@sveltejs/kit 2.27.3 → 2.29.0

package/src/exports/vite/static_analysis/utils.js

@@ -0,0 +1,101 @@
+/**
+ * Check if a match position is within a comment or a string
+ * @param {string} content - The full content
+ * @param {number} match_index - The index where the match starts
+ * @returns {boolean} - True if the match is within a comment
+ */
+export function should_ignore(content, match_index) {
+	// Track if we're inside different types of quotes and comments
+	let in_single_quote = false;
+	let in_double_quote = false;
+	let in_template_literal = false;
+	let in_single_line_comment = false;
+	let in_multi_line_comment = false;
+	let in_html_comment = false;
+
+	for (let i = 0; i < match_index; i++) {
+		const char = content[i];
+		const next_two = content.slice(i, i + 2);
+		const next_four = content.slice(i, i + 4);
+
+		// Handle end of single line comment
+		if (in_single_line_comment && char === '\n') {
+			in_single_line_comment = false;
+			continue;
+		}
+
+		// Handle end of multi-line comment
+		if (in_multi_line_comment && next_two === '*/') {
+			in_multi_line_comment = false;
+			i++; // Skip the '/' part
+			continue;
+		}
+
+		// Handle end of HTML comment
+		if (in_html_comment && content.slice(i, i + 3) === '-->') {
+			in_html_comment = false;
+			i += 2; // Skip the '-->' part
+			continue;
+		}
+
+		// If we're in any comment, skip processing
+		if (in_single_line_comment || in_multi_line_comment || in_html_comment) {
+			continue;
+		}
+
+		// Handle escape sequences in strings
+		if ((in_single_quote || in_double_quote || in_template_literal) && char === '\\') {
+			i++; // Skip the escaped character
+			continue;
+		}
+
+		// Handle string boundaries
+		if (!in_double_quote && !in_template_literal && char === "'") {
+			in_single_quote = !in_single_quote;
+			continue;
+		}
+
+		if (!in_single_quote && !in_template_literal && char === '"') {
+			in_double_quote = !in_double_quote;
+			continue;
+		}
+
+		if (!in_single_quote && !in_double_quote && char === '`') {
+			in_template_literal = !in_template_literal;
+			continue;
+		}
+
+		// If we're inside any string, don't process comment delimiters
+		if (in_single_quote || in_double_quote || in_template_literal) {
+			continue;
+		}
+
+		// Check for comment starts
+		if (next_two === '//') {
+			in_single_line_comment = true;
+			i++; // Skip the second '/'
+			continue;
+		}
+
+		if (next_two === '/*') {
+			in_multi_line_comment = true;
+			i++; // Skip the '*'
+			continue;
+		}
+
+		if (next_four === '<!--') {
+			in_html_comment = true;
+			i += 3; // Skip the '<!--'
+			continue;
+		}
+	}
+
+	return (
+		in_single_line_comment ||
+		in_multi_line_comment ||
+		in_html_comment ||
+		in_single_quote ||
+		in_double_quote ||
+		in_template_literal
+	);
+}

package/src/exports/vite/utils.js

@@ -113,6 +113,8 @@ export function not_found(req, res, base) {
 	}
 }
 
+const query_pattern = /\?.*$/s;
+
 /**
  * Removes cwd/lib path from the start of the id
  * @param {string} id
@@ -120,6 +122,8 @@ export function not_found(req, res, base) {
  * @param {string} cwd
  */
 export function normalize_id(id, lib, cwd) {
+	id = id.replace(query_pattern, '');
+
 	if (id.startsWith(lib)) {
 		id = id.replace(lib, '$lib');
 	}
@@ -155,4 +159,16 @@ export function normalize_id(id, lib, cwd) {
 	return posixify(id);
 }
 
+/**
+ * For times when you need to throw an error, but without
+ * displaying a useless stack trace (since the developer
+ * can't do anything useful with it)
+ * @param {string} message
+ */
+export function stackless(message) {
+	const error = new Error(message);
+	error.stack = '';
+	return error;
+}
+
 export const strip_virtual_prefix = /** @param {string} id */ (id) => id.replace('\0virtual:', '');

package/src/runtime/app/server/event.js

@@ -19,6 +19,7 @@ import('node:async_hooks')
  *
  * In environments without [`AsyncLocalStorage`](https://nodejs.org/api/async_context.html#class-asynclocalstorage), this must be called synchronously (i.e. not after an `await`).
  * @since 2.20.0
+ * @returns {RequestEvent}
  */
 export function getRequestEvent() {
 	const event = request_event ?? als?.getStore();

package/src/runtime/app/server/index.js

@@ -1,7 +1,7 @@
 import { read_implementation, manifest } from '__sveltekit/server';
 import { base } from '__sveltekit/paths';
 import { DEV } from 'esm-env';
-import { b64_decode } from '../../utils.js';
+import { base64_decode } from '../../utils.js';
 
 /**
  * Read the contents of an imported asset from the filesystem
@@ -33,8 +33,9 @@ export function read(asset) {
 		const data = asset.slice(match[0].length);
 
 		if (match[2] !== undefined) {
-			const decoded = b64_decode(data);
+			const decoded = base64_decode(data);
 
+			// @ts-ignore passing a Uint8Array to `new Response(...)` is fine
 			return new Response(decoded, {
 				headers: {
 					'Content-Length': decoded.byteLength.toString(),

package/src/runtime/app/server/remote/command.js

@@ -87,5 +87,10 @@ export function command(validate_or_fn, maybe_fn) {
 
 	Object.defineProperty(wrapper, '__', { value: __ });
 
