@stackframe/stack-shared 2.6.25 → 2.6.27

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @stackframe/stack-shared
 
+## 2.6.27
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.27
+
+## 2.6.26
+
+### Patch Changes
+
+- Various bugfixes
+- Updated dependencies
+  - @stackframe/stack-sc@2.6.26
+
 ## 2.6.25
 
 ### Patch Changes

package/dist/interface/crud/current-user.d.ts

@@ -135,6 +135,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email_auth_enabled: undefined;
         passkey_auth_enabled: undefined;
         password: undefined;
+        password_hash: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
         selected_team_id: undefined;
@@ -150,6 +151,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email_auth_enabled: boolean | undefined;
         passkey_auth_enabled: boolean | undefined;
         password: string | null | undefined;
+        password_hash: string | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
         selected_team_id: string | null | undefined;
@@ -164,6 +166,7 @@ export declare const currentUserCrud: import("../../crud").CrudSchemaFromOptions
         primary_email_auth_enabled: undefined;
         passkey_auth_enabled: undefined;
         password: undefined;
+        password_hash: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
         selected_team_id: undefined;

package/dist/interface/crud/users.d.ts

@@ -10,6 +10,7 @@ export declare const usersCrudServerUpdateSchema: import("yup").ObjectSchema<{
     primary_email_auth_enabled: boolean | undefined;
     passkey_auth_enabled: boolean | undefined;
     password: string | null | undefined;
+    password_hash: string | undefined;
     otp_auth_enabled: boolean | undefined;
     totp_secret_base64: string | null | undefined;
     selected_team_id: string | null | undefined;
@@ -24,6 +25,7 @@ export declare const usersCrudServerUpdateSchema: import("yup").ObjectSchema<{
     primary_email_auth_enabled: undefined;
     passkey_auth_enabled: undefined;
     password: undefined;
+    password_hash: undefined;
     otp_auth_enabled: undefined;
     totp_secret_base64: undefined;
     selected_team_id: undefined;
@@ -100,6 +102,7 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
     primary_email_verified: boolean | undefined;
     primary_email_auth_enabled: boolean | undefined;
     passkey_auth_enabled: boolean | undefined;
+    password_hash: string | undefined;
     otp_auth_enabled: boolean | undefined;
     totp_secret_base64: string | null | undefined;
 } & {
@@ -119,6 +122,7 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
     primary_email_auth_enabled: undefined;
     passkey_auth_enabled: undefined;
     password: undefined;
+    password_hash: undefined;
     otp_auth_enabled: undefined;
     totp_secret_base64: undefined;
     selected_team_id: undefined;
@@ -198,6 +202,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email_auth_enabled: boolean | undefined;
         passkey_auth_enabled: boolean | undefined;
         password: string | null | undefined;
+        password_hash: string | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
         selected_team_id: string | null | undefined;
@@ -212,6 +217,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email_auth_enabled: undefined;
         passkey_auth_enabled: undefined;
         password: undefined;
+        password_hash: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
         selected_team_id: undefined;
@@ -227,6 +233,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email_verified: boolean | undefined;
         primary_email_auth_enabled: boolean | undefined;
         passkey_auth_enabled: boolean | undefined;
+        password_hash: string | undefined;
         otp_auth_enabled: boolean | undefined;
         totp_secret_base64: string | null | undefined;
     } & {
@@ -246,6 +253,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         primary_email_auth_enabled: undefined;
         passkey_auth_enabled: undefined;
         password: undefined;
+        password_hash: undefined;
         otp_auth_enabled: undefined;
         totp_secret_base64: undefined;
         selected_team_id: undefined;

package/dist/interface/crud/users.js

@@ -12,6 +12,7 @@ export const usersCrudServerUpdateSchema = fieldSchema.yupObject({
     primary_email_auth_enabled: fieldSchema.primaryEmailAuthEnabledSchema.optional(),
     passkey_auth_enabled: fieldSchema.userOtpAuthEnabledSchema.optional(),
     password: fieldSchema.userPasswordMutationSchema.optional(),
+    password_hash: fieldSchema.userPasswordHashMutationSchema.optional(),
     otp_auth_enabled: fieldSchema.userOtpAuthEnabledMutationSchema.optional(),
     totp_secret_base64: fieldSchema.userTotpSecretMutationSchema.optional(),
     selected_team_id: fieldSchema.selectedTeamIdSchema.nullable().optional(),

