@stackframe/stack-shared 2.6.33 → 2.6.36

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @stackframe/stack-shared
 
+## 2.6.36
+
+### Patch Changes
+
+- Various updates
+  - @stackframe/stack-sc@2.6.36
+
+## 2.6.35
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.35
+
+## 2.6.34
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.34
+
 ## 2.6.33
 
 ### Patch Changes

package/dist/helpers/production-mode.js

@@ -1,4 +1,4 @@
-import { StackAssertionError } from "../utils/errors";
+import { StackAssertionError, captureError } from "../utils/errors";
 import { isLocalhost } from "../utils/urls";
 export function getProductionModeErrors(project) {
     const errors = [];
@@ -15,10 +15,15 @@ export function getProductionModeErrors(project) {
             url = new URL(domain);
         }
         catch (e) {
-            throw new StackAssertionError("Domain was somehow not a valid URL; we should've caught this when setting the domain in the first place", {
+            captureError("production-mode-domain-not-valid", new StackAssertionError("Domain was somehow not a valid URL; we should've caught this when setting the domain in the first place", {
                 domain,
                 projectId: project
+            }));
+            errors.push({
+                message: "Trusted domain is not a valid URL: " + domain,
+                relativeFixUrl: domainsFixUrl,
             });
+            continue;
         }
         if (isLocalhost(url)) {
             errors.push({

package/dist/interface/clientInterface.d.ts

@@ -37,7 +37,7 @@ export declare class StackClientInterface {
     protected _networkRetry<T>(cb: () => Promise<Result<T, any>>, session?: InternalSession | null, requestType?: "client" | "server" | "admin"): Promise<T>;
     protected _networkRetryException<T>(cb: () => Promise<T>, session?: InternalSession | null, requestType?: "client" | "server" | "admin"): Promise<T>;
     fetchNewAccessToken(refreshToken: RefreshToken): Promise<AccessToken | null>;
-    protected sendClientRequest(path: string, requestOptions: RequestInit, session: InternalSession | null, requestType?: "client" | "server" | "admin"): Promise<Response & {
+    sendClientRequest(path: string, requestOptions: RequestInit, session: InternalSession | null, requestType?: "client" | "server" | "admin"): Promise<Response & {
         usedTokens: {
             accessToken: AccessToken;
             refreshToken: RefreshToken | null;

package/dist/interface/clientInterface.js

@@ -88,7 +88,7 @@ export class StackClientInterface {
             if (globalVar.navigator && !globalVar.navigator.onLine) {
                 throw new Error("Failed to send Stack network request. It seems like you are offline. (window.navigator.onLine is falsy)", { cause: retriedResult.error });
             }
-            throw this._createNetworkError(retriedResult.error, session, requestType);
+            throw await this._createNetworkError(retriedResult.error, session, requestType);
         }
         return retriedResult.data;
     }
@@ -230,7 +230,7 @@ export class StackClientInterface {
                     return Result.error(e);
                 }
                 else {
-                    throw this._createNetworkError(e, session, requestType);
+                    throw await this._createNetworkError(e, session, requestType);
                 }
             }
             throw e;

package/dist/known-errors.js

@@ -149,7 +149,7 @@ const AccessTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAut
     deindent `
       The x-stack-access-type header was '${accessType}', but the x-stack-project-id header was not provided.
       
-      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/auth#authentication
+      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/overview#authentication
     `,
     {
         request_type: accessType,
@@ -160,7 +160,7 @@ const AccessTypeRequired = createKnownErrorConstructor(InvalidProjectAuthenticat
     deindent `
       You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.
       
-      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/auth#authentication
+      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/overview#authentication
     `,
 ], () => []);
 const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAuthentication, "INSUFFICIENT_ACCESS_TYPE", (actualAccessType, allowedAccessTypes) => [

