npm - @shopify/shop-minis-react - Versions diffs - 0.4.12 → 0.4.13 - Mend

@shopify/shop-minis-react 0.4.12 → 0.4.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/_virtual/index4.js CHANGED Viewed

@@ -1,5 +1,5 @@
-var r = {};
+var e = { exports: {} };
 export {
-  r as __exports
+  e as __module
 };
 //# sourceMappingURL=index4.js.map

package/dist/_virtual/index5.js CHANGED Viewed

@@ -1,5 +1,6 @@
-var e = { exports: {} };
+import { __require as r } from "../shop-minis-react/node_modules/.pnpm/@xmldom_xmldom@0.8.10/node_modules/@xmldom/xmldom/lib/index.js";
+var i = r();
 export {
-  e as __module
+  i as l
 };
 //# sourceMappingURL=index5.js.map

package/dist/_virtual/index5.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index5.js","sources":[],"sourcesContent":[],"names":[],"mappings":";"}
1	+ {"version":3,"file":"index5.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;"}

package/dist/_virtual/index6.js CHANGED Viewed

@@ -1,6 +1,5 @@
-import { __require as r } from "../shop-minis-react/node_modules/.pnpm/@xmldom_xmldom@0.8.10/node_modules/@xmldom/xmldom/lib/index.js";
-var i = r();
+var r = {};
 export {
-  i as l
+  r as __exports
 };
 //# sourceMappingURL=index6.js.map

package/dist/_virtual/index6.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index6.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;"}
1	+ {"version":3,"file":"index6.js","sources":[],"sourcesContent":[],"names":[],"mappings":";"}

package/dist/shop-minis-react/node_modules/.pnpm/@videojs_xhr@2.7.0/node_modules/@videojs/xhr/lib/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { __module as q } from "../../../../../../../../_virtual/index5.js";
+import { __module as q } from "../../../../../../../../_virtual/index4.js";
 import { __require as F } from "../../../../../global@4.4.0/node_modules/global/window.js";
 import { __require as N } from "../../../../../@babel_runtime@7.27.6/node_modules/@babel/runtime/helpers/extends.js";
 import { __require as J } from "../../../../../is-function@1.0.2/node_modules/is-function/index.js";

package/dist/shop-minis-react/node_modules/.pnpm/mpd-parser@1.3.1/node_modules/mpd-parser/dist/mpd-parser.es.js CHANGED Viewed

@@ -2,7 +2,7 @@ import L from "../../../../@videojs_vhs-utils@4.1.1/node_modules/@videojs/vhs-ut
 import T from "../../../../../../../_virtual/window.js";
 import { forEachMediaGroup as Z } from "../../../../@videojs_vhs-utils@4.1.1/node_modules/@videojs/vhs-utils/es/media-groups.js";
 import J from "../../../../@videojs_vhs-utils@4.1.1/node_modules/@videojs/vhs-utils/es/decode-b64-to-uint8-array.js";
-import { l as Q } from "../../../../../../../_virtual/index6.js";
+import { l as Q } from "../../../../../../../_virtual/index5.js";
 /*! @name mpd-parser @version 1.3.1 @license Apache-2.0 */
 const w = (e) => !!e && typeof e == "object", E = (...e) => e.reduce((n, t) => (typeof t != "object" || Object.keys(t).forEach((r) => {
   Array.isArray(n[r]) && Array.isArray(t[r]) ? n[r] = n[r].concat(t[r]) : w(n[r]) && w(t[r]) ? n[r] = E(n[r], t[r]) : n[r] = t[r];

package/dist/shop-minis-react/node_modules/.pnpm/querystringify@2.2.0/node_modules/querystringify/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { __exports as i } from "../../../../../../_virtual/index4.js";
+import { __exports as i } from "../../../../../../_virtual/index6.js";
 var c;
 function d() {
   if (c) return i;

package/eslint/config.cjs CHANGED Viewed

@@ -38,7 +38,9 @@ module.exports = {
     'react/no-danger': 'error',
     // Shop Minis custom rules
+    'shop-minis/no-dynamic-asset-paths': 'warn',
     'shop-minis/no-env-without-fallback': 'error',
+    'shop-minis/no-hardcoded-asset-paths': 'error',
     'shop-minis/no-internal-imports': 'error',
     'shop-minis/no-secrets': ['error'],
     'shop-minis/prefer-sdk-components': 'warn',