package/dist/schema-fields.d.ts

@@ -20,10 +20,7 @@ export declare function yupMixed<A extends {}>(...args: Parameters<typeof yup.mi
 export declare function yupArray<A extends yup.Maybe<yup.AnyObject> = yup.AnyObject, B = any>(...args: Parameters<typeof yup.array<A, B>>): yup.ArraySchema<B[] | undefined, A, undefined, "">;
 export declare function yupTuple<T extends [unknown, ...unknown[]]>(...args: Parameters<typeof yup.tuple<T>>): yup.TupleSchema<T | undefined, yup.AnyObject, undefined, "">;
 export declare function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>): yup.ObjectSchema<yup.TypeFromShape<B, yup.AnyObject> extends infer T ? T extends yup.TypeFromShape<B, yup.AnyObject> ? T extends {} ? { [k in keyof T]: T[k]; } : T : never : never, yup.AnyObject, yup.DefaultFromShape<B> extends infer T_1 ? T_1 extends yup.DefaultFromShape<B> ? T_1 extends {} ? { [k_1 in keyof T_1]: T_1[k_1]; } : T_1 : never : never, "">;
-/**
- * Note that the .defined() on unions is implicit.
- */
-export declare function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.ISchema<yup.InferType<T[number]>>;
+export declare function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.MixedSchema<yup.InferType<T[number]>>;
 export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
 /**
  * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.
@@ -32,8 +29,16 @@ export declare const urlSchema: yup.StringSchema<string | undefined, yup.AnyObje
 export declare const jsonSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const jsonStringSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const jsonStringOrEmptySchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
-export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const base64Schema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const passwordSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+/**
+ * A stricter email schema that does some additional checks for UX input.
+ *
+ * Note that some users in the DB have an email that doesn't match this regex, so most of the time you should use
+ * `emailSchema` instead until we do the DB migration.
+ */
+export declare const strictEmailSchema: (message: string | undefined) => yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const adminAuthTypeSchema: yup.StringSchema<"admin" | undefined, yup.AnyObject, undefined, "">;
@@ -97,6 +102,7 @@ export declare const userOtpAuthEnabledSchema: yup.BooleanSchema<boolean | undef
 export declare const userOtpAuthEnabledMutationSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userHasPasswordSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const userPasswordMutationSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
+export declare const userPasswordHashMutationSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const userTotpSecretMutationSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
 export declare const signInEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailOtpSignInCallbackUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;