package/dist/schema-fields.d.ts

@@ -33,16 +33,17 @@ export declare const jsonStringOrEmptySchema: yup.StringSchema<string | undefine
 export declare const base64Schema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const passwordSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 /**
- * A stricter email schema that does some additional checks for UX input.
+ * A stricter email schema that does some additional checks for UX input. (Some emails are allowed by the spec, for
+ * example `test@localhost` or `abc@gmail`, but almost certainly a user input error.)
  *
  * Note that some users in the DB have an email that doesn't match this regex, so most of the time you should use
  * `emailSchema` instead until we do the DB migration.
  */
 export declare const strictEmailSchema: (message: string | undefined) => yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
-export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
-export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
-export declare const adminAuthTypeSchema: yup.StringSchema<"admin" | undefined, yup.AnyObject, undefined, "">;
+export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin", yup.AnyObject, undefined, "">;
+export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin", yup.AnyObject, undefined, "">;
+export declare const adminAuthTypeSchema: yup.StringSchema<"admin", yup.AnyObject, undefined, "">;
 export declare const projectIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const projectDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const projectDescriptionSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
@@ -146,5 +147,7 @@ export declare const contactChannelValueSchema: yup.StringSchema<string | undefi
 export declare const contactChannelUsedForAuthSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const contactChannelIsVerifiedSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const contactChannelIsPrimarySchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const basicAuthorizationHeaderSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const neonAuthorizationHeaderSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare function yupDefinedWhen<S extends yup.AnyObject>(schema: S, triggerName: string, isValue: any): S;
 export {};

package/dist/schema-fields.js

@@ -1,9 +1,11 @@
 import * as yup from "yup";
 import { KnownErrors } from ".";
 import { isBase64 } from "./utils/bytes";
-import { StackAssertionError } from "./utils/errors";
+import { StackAssertionError, throwErr } from "./utils/errors";
+import { decodeBasicAuthorizationHeader } from "./utils/http";
 import { allProviders } from "./utils/oauth";
 import { deepPlainClone, omit } from "./utils/objects";
+import { isValidUrl } from "./utils/urls";
 import { isUuid } from "./utils/uuids";
 // eslint-disable-next-line no-restricted-syntax
 yup.addMethod(yup.string, "nonEmpty", function (message) {
@@ -160,18 +162,8 @@ export const adaptSchema = yupMixed();
  */
 export const urlSchema = yupString().test({
     name: 'url',
-    message: 'Invalid URL',
-    test: (value) => {
-        if (!value)
-            return true;
-        try {
-            new URL(value);
-            return true;
-        }
-        catch {
-            return false;
-        }
-    },
+    message: (params) => `${params.path} is not a valid URL`,
+    test: (value) => value == null || isValidUrl(value)
 });
 export const jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
 export const jsonStringSchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
@@ -203,19 +195,20 @@ export const base64Schema = yupString().test("is-base64", (params) => `${params.
 });
 export const passwordSchema = yupString().max(70);
 /**
- * A stricter email schema that does some additional checks for UX input.
+ * A stricter email schema that does some additional checks for UX input. (Some emails are allowed by the spec, for
+ * example `test@localhost` or `abc@gmail`, but almost certainly a user input error.)
  *
  * Note that some users in the DB have an email that doesn't match this regex, so most of the time you should use
  * `emailSchema` instead until we do the DB migration.
  */
 // eslint-disable-next-line no-restricted-syntax
-export const strictEmailSchema = (message) => yupString().email(message).matches(/^.*@.*\..*$/, message);
+export const strictEmailSchema = (message) => yupString().email(message).matches(/^.*@.*\.[^.][^.]+$/, message);
 // eslint-disable-next-line no-restricted-syntax
 export const emailSchema = yupString().email();
 // Request auth
-export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']);
-export const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']);
-export const adminAuthTypeSchema = yupString().oneOf(['admin']);
+export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']).defined();
+export const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']).defined();
+export const adminAuthTypeSchema = yupString().oneOf(['admin']).defined();
 // Projects
 export const projectIdSchema = yupString().test((v) => v === undefined || v === "internal" || isUuid(v)).meta({ openapiField: { description: _idDescription('project'), exampleValue: 'e0b52f4d-dece-408c-af49-d23061bb0f8d' } });
 export const projectDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('project'), exampleValue: 'MyMusic' } });
@@ -360,6 +353,23 @@ export const contactChannelValueSchema = yupString().when('type', {
 export const contactChannelUsedForAuthSchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel is used for authentication. If this is set to `true`, the user will be able to sign in with the contact channel with password or OTP.', exampleValue: true } });
 export const contactChannelIsVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel has been verified. If this is set to `true`, the contact channel has been verified to belong to the user.', exampleValue: true } });
 export const contactChannelIsPrimarySchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel is the primary contact channel. If this is set to `true`, it will be used for authentication and notifications by default.', exampleValue: true } });
+// Headers
+export const basicAuthorizationHeaderSchema = yupString().test('is-basic-authorization-header', 'Authorization header must be in the format "Basic <base64>"', (value) => {
+    if (!value)
+        return true;
+    return decodeBasicAuthorizationHeader(value) !== null;
+});
+// Neon integration
+export const neonAuthorizationHeaderSchema = basicAuthorizationHeaderSchema.test('is-neon-authorization-header', 'Invalid client_id:client_secret values; did you use the correct values for the Neon integration?', (value) => {
+    if (!value)
+        return true;
+    const [clientId, clientSecret] = decodeBasicAuthorizationHeader(value) ?? throwErr(`Neon authz header invalid? This should've been validated by basicAuthorizationHeaderSchema: ${value}`);
+    for (const neonClientConfig of JSON.parse(process.env.STACK_NEON_INTEGRATION_CLIENTS_CONFIG || '[]')) {
+        if (clientId === neonClientConfig.client_id && clientSecret === neonClientConfig.client_secret)
+            return true;
+    }
+    return false;
+});
 // Utils
 export function yupDefinedWhen(schema, triggerName, isValue) {
     return schema.when(triggerName, {

