IntercomInput;
+    linkedinInsight?: LinkedInInsightInput;
     paypal?: PayPalInput;
     posthog?: PostHogInput;
     matomoAnalytics?: MatomoAnalyticsInput;
@@ -244,6 +272,7 @@ export interface ScriptRegistry {
     vercelAnalytics?: VercelAnalyticsInput;
     vimeoPlayer?: VimeoPlayerInput;
     umamiAnalytics?: UmamiAnalyticsInput;
+    usercentrics?: UsercentricsInput;
     gravatar?: GravatarInput;
     npm?: NpmInput;
     [key: `${string}-npm`]: NpmInput;
@@ -252,7 +281,7 @@ export interface ScriptRegistry {
  * Built-in registry script keys — not affected by module augmentation.
  * Use this to type-check records that must enumerate all built-in scripts (logos, meta, etc.).
  */
-export type BuiltInRegistryScriptKey = 'bingUet' | 'blueskyEmbed' | 'carbonAds' | 'crisp' | 'clarity' | 'cloudflareWebAnalytics' | 'databuddyAnalytics' | 'metaPixel' | 'fathomAnalytics' | 'instagramEmbed' | 'plausibleAnalytics' | 'googleAdsense' | 'googleAnalytics' | 'googleMaps' | 'googleRecaptcha' | 'googleSignIn' | 'lemonSqueezy' | 'googleTagManager' | 'hotjar' | 'intercom' | 'paypal' | 'posthog' | 'matomoAnalytics' | 'mixpanelAnalytics' | 'rybbitAnalytics' | 'redditPixel' | 'segment' | 'stripe' | 'tiktokPixel' | 'xEmbed' | 'xPixel' | 'snapchatPixel' | 'youtubePlayer' | 'vercelAnalytics' | 'vimeoPlayer' | 'umamiAnalytics' | 'gravatar' | 'npm';
+export type BuiltInRegistryScriptKey = 'ahrefsAnalytics' | 'bingUet' | 'blueskyEmbed' | 'calendly' | 'carbonAds' | 'crisp' | 'clarity' | 'cloudflareWebAnalytics' | 'databuddyAnalytics' | 'metaPixel' | 'fathomAnalytics' | 'instagramEmbed' | 'plausibleAnalytics' | 'googleAdsense' | 'googleAnalytics' | 'googleMaps' | 'googleRecaptcha' | 'googleSignIn' | 'lemonSqueezy' | 'googleTagManager' | 'hotjar' | 'intercom' | 'linkedinInsight' | 'paypal' | 'posthog' | 'matomoAnalytics' | 'mixpanelAnalytics' | 'rybbitAnalytics' | 'redditPixel' | 'segment' | 'stripe' | 'tiktokPixel' | 'xEmbed' | 'xPixel' | 'snapchatPixel' | 'youtubePlayer' | 'vercelAnalytics' | 'vimeoPlayer' | 'umamiAnalytics' | 'usercentrics' | 'gravatar' | 'npm';
 /**
  * Union of all explicit registry script keys (excludes npm pattern).
  * Includes both built-in and augmented keys.
@@ -382,6 +411,16 @@ export type SdkPatch = {
     separator: string;
     fromDomain: string;
     appendPath?: string;
+}
+/**
+ * Replace `new URL(<expr>).origin` with `self.location.origin + "<proxyPath>"`.
+ * Used by SDKs that derive their API host as `new URL(currentScript.src).origin + "/api/..."`.
+ * When bundled, the script src origin is the Nuxt origin, so the derived endpoint
+ * lands on a 404 instead of the proxy. This patch redirects it through the proxy.
+ */
+ | {
+    type: 'replace-new-url-origin';
+    fromDomain: string;
 };
 /**
  * Partytown capability config. When present, the script can run in a