package/dist/schema-fields.js

@@ -123,9 +123,6 @@ export function yupObject(...args) {
     // we don't want to update the type of `object` to have a default flag
     return object.default(undefined);
 }
-/**
- * Note that the .defined() on unions is implicit.
- */
 export function yupUnion(...args) {
     if (args.length === 0)
         throw new Error('yupUnion must have at least one schema');
@@ -136,7 +133,7 @@ export function yupUnion(...args) {
         if (desc.type !== firstDesc.type)
             throw new StackAssertionError(`yupUnion must have schemas of the same type (got: ${firstDesc.type} and ${desc.type})`, { first, schema, firstDesc, desc });
     }
-    return yupMixed().defined().test('is-one-of', 'Invalid value', async (value, context) => {
+    return yupMixed().test('is-one-of', 'Invalid value', async (value, context) => {
         const errors = [];
         for (const schema of args) {
             try {
@@ -196,12 +193,22 @@ export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON fo
         return false;
     }
 });
-export const emailSchema = yupString().email();
 export const base64Schema = yupString().test("is-base64", "Invalid base64 format", (value) => {
     if (value == null)
         return true;
     return isBase64(value);
 });
+export const passwordSchema = yupString().max(70);
+/**
+ * A stricter email schema that does some additional checks for UX input.
+ *
+ * Note that some users in the DB have an email that doesn't match this regex, so most of the time you should use
+ * `emailSchema` instead until we do the DB migration.
+ */
+// eslint-disable-next-line no-restricted-syntax
+export const strictEmailSchema = (message) => yupString().email(message).matches(/^.*@.*\..*$/, message);
+// eslint-disable-next-line no-restricted-syntax
+export const emailSchema = yupString().email();
 // Request auth
 export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']);
 export const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']);
@@ -236,7 +243,7 @@ export const emailHostSchema = yupString().meta({ openapiField: { description: '
 export const emailPortSchema = yupNumber().meta({ openapiField: { description: 'Email port. Needs to be specified when using type="standard"', exampleValue: 587 } });
 export const emailUsernameSchema = yupString().meta({ openapiField: { description: 'Email username. Needs to be specified when using type="standard"', exampleValue: 'smtp-email' } });
 export const emailSenderEmailSchema = emailSchema.meta({ openapiField: { description: 'Email sender email. Needs to be specified when using type="standard"', exampleValue: 'example@your-domain.com' } });
-export const emailPasswordSchema = yupString().meta({ openapiField: { description: 'Email password. Needs to be specified when using type="standard"', exampleValue: 'your-email-password' } });
+export const emailPasswordSchema = passwordSchema.meta({ openapiField: { description: 'Email password. Needs to be specified when using type="standard"', exampleValue: 'your-email-password' } });
 // Project domain config
 export const projectTrustedDomainSchema = yupString().test('is-https', 'Trusted domain must start with https://', (value) => value?.startsWith('https://')).meta({ openapiField: { description: 'Your domain URL. Make sure you own and trust this domain. Needs to start with https://', exampleValue: 'https://example.com' } });
 export const handlerPathSchema = yupString().test('is-handler-path', 'Handler path must start with /', (value) => value?.startsWith('/')).meta({ openapiField: { description: 'Handler path. If you did not setup a custom handler path, it should be "/handler" by default. It needs to start with /', exampleValue: '/handler' } });
@@ -283,7 +290,10 @@ export const userPasskeyAuthEnabledSchema = yupBoolean().meta({ openapiField: {
 export const userOtpAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. ', exampleValue: true } });
 export const userOtpAuthEnabledMutationSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. Note that only accounts with verified emails can sign-in with OTP.', exampleValue: true } });
 export const userHasPasswordSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has a password set. If the user does not have a password set, they will not be able to sign in with email/password.', exampleValue: true } });
-export const userPasswordMutationSchema = yupString().nullable().meta({ openapiField: { description: 'Sets the user\'s password. Doing so revokes all current sessions.', exampleValue: 'my-new-password' } });
+export const userPasswordMutationSchema = passwordSchema.nullable().meta({ openapiField: { description: 'Sets the user\'s password. Doing so revokes all current sessions.', exampleValue: 'my-new-password' } }).max(70);
+export const userPasswordHashMutationSchema = yupString()
+    .nonEmpty()
+    .meta({ openapiField: { description: 'If `password` is not given, sets the user\'s password hash to the given string in Modular Crypt Format (ex.: `$2a$10$VIhIOofSMqGdGlL4wzE//e.77dAQGqNtF/1dT7bqCrVtQuInWy2qi`). Doing so revokes all current sessions.' } }); // we don't set an exampleValue here because it's exclusive with the password field and having both would break the generated example
 export const userTotpSecretMutationSchema = base64Schema.nullable().meta({ openapiField: { description: 'Enables 2FA and sets a TOTP secret for the user. Set to null to disable 2FA.', exampleValue: 'dG90cC1zZWNyZXQ=' } });
 // Auth
 export const signInEmailSchema = emailSchema.meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });

package/dist/utils/errors.d.ts

@@ -2,6 +2,28 @@ import { Json } from "./json";
 export declare function throwErr(errorMessage: string, extraData?: any): never;
 export declare function throwErr(error: Error): never;
 export declare function throwErr(...args: StatusErrorConstructorParameters): never;
+/**
+ * Concatenates the stacktraces of the given errors onto the first.
+ *
+ * Useful when you invoke an async function to receive a promise without awaiting it immediately. Browsers are smart
+ * enough to keep track of the call stack in async function calls when you invoke `.then` within the same async tick,
+ * but if you don't,
+ *
+ * Here's an example of the unwanted behavior:
+ *
+ * ```tsx
+ * async function log() {
+ *   await wait(0);  // simulate an put the task on the event loop
+ *   console.log(new Error().stack);
+ * }
+ *
+ * async function main() {
+ *   await log();  // good; prints both "log" and "main" on the stacktrace
+ *   log();  // bad; prints only "log" on the stacktrace
+ * }
+ * ```
+ */
+export declare function concatStacktraces(first: Error, ...errors: Error[]): void;
 export declare class StackAssertionError extends Error implements ErrorWithCustomCapture {
     readonly extraData?: Record<string, any> | undefined;
     constructor(message: string, extraData?: Record<string, any> | undefined, options?: ErrorOptions);