package/eslint/index.cjs CHANGED Viewed

@@ -4,7 +4,9 @@
  * @fileoverview Custom ESLint rules for Shop Minis React SDK
  */
+const noDynamicAssetPaths = require('./rules/no-dynamic-asset-paths.cjs')
 const noEnvWithoutFallback = require('./rules/no-env-without-fallback.cjs')
+const noHardcodedAssetPaths = require('./rules/no-hardcoded-asset-paths.cjs')
 const noInternalImports = require('./rules/no-internal-imports.cjs')
 const noSecrets = require('./rules/no-secrets.cjs')
 const preferSdkComponents = require('./rules/prefer-sdk-components.cjs')
@@ -13,7 +15,9 @@ const validateManifest = require('./rules/validate-manifest.cjs')
 module.exports = {
   rules: {
+    'no-dynamic-asset-paths': noDynamicAssetPaths,
     'no-env-without-fallback': noEnvWithoutFallback,
+    'no-hardcoded-asset-paths': noHardcodedAssetPaths,
     'no-internal-imports': noInternalImports,
     'no-secrets': noSecrets,
     'prefer-sdk-components': preferSdkComponents,

package/eslint/rules/asset-path-patterns.cjs ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Shared patterns for asset path detection rules
+ * @fileoverview Regex patterns for detecting asset file extensions and path types
+ */
+// Asset file extensions to detect
+const ASSET_EXTENSIONS = /\.(png|jpe?g|gif|svg|webp|ico|bmp|avif)$/i
+// Patterns that indicate a local path (not a remote URL)
+const LOCAL_PATH_PATTERNS = [
+  /^\.?\//, // Starts with / or ./
+  /^\.\.\//, // Starts with ../
+  /\/src\//i, // Contains /src/
+  /\/assets\//i, // Contains /assets/
+  /\/images?\//i, // Contains /image/ or /images/
+  /\/public\//i, // Contains /public/
+]
+// Patterns that indicate a remote URL or data URL (should be allowed)
+const REMOTE_PATTERNS = [
+  /^https?:\/\//i, // http:// or https://
+  /^data:/i, // data: URLs
+  /^blob:/i, // blob: URLs
+]
+module.exports = {
+  ASSET_EXTENSIONS,
+  LOCAL_PATH_PATTERNS,
+  REMOTE_PATTERNS,
+}

package/eslint/rules/no-dynamic-asset-paths.cjs ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * ESLint rule to warn about dynamic asset paths in template literals
+ * @fileoverview Warns about template literals that may construct asset paths dynamically
+ */
+const {
+  ASSET_EXTENSIONS,
+  LOCAL_PATH_PATTERNS,
+  REMOTE_PATTERNS,
+  // eslint-disable-next-line import/extensions
+} = require('./asset-path-patterns.cjs')
+/**
+ * Check if a template literal might contain an asset path but we can't be certain
+ * Returns true only for UNCERTAIN cases (ends with asset extension but doesn't
+ * start with a known local path pattern). Definite cases are handled by
+ * no-hardcoded-asset-paths rule.
+ * @param {object} node - The TemplateLiteral AST node
+ * @returns {boolean}
+ */
+function isUncertainAssetTemplateLiteral(node) {
+  const quasis = node.quasis
+  if (quasis.length === 0) return false
+  // Get the first static part to check if it starts with a local path
+  const firstPart = quasis[0].value.raw || quasis[0].value.cooked || ''
+  // Get the last static part to check if it ends with an asset extension
+  const lastPart =
+    quasis[quasis.length - 1].value.raw ||
+    quasis[quasis.length - 1].value.cooked ||
+    ''
+  // Must end with an asset extension
+  if (!ASSET_EXTENSIONS.test(lastPart)) return false
+  // Check if it starts with a remote URL (only need to check first static part)
+  if (REMOTE_PATTERNS.some(pattern => pattern.test(firstPart))) return false
+  // If it starts with a local path pattern, it's a DEFINITE error (handled by other rule)
+  // We only want to flag UNCERTAIN cases here
+  if (LOCAL_PATH_PATTERNS.some(pattern => pattern.test(firstPart))) return false
+  // Ends with asset extension but doesn't start with known local path = uncertain
+  return true
+}
+module.exports = {
+  meta: {
+    type: 'suggestion',
+    docs: {
+      description:
+        'Warn about template literals that may construct asset paths dynamically',
+      category: 'Best Practices',
+      recommended: true,
+      url: 'https://vite.dev/guide/assets',
+    },
+    messages: {
+      noDynamicAssetPath:
+        'Template literal may contain a hardcoded asset path that will not work in production. Import assets instead of constructing paths dynamically. See: https://vite.dev/guide/assets',
+    },
+    schema: [],
+  },
+  create(context) {
+    return {
+      TemplateLiteral(node) {
+        // Only flag uncertain cases (definite cases handled by no-hardcoded-asset-paths)
+        if (isUncertainAssetTemplateLiteral(node)) {
+          context.report({
+            node,
+            messageId: 'noDynamicAssetPath',
+          })
+        }
+      },
+    }
+  },
+}