package/dist/runtime/utils.d.ts

@@ -1,6 +1,7 @@
 import type { UseScriptInput } from '@unhead/vue';
 import type { ObjectSchema, UnionSchema } from 'valibot';
-import type { EmptyOptionsSchema, InferIfSchema, NuxtUseScriptOptions, RegistryScriptInput, ScriptRegistry, UseFunctionType, UseScriptContext } from '#nuxt-scripts/types';
+import type { EmptyOptionsSchema, InferIfSchema, NuxtUseScriptOptions, RegistryScriptInput, RegistryScriptKey, ScriptRegistry, UseFunctionType, UseScriptContext } from '#nuxt-scripts/types';
+import type { GcmConsentContract } from './registry/_gcm-consent.js';
 export type MaybePromise<T> = Promise<T> | T;
 type OptionsFn<O> = (options: InferIfSchema<O>, ctx: {
     scriptInput?: UseScriptInput & {
@@ -12,8 +13,13 @@ type OptionsFn<O> = (options: InferIfSchema<O>, ctx: {
     schema?: O extends ObjectSchema<any, any> | UnionSchema<any, any> ? O : undefined;
     clientInit?: () => void | Promise<any>;
     scriptMode?: 'external' | 'npm';
+    /**
+     * Opt-in: this script consumes GCMv2 Consent Mode. `useRegistryScript` auto-attaches
+     * a `consent: { default, update }` API + dev validation against the canonical schema.
+     */
+    gcmConsent?: GcmConsentContract;
 });
-export declare function scriptRuntimeConfig<T extends keyof ScriptRegistry>(key: T): ScriptRegistry[T];
+export declare function scriptRuntimeConfig<T extends RegistryScriptKey>(key: T): ScriptRegistry[T];
 export declare function scriptsPrefix(): string;
 export declare function requireRegistryEndpoint(componentName: string, registryKey: string): void;
 export declare function useRegistryScript<T extends Record<string | symbol, any>, O = EmptyOptionsSchema>(registryKey: keyof ScriptRegistry | string, optionsFn: OptionsFn<O>, _userOptions?: RegistryScriptInput<O>): UseScriptContext<UseFunctionType<NuxtUseScriptOptions<T>, T>>;

package/dist/runtime/utils.js

@@ -4,6 +4,7 @@ import { parseQuery, parseURL, withQuery } from "ufo";
 import { parse } from "valibot";
 import { useScript } from "./composables/useScript.js";
 import { createNpmScriptStub } from "./npm-script-stub.js";
+import { attachGcmConsent } from "./registry/_gcm-consent.js";
 const URL_MATCH_RE = /https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)/;
 const URL_PAREN_MATCH_RE = /\(https?:\/\/[^/]+\/_nuxt\/(.+\.vue)(?:\?[^)]*)?:(\d+):(\d+)\)/;
 const VUE_MATCH_RE = /([^/\s]+\.vue):(\d+):(\d+)/;
@@ -111,5 +112,8 @@ export function useRegistryScript(registryKey, optionsFn, _userOptions) {
       options.clientInit?.();
     }
   };
-  return useScript(scriptInput, scriptOptions);
+  const instance = useScript(scriptInput, scriptOptions);
+  if (import.meta.client && options.gcmConsent)
+    attachGcmConsent(instance, options.gcmConsent, String(registryKey));
+  return instance;
 }

package/dist/stats.mjs

@@ -4,6 +4,11 @@ import '../dist/runtime/registry/schemas.js';
 
 const scriptMeta = {
   // Analytics
+  ahrefsAnalytics: {
+    urls: ["https://analytics.ahrefs.com/analytics.js"],
+    trackedData: ["page-views", "events"],
+    testId: "test-ahrefs-key"
+  },
   plausibleAnalytics: {
     urls: ["https://plausible.io/js/script.js"],
     trackedData: ["page-views", "events", "conversions"]
@@ -84,6 +89,11 @@ const scriptMeta = {
     trackedData: ["page-views", "conversions", "retargeting", "audiences"],
     testId: "a2_ilz4u0kbdr3v"
   },
+  linkedinInsight: {
+    urls: ["https://snap.licdn.com/li.lms-analytics/insight.min.js"],
+    trackedData: ["page-views", "conversions", "retargeting", "audiences"],
+    testId: "111143"
+  },
   googleAdsense: {
     urls: ["https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"],
     trackedData: ["page-views", "retargeting", "audiences"]
@@ -154,6 +164,10 @@ const scriptMeta = {
     trackedData: []
   },
   // Utility
+  calendly: {
+    urls: ["https://assets.calendly.com/assets/external/widget.js"],
+    trackedData: []
+  },
   googleRecaptcha: {
     urls: ["https://www.google.com/recaptcha/api.js"],
     trackedData: []
@@ -175,6 +189,11 @@ const scriptMeta = {
     urls: ["https://platform.twitter.com/widgets.js"],
     trackedData: []
   },
+  // CMP / Consent
+  usercentrics: {
+    urls: ["https://web.cmp.usercentrics.eu/ui/loader.js", "https://web.cmp.usercentrics.eu/modules/autoblocker.js"],
+    trackedData: []
+  },
   // Identity
   gravatar: {
     urls: ["https://secure.gravatar.com/js/gprofiles.js"],