package/dist/sessions.d.ts

@@ -27,9 +27,12 @@ export declare class InternalSession {
     private _accessToken;
     private readonly _refreshToken;
     /**
-     * Whether the session as a whole is known to be invalid. Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
+     * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
      *
-     * Applies to both the access token and the refresh token (it is possible for the access token to be invalid but the refresh token to be valid, in which case the session is still valid).
+     * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is
+     * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to
+     * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed
+     * in an access token, eg. in a server-side request handler).
      */
     private _knownToBeInvalid;
     private _refreshPromise;

package/dist/sessions.js

@@ -25,14 +25,21 @@ export class InternalSession {
     constructor(_options) {
         this._options = _options;
         /**
-         * Whether the session as a whole is known to be invalid. Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
+         * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
          *
-         * Applies to both the access token and the refresh token (it is possible for the access token to be invalid but the refresh token to be valid, in which case the session is still valid).
+         * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is
+         * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to
+         * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed
+         * in an access token, eg. in a server-side request handler).
          */
         this._knownToBeInvalid = new Store(false);
         this._refreshPromise = null;
         this._accessToken = new Store(_options.accessToken ? new AccessToken(_options.accessToken) : null);
         this._refreshToken = _options.refreshToken ? new RefreshToken(_options.refreshToken) : null;
+        if (_options.accessToken === null && _options.refreshToken === null) {
+            // this session is already invalid
+            this._knownToBeInvalid.set(true);
+        }
         this.sessionKey = InternalSession.calculateSessionKey({ accessToken: _options.accessToken ?? null, refreshToken: _options.refreshToken });
     }
     static calculateSessionKey(ofTokens) {

package/dist/utils/browser-compat.d.ts

@@ -0,0 +1,6 @@
+export declare function getBrowserCompatibilityReport(): {
+    optionalChaining: string | boolean;
+    nullishCoalescing: string | boolean;
+    weakRef: string | boolean;
+    cryptoUuid: string | boolean;
+};

package/dist/utils/browser-compat.js

@@ -0,0 +1,17 @@
+export function getBrowserCompatibilityReport() {
+    const test = (snippet) => {
+        try {
+            (0, eval)(snippet);
+            return true;
+        }
+        catch (e) {
+            return `FAILED: ${e}`;
+        }
+    };
+    return {
+        optionalChaining: test("({})?.b?.c"),
+        nullishCoalescing: test("0 ?? 1"),
+        weakRef: test("new WeakRef({})"),
+        cryptoUuid: test("crypto.randomUUID()"),
+    };
+}