package/eslint/rules/no-hardcoded-asset-paths.cjs ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * ESLint rule to detect hardcoded local asset paths that won't work in production
+ * @fileoverview Prevents using un-imported hardcoded asset paths that work in Vite dev but fail in production
+ */
+const {
+  ASSET_EXTENSIONS,
+  LOCAL_PATH_PATTERNS,
+  REMOTE_PATTERNS,
+  // eslint-disable-next-line import/extensions
+} = require('./asset-path-patterns.cjs')
+/**
+ * Check if a string looks like a local asset path
+ * @param {string} value - The string to check
+ * @returns {boolean}
+ */
+function isLocalAssetPath(value) {
+  if (typeof value !== 'string') return false
+  // Must have an asset extension
+  if (!ASSET_EXTENSIONS.test(value)) return false
+  // Skip remote URLs and data URLs
+  if (REMOTE_PATTERNS.some(pattern => pattern.test(value))) return false
+  // Check if it looks like a local path
+  return LOCAL_PATH_PATTERNS.some(pattern => pattern.test(value))
+}
+/**
+ * Check if a template literal is definitely a local asset path
+ * Returns true only if we can determine with certainty it's a local path
+ * (starts with a local path pattern AND ends with an asset extension)
+ * @param {object} node - The TemplateLiteral AST node
+ * @returns {boolean}
+ */
+function isLocalAssetTemplateLiteral(node) {
+  const quasis = node.quasis
+  if (quasis.length === 0) return false
+  // Get the first static part to check if it starts with a local path
+  const firstPart = quasis[0].value.raw || quasis[0].value.cooked || ''
+  // Get the last static part to check if it ends with an asset extension
+  const lastPart =
+    quasis[quasis.length - 1].value.raw ||
+    quasis[quasis.length - 1].value.cooked ||
+    ''
+  // Must end with an asset extension
+  if (!ASSET_EXTENSIONS.test(lastPart)) return false
+  // Check if it starts with a remote URL (only need to check first static part)
+  if (REMOTE_PATTERNS.some(pattern => pattern.test(firstPart))) return false
+  // Must start with a local path pattern (this makes it a definite error)
+  return LOCAL_PATH_PATTERNS.some(pattern => pattern.test(firstPart))
+}
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      description:
+        'Disallow hardcoded local asset paths that work in dev but fail in production',
+      category: 'Possible Errors',
+      recommended: true,
+      url: 'https://vite.dev/guide/assets',
+    },
+    messages: {
+      noHardcodedAssetPath:
+        'Hardcoded asset path "{{path}}" will not work in production. Import the asset instead: `import asset from "{{path}}"` then use the imported variable. See: https://vite.dev/guide/assets',
+      noHardcodedAssetPathTemplate:
+        'Template literal contains a hardcoded local asset path that will not work in production. Import assets instead of constructing paths. See: https://vite.dev/guide/assets',
+    },
+    schema: [],
+  },
+  create(context) {
+    return {
+      Literal(node) {
+        // Only check string literals
+        if (typeof node.value !== 'string') return
+        // Skip import/export declarations - those are the CORRECT way to use assets
+        const parent = node.parent
+        if (
+          parent &&
+          (parent.type === 'ImportDeclaration' ||
+            parent.type === 'ExportNamedDeclaration' ||
+            parent.type === 'ExportAllDeclaration' ||
+            (parent.type === 'CallExpression' &&
+              parent.callee &&
+              (parent.callee.name === 'require' ||
+                parent.callee.type === 'Import')))
+        ) {
+          return
+        }
+        if (isLocalAssetPath(node.value)) {
+          context.report({
+            node,
+            messageId: 'noHardcodedAssetPath',
+            data: {
+              path: node.value,
+            },
+          })
+        }
+      },
+      TemplateLiteral(node) {
+        // Only flag template literals that are DEFINITELY local asset paths
+        // (start with local path pattern AND end with asset extension)
+        if (isLocalAssetTemplateLiteral(node)) {
+          context.report({
+            node,
+            messageId: 'noHardcodedAssetPathTemplate',
+          })
+        }
+      },
+    }
+  },
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@shopify/shop-minis-react",
   "license": "SEE LICENSE IN LICENSE.txt",
-  "version": "0.4.12",
+  "version": "0.4.13",
   "sideEffects": false,
   "type": "module",
   "engines": {