package/dist/utils/errors.js

@@ -11,6 +11,44 @@ export function throwErr(...args) {
         throw new StatusError(...args);
     }
 }
+function removeStacktraceNameLine(stack) {
+    // some browsers (eg. Chrome) prepend the stack with an extra line with the error name
+    const addsNameLine = new Error().stack?.startsWith("Error\n");
+    return stack.split("\n").slice(addsNameLine ? 1 : 0).join("\n");
+}
+/**
+ * Concatenates the stacktraces of the given errors onto the first.
+ *
+ * Useful when you invoke an async function to receive a promise without awaiting it immediately. Browsers are smart
+ * enough to keep track of the call stack in async function calls when you invoke `.then` within the same async tick,
+ * but if you don't,
+ *
+ * Here's an example of the unwanted behavior:
+ *
+ * ```tsx
+ * async function log() {
+ *   await wait(0);  // simulate an put the task on the event loop
+ *   console.log(new Error().stack);
+ * }
+ *
+ * async function main() {
+ *   await log();  // good; prints both "log" and "main" on the stacktrace
+ *   log();  // bad; prints only "log" on the stacktrace
+ * }
+ * ```
+ */
+export function concatStacktraces(first, ...errors) {
+    // some browsers (eg. Firefox) add an extra empty line at the end
+    const addsEmptyLineAtEnd = first.stack?.endsWith("\n");
+    // Add a reference to this function itself so that we know that stacktraces were concatenated
+    // If you are coming here from a stacktrace, please know that the two parts before and after this line are different
+    // stacktraces that were concatenated with concatStacktraces
+    const separator = removeStacktraceNameLine(new Error().stack ?? "").split("\n")[0];
+    for (const error of errors) {
+        const toAppend = removeStacktraceNameLine(error.stack ?? "");
+        first.stack += (addsEmptyLineAtEnd ? "" : "\n") + separator + "\n" + toAppend;
+    }
+}
 export class StackAssertionError extends Error {
     constructor(message, extraData, options) {
         const disclaimer = `\n\nThis is likely an error in Stack. Please make sure you are running the newest version and report it.`;
@@ -33,7 +71,7 @@ export function registerErrorSink(sink) {
     errorSinks.add(sink);
 }
 registerErrorSink((location, ...args) => {
-    console.error(`\x1b[41mError in ${location}:`, ...args, "\x1b[0m");
+    console.error(`\x1b[41mCaptured error in ${location}:`, ...args, "\x1b[0m");
 });
 registerErrorSink((location, error, ...extraArgs) => {
     globalVar.stackCapturedErrors = globalVar.stackCapturedErrors ?? [];

package/dist/utils/hashes.d.ts

@@ -0,0 +1,4 @@
+export declare function hashPassword(password: string): Promise<string>;
+export declare function comparePassword(password: string, hash: string): Promise<boolean>;
+export declare function isPasswordHashValid(hash: string): Promise<boolean>;
+export declare function getPasswordHashAlgorithm(hash: string): Promise<"bcrypt" | undefined>;

package/dist/utils/hashes.js

@@ -0,0 +1,44 @@
+import bcrypt from 'bcrypt';
+import { StackAssertionError } from './errors';
+export async function hashPassword(password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    if (passwordBytes.length >= 72) {
+        throw new StackAssertionError(`Password is too long for bcrypt`, { len: passwordBytes.length });
+    }
+    const salt = await bcrypt.genSalt(10);
+    return await bcrypt.hash(password, salt);
+}
+export async function comparePassword(password, hash) {
+    switch (await getPasswordHashAlgorithm(hash)) {
+        case "bcrypt": {
+            return await bcrypt.compare(password, hash);
+        }
+        default: {
+            return false;
+        }
+    }
+}
+export async function isPasswordHashValid(hash) {
+    return !!(await getPasswordHashAlgorithm(hash));
+}
+export async function getPasswordHashAlgorithm(hash) {
+    if (typeof hash !== "string") {
+        throw new StackAssertionError(`Passed non-string value to getPasswordHashAlgorithm`, { hash });
+    }
+    if (hash.match(/^\$2[ayb]\$.{56}$/)) {
+        try {
+            if (bcrypt.getRounds(hash) > 16) {
+                return undefined;
+            }
+            await bcrypt.compare("any string", hash);
+            return "bcrypt";
+        }
+        catch (e) {
+            console.warn(`Error while checking bcrypt password hash. Assuming the hash is invalid`, e);
+            return undefined;
+        }
+    }
+    else {
+        return undefined;
+    }
+}