package/dist/utils/errors.d.ts

@@ -3,11 +3,11 @@ export declare function throwErr(errorMessage: string, extraData?: any): never;
 export declare function throwErr(error: Error): never;
 export declare function throwErr(...args: StatusErrorConstructorParameters): never;
 /**
- * Concatenates the stacktraces of the given errors onto the first.
+ * Concatenates the (original) stacktraces of the given errors onto the first.
  *
  * Useful when you invoke an async function to receive a promise without awaiting it immediately. Browsers are smart
  * enough to keep track of the call stack in async function calls when you invoke `.then` within the same async tick,
- * but if you don't,
+ * but if you don't, the stacktrace will be lost.
  *
  * Here's an example of the unwanted behavior:
  *
@@ -24,16 +24,10 @@ export declare function throwErr(...args: StatusErrorConstructorParameters): nev
  * ```
  */
 export declare function concatStacktraces(first: Error, ...errors: Error[]): void;
-export declare class StackAssertionError extends Error implements ErrorWithCustomCapture {
-    readonly extraData?: Record<string, any> | undefined;
-    constructor(message: string, extraData?: Record<string, any> | undefined, options?: ErrorOptions);
-    customCaptureExtraArgs: {
-        cause?: {} | undefined;
-    }[];
+export declare class StackAssertionError extends Error {
+    readonly extraData?: (Record<string, any> & ErrorOptions) | undefined;
+    constructor(message: string, extraData?: (Record<string, any> & ErrorOptions) | undefined);
 }
-export type ErrorWithCustomCapture = {
-    customCaptureExtraArgs: any[];
-};
 export declare function registerErrorSink(sink: (location: string, error: unknown) => void): void;
 export declare function captureError(location: string, error: unknown): void;
 type Status = {

package/dist/utils/errors.js

@@ -1,4 +1,5 @@
 import { globalVar } from "./globals";
+import { pick } from "./objects";
 export function throwErr(...args) {
     if (typeof args[0] === "string") {
         throw new StackAssertionError(args[0], args[1]);
@@ -17,11 +18,11 @@ function removeStacktraceNameLine(stack) {
     return stack.split("\n").slice(addsNameLine ? 1 : 0).join("\n");
 }
 /**
- * Concatenates the stacktraces of the given errors onto the first.
+ * Concatenates the (original) stacktraces of the given errors onto the first.
  *
  * Useful when you invoke an async function to receive a promise without awaiting it immediately. Browsers are smart
  * enough to keep track of the call stack in async function calls when you invoke `.then` within the same async tick,
- * but if you don't,
+ * but if you don't, the stacktrace will be lost.
  *
  * Here's an example of the unwanted behavior:
  *
@@ -50,16 +51,16 @@ export function concatStacktraces(first, ...errors) {
     }
 }
 export class StackAssertionError extends Error {
-    constructor(message, extraData, options) {
+    constructor(message, extraData) {
         const disclaimer = `\n\nThis is likely an error in Stack. Please make sure you are running the newest version and report it.`;
-        super(`${message}${message.endsWith(disclaimer) ? "" : disclaimer}`, options);
+        super(`${message}${message.endsWith(disclaimer) ? "" : disclaimer}`, pick(extraData ?? {}, ["cause"]));
         this.extraData = extraData;
-        this.customCaptureExtraArgs = [
-            {
-                ...this.extraData,
-                ...this.cause ? { cause: this.cause } : {},
+        Object.defineProperty(this, "customCaptureExtraArgs", {
+            get() {
+                return [this.extraData];
             },
-        ];
+            enumerable: false,
+        });
     }
 }
 StackAssertionError.prototype.name = "StackAssertionError";
@@ -92,7 +93,7 @@ export class StatusError extends Error {
         this.name = "StatusError";
         this.statusCode = status;
         if (!message) {
-            throw new StackAssertionError("StatusError always requires a message unless a Status object is passed", {}, { cause: this });
+            throw new StackAssertionError("StatusError always requires a message unless a Status object is passed", { cause: this });
         }
     }
     isClientError() {

package/dist/utils/http.d.ts

@@ -37,3 +37,5 @@ export declare const HTTP_METHODS: {
     };
 };
 export type HttpMethod = keyof typeof HTTP_METHODS;
+export declare function decodeBasicAuthorizationHeader(value: string): [string, string] | null;
+export declare function encodeBasicAuthorizationHeader(id: string, password: string): string;

package/dist/utils/http.js

@@ -1,3 +1,4 @@
+import { decodeBase64, encodeBase64, isBase64 } from "./bytes";
 export const HTTP_METHODS = {
     "GET": {
         safe: true,
@@ -36,3 +37,22 @@ export const HTTP_METHODS = {
         idempotent: false,
     },
 };
+export function decodeBasicAuthorizationHeader(value) {
+    const [type, encoded, ...rest] = value.split(' ');
+    if (rest.length > 0)
+        return null;
+    if (!encoded)
+        return null;
+    if (type !== 'Basic')
+        return null;
+    if (!isBase64(encoded))
+        return null;
+    const decoded = new TextDecoder().decode(decodeBase64(encoded));
+    const split = decoded.split(':');
+    return [split[0], split.slice(1).join(':')];
+}
+export function encodeBasicAuthorizationHeader(id, password) {
+    if (id.includes(':'))
+        throw new Error("Basic authorization header id cannot contain ':'");
+    return `Basic ${encodeBase64(new TextEncoder().encode(`${id}:${password}`))}`;
+}

package/dist/utils/jwt.js

@@ -3,6 +3,7 @@ import elliptic from "elliptic";
 import * as jose from "jose";
 import { JOSEError } from "jose/errors";
 import { encodeBase64Url } from "./bytes";
+import { StackAssertionError } from "./errors";
 import { globalVar } from "./globals";
 import { pick } from "./objects";
 const STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? "";
@@ -74,6 +75,9 @@ export async function getPublicJwkSet(secretOrPrivateJwk) {
     };
 }
 export function getPerAudienceSecret(options) {
+    if (options.audience === "kid") {
+        throw new StackAssertionError("You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx");
+    }
     return jose.base64url.encode(crypto
         .createHash('sha256')
         // TODO we should prefix a string like "stack-audience-secret" before we hash so you can't use `getKid(...)` to get the secret for eg. the "kid" audience if the same secret value is used

package/dist/utils/results.d.ts

@@ -69,7 +69,7 @@ declare class RetryError extends AggregateError {
     constructor(errors: unknown[]);
     get retries(): number;
 }
-declare function retry<T>(fn: () => Result<T> | Promise<Result<T>>, retries: number, { exponentialDelayBase }: {
+declare function retry<T>(fn: (attempt: number) => Result<T> | Promise<Result<T>>, retries: number, { exponentialDelayBase }?: {
     exponentialDelayBase?: number | undefined;
 }): Promise<Result<T, RetryError>>;
 export {};

package/dist/utils/results.js

@@ -116,17 +116,17 @@ class RetryError extends AggregateError {
     }
 }
 RetryError.prototype.name = "RetryError";
-async function retry(fn, retries, { exponentialDelayBase = 2000 }) {
+async function retry(fn, retries, { exponentialDelayBase = 1000 } = {}) {
     const errors = [];
     for (let i = 0; i < retries; i++) {
-        const res = await fn();
+        const res = await fn(i);
         if (res.status === "ok") {
             return Result.ok(res.data);
         }
         else {
             errors.push(res.error);
             if (i < retries - 1) {
-                await wait(Math.random() * exponentialDelayBase * 2 ** i);
+                await wait((Math.random() + 0.5) * exponentialDelayBase * (2 ** i));
             }
         }
     }

package/dist/utils/sentry.d.ts

@@ -0,0 +1,2 @@
+import * as Sentry from "@sentry/nextjs";
+export declare const sentryBaseConfig: Sentry.BrowserOptions & Sentry.NodeOptions & Sentry.VercelEdgeOptions;

package/dist/utils/sentry.js

@@ -0,0 +1,15 @@
+export const sentryBaseConfig = {
+    ignoreErrors: [
+        // React throws these errors when used with some browser extensions (eg. Google Translate)
+        "NotFoundError: Failed to execute 'removeChild' on 'Node': The node to be removed is not a child of this node.",
+        "NotFoundError: Failed to execute 'insertBefore' on 'Node': The node before which the new node is to be inserted is not a child of this node.",
+    ],
+    normalizeDepth: 5,
+    maxValueLength: 5000,
+    // Adjust this value in production, or use tracesSampler for greater control
+    tracesSampleRate: 1.0,
+    // Setting this option to true will print useful information to the console while you're setting up Sentry.
+    debug: false,
+    replaysOnErrorSampleRate: 1.0,
+    replaysSessionSampleRate: 1.0,
+};

package/dist/utils/urls.d.ts

@@ -1,4 +1,5 @@
 export declare function createUrlIfValid(...args: ConstructorParameters<typeof URL>): URL | null;
+export declare function isValidUrl(url: string): boolean;
 export declare function isLocalhost(urlOrString: string | URL): boolean;
 export declare function isRelative(url: string): boolean;
 export declare function getRelativePart(url: URL): string;

package/dist/utils/urls.js

@@ -7,6 +7,9 @@ export function createUrlIfValid(...args) {
         return null;
     }
 }
+export function isValidUrl(url) {
+    return !!createUrlIfValid(url);
+}
 export function isLocalhost(urlOrString) {
     const url = createUrlIfValid(urlOrString);
     if (!url)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.33",
+  "version": "2.6.36",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -50,7 +50,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.6.33"
+    "@stackframe/stack-sc": "2.6.36"
   },
   "devDependencies": {
     "@simplewebauthn/types": "^11.0.0",
@@ -61,7 +61,8 @@
     "rimraf": "^5.0.5",
     "react": "^18.2",
     "react-dom": "^18.2",
-    "next": "^14.1.0"
+    "next": "^14.1.0",
+    "@sentry/nextjs": "^8.40.0"
   },
   "scripts": {
     "build": "tsc",