package/dist/utils/promises.js

@@ -1,4 +1,4 @@
-import { StackAssertionError, captureError } from "./errors";
+import { StackAssertionError, captureError, concatStacktraces } from "./errors";
 import { DependenciesMap } from "./maps";
 import { Result } from "./results";
 import { generateUuid } from "./uuids";
@@ -101,12 +101,6 @@ export async function wait(ms) {
 export async function waitUntil(date) {
     return await wait(date.getTime() - Date.now());
 }
-class ErrorDuringRunAsynchronously extends Error {
-    constructor() {
-        super("The error above originated in a runAsynchronously() call. Here is the stacktrace associated with it.");
-        this.name = "ErrorDuringRunAsynchronously";
-    }
-}
 export function runAsynchronouslyWithAlert(...args) {
     return runAsynchronously(args[0], {
         ...args[1],
@@ -120,13 +114,10 @@ export function runAsynchronously(promiseOrFunc, options = {}) {
     if (typeof promiseOrFunc === "function") {
         promiseOrFunc = promiseOrFunc();
     }
-    const duringError = new ErrorDuringRunAsynchronously();
+    const duringError = new Error();
     promiseOrFunc?.catch(error => {
-        const newError = new StackAssertionError("Uncaught error in asynchronous function: " + error.toString(), {
-            duringError,
-        }, {
-            cause: error,
-        });
+        const newError = new StackAssertionError("Uncaught error in asynchronous function: " + error.toString(), { cause: error });
+        concatStacktraces(newError, duringError);
         options.onError?.(newError);
         if (!options.noErrorLogging) {
             captureError("runAsynchronously", newError);

package/dist/utils/react.d.ts

@@ -9,6 +9,13 @@ export declare function getNodeText(node: React.ReactNode): string;
  * You can use this to translate older query- or AsyncResult-based code to new the Suspense system, for example: `if (query.isLoading) suspend();`
  */
 export declare function suspend(): never;
+export declare class NoSuspenseBoundaryError extends Error {
+    digest: string;
+    reason: string;
+    constructor(options: {
+        caller?: string;
+    });
+}
 /**
  * Use this in a component or a hook to disable SSR. Should be wrapped in a Suspense boundary, or it will throw an error.
  */

package/dist/utils/react.js

@@ -1,7 +1,7 @@
 import React from "react";
+import { isBrowserLike } from "./env";
 import { neverResolve } from "./promises";
 import { deindent } from "./strings";
-import { isBrowserLike } from "./env";
 export function forwardRefIfNeeded(render) {
     // TODO: when we drop support for react 18, remove this
     const version = React.version;
@@ -37,41 +37,45 @@ export function suspend() {
     React.use(neverResolve());
     throw new Error("Somehow a Promise that never resolves was resolved?");
 }
-/**
- * Use this in a component or a hook to disable SSR. Should be wrapped in a Suspense boundary, or it will throw an error.
- */
-export function suspendIfSsr(caller) {
-    if (!isBrowserLike()) {
-        const error = Object.assign(new Error(deindent `
-        ${caller ?? "This code path"} attempted to display a loading indicator during SSR by falling back to the nearest Suspense boundary. If you see this error, it means no Suspense boundary was found, and no loading indicator could be displayed.
-        
-        This usually has one of three causes:
-        
-        1. You are missing a loading.tsx file in your app directory. Fix it by adding a loading.tsx file in your app directory.
+export class NoSuspenseBoundaryError extends Error {
+    constructor(options) {
+        super(deindent `
+      ${options.caller ?? "This code path"} attempted to display a loading indicator, but didn't find a Suspense boundary above it. Please read the error message below carefully.
+      
+      The fix depends on which of the 3 scenarios caused it:
+      
+      1. You are missing a loading.tsx file in your app directory. Fix it by adding a loading.tsx file in your app directory.
 
-        2. The component is rendered in the root (outermost) layout.tsx or template.tsx file. Next.js does not wrap those files in a Suspense boundary, even if there is a loading.tsx file in the same folder. To fix it, wrap your layout inside a route group like this:
+      2. The component is rendered in the root (outermost) layout.tsx or template.tsx file. Next.js does not wrap those files in a Suspense boundary, even if there is a loading.tsx file in the same folder. To fix it, wrap your layout inside a route group like this:
 
-          - app
-          - - layout.tsx  // contains <html> and <body>, alongside providers and other components that don't need ${caller ?? "this code path"}
-          - - loading.tsx  // required for suspense
-          - - (main)
-          - - - layout.tsx  // contains the main layout of your app, like a sidebar or a header, and can use ${caller ?? "this code path"}
-          - - - route.tsx  // your actual main page
-          - - - the rest of your app
+        - app
+        - - layout.tsx  // contains <html> and <body>, alongside providers and other components that don't need ${options.caller ?? "this code path"}
+        - - loading.tsx  // required for suspense
+        - - (main)
+        - - - layout.tsx  // contains the main layout of your app, like a sidebar or a header, and can use ${options.caller ?? "this code path"}
+        - - - route.tsx  // your actual main page
+        - - - the rest of your app
 
-          For more information on this approach, see Next's documentation on route groups: https://nextjs.org/docs/app/building-your-application/routing/route-groups
-        
-        3. You caught this error with try-catch or a custom error boundary. Fix this by rethrowing the error or not catching it in the first place.
+        For more information on this approach, see Next's documentation on route groups: https://nextjs.org/docs/app/building-your-application/routing/route-groups
+      
+      3. You caught this error with try-catch or a custom error boundary. Fix this by rethrowing the error or not catching it in the first place.
 
-        See: https://nextjs.org/docs/messages/missing-suspense-with-csr-bailout
+      See: https://nextjs.org/docs/messages/missing-suspense-with-csr-bailout
 
-        More information on SSR and Suspense boundaries: https://react.dev/reference/react/Suspense#providing-a-fallback-for-server-errors-and-client-only-content
-      `), {
-            // set the digest so nextjs doesn't log the error
-            // https://github.com/vercel/next.js/blob/d01d6d9c35a8c2725b3d74c1402ab76d4779a6cf/packages/next/src/shared/lib/lazy-dynamic/bailout-to-csr.ts#L14
-            digest: "BAILOUT_TO_CLIENT_SIDE_RENDERING",
-            reason: caller ?? "suspendIfSsr()",
-        });
-        throw error;
+      More information on SSR and Suspense boundaries: https://react.dev/reference/react/Suspense#providing-a-fallback-for-server-errors-and-client-only-content
+    `);
+        this.name = "NoSuspenseBoundaryError";
+        this.reason = options.caller ?? "suspendIfSsr()";
+        // set the digest so nextjs doesn't log the error
+        // https://github.com/vercel/next.js/blob/d01d6d9c35a8c2725b3d74c1402ab76d4779a6cf/packages/next/src/shared/lib/lazy-dynamic/bailout-to-csr.ts#L14
+        this.digest = "BAILOUT_TO_CLIENT_SIDE_RENDERING";
+    }
+}
+/**
+ * Use this in a component or a hook to disable SSR. Should be wrapped in a Suspense boundary, or it will throw an error.
+ */
+export function suspendIfSsr(caller) {
+    if (!isBrowserLike()) {
+        throw new NoSuspenseBoundaryError({ caller });
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.25",
+  "version": "2.6.27",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -50,7 +50,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.6.25"
+    "@stackframe/stack-sc": "2.6.27"
   },
   "devDependencies": {
     "@simplewebauthn/types": "^11.0.0",

package/dist/utils/password.d.ts

@@ -1,2 +0,0 @@
-export declare function hashPassword(password: string): Promise<string>;
-export declare function comparePassword(password: string, hash: string): Promise<boolean>;

package/dist/utils/password.js

@@ -1,8 +0,0 @@
-import bcrypt from 'bcrypt';
-export async function hashPassword(password) {
-    const salt = await bcrypt.genSalt(10);
-    return await bcrypt.hash(password, salt);
-}
-export async function comparePassword(password, hash) {
-    return await bcrypt.compare(password, hash);
-}