+	// On the server, pending is always 0
+	Object.defineProperty(wrapper, 'pending', {
+		get: () => 0
+	});
+
 	return wrapper;
 }

package/src/runtime/app/server/remote/form.js

@@ -97,6 +97,16 @@ export function form(fn) {
 			}
 		});
 
+		// On the server, pending is always 0
+		Object.defineProperty(instance, 'pending', {
+			get: () => 0
+		});
+
+		// On the server, buttonProps.pending is always 0
+		Object.defineProperty(button_props, 'pending', {
+			get: () => 0
+		});
+
 		if (key == undefined) {
 			Object.defineProperty(instance, 'for', {
 				/** @type {RemoteForm<any>['for']} */

package/src/runtime/client/client.js

@@ -44,6 +44,7 @@ import { get_message, get_status } from '../../utils/error.js';
 import { writable } from 'svelte/store';
 import { page, update, navigating } from './state.svelte.js';
 import { add_data_suffix, add_resolution_suffix } from '../pathname.js';
+import { text_decoder } from '../utils.js';
 
 export { load_css };
 const ICON_REL_ATTRIBUTES = new Set(['icon', 'shortcut icon', 'apple-touch-icon']);
@@ -2781,7 +2782,6 @@ async function load_data(url, invalid) {
 		 */
 		const deferreds = new Map();
 		const reader = /** @type {ReadableStream<Uint8Array>} */ (res.body).getReader();
-		const decoder = new TextDecoder();
 
 		/**
 		 * @param {any} data
@@ -2804,7 +2804,7 @@ async function load_data(url, invalid) {
 			const { done, value } = await reader.read();
 			if (done && !text) break;
 
-			text += !value && text ? '\n' : decoder.decode(value, { stream: true }); // no value -> final chunk -> add a new line to trigger the last parse
+			text += !value && text ? '\n' : text_decoder.decode(value, { stream: true }); // no value -> final chunk -> add a new line to trigger the last parse
 
 			while (true) {
 				const split = text.indexOf('\n');

package/src/runtime/client/fetcher.js

@@ -1,6 +1,6 @@
 import { BROWSER, DEV } from 'esm-env';
 import { hash } from '../../utils/hash.js';
-import { b64_decode } from '../utils.js';
+import { base64_decode } from '../utils.js';
 
 let loading = 0;
 
@@ -90,6 +90,7 @@ export function initial_fetch(resource, opts) {
 
 	const script = document.querySelector(selector);
 	if (script?.textContent) {
+		script.remove(); // In case multiple script tags match the same selector
 		let { body, ...init } = JSON.parse(script.textContent);
 
 		const ttl = script.getAttribute('data-ttl');
@@ -98,7 +99,7 @@ export function initial_fetch(resource, opts) {
 		if (b64 !== null) {
 			// Can't use native_fetch('data:...;base64,${body}')
 			// csp can block the request
-			body = b64_decode(body);
+			body = base64_decode(body);
 		}
 
 		return Promise.resolve(new Response(body, init));

package/src/runtime/client/remote-functions/command.svelte.js

@@ -0,0 +1,91 @@
+/** @import { RemoteCommand, RemoteQueryOverride } from '@sveltejs/kit' */
+/** @import { RemoteFunctionResponse } from 'types' */
+/** @import { Query } from './query.svelte.js' */
+import { app_dir, base } from '__sveltekit/paths';
+import * as devalue from 'devalue';
+import { HttpError } from '@sveltejs/kit/internal';
+import { app } from '../client.js';
+import { stringify_remote_arg } from '../../shared.js';
+import { refresh_queries, release_overrides } from './shared.svelte.js';
+
+/**
+ * Client-version of the `command` function from `$app/server`.
+ * @param {string} id
+ * @returns {RemoteCommand<any, any>}
+ */
+export function command(id) {
+	/** @type {number} */
+	let pending_count = $state(0);
+
+	// Careful: This function MUST be synchronous (can't use the async keyword) because the return type has to be a promise with an updates() method.
+	// If we make it async, the return type will be a promise that resolves to a promise with an updates() method, which is not what we want.
+	/** @type {RemoteCommand<any, any>} */
+	const command_function = (arg) => {
+		/** @type {Array<Query<any> | RemoteQueryOverride>} */
+		let updates = [];
+
+		// Increment pending count when command starts
+		pending_count++;
+
+		/** @type {Promise<any> & { updates: (...args: any[]) => any }} */
+		const promise = (async () => {
+			try {
+				// Wait a tick to give room for the `updates` method to be called
+				await Promise.resolve();
+
+				const response = await fetch(`${base}/${app_dir}/remote/${id}`, {
+					method: 'POST',
+					body: JSON.stringify({
+						payload: stringify_remote_arg(arg, app.hooks.transport),
+						refreshes: updates.map((u) => u._key)
+					}),
+					headers: {
+						'Content-Type': 'application/json'
+					}
+				});
+
+				if (!response.ok) {
+					release_overrides(updates);
+					// We only end up here in case of a network error or if the server has an internal error
+					// (which shouldn't happen because we handle errors on the server and always send a 200 response)
+					throw new Error('Failed to execute remote function');
+				}
+
+				const result = /** @type {RemoteFunctionResponse} */ (await response.json());
+				if (result.type === 'redirect') {
+					release_overrides(updates);
+					throw new Error(
+						'Redirects are not allowed in commands. Return a result instead and use goto on the client'
+					);
+				} else if (result.type === 'error') {
+					release_overrides(updates);
+					throw new HttpError(result.status ?? 500, result.error);
+				} else {
+					if (result.refreshes) {
+						refresh_queries(result.refreshes, updates);
+					}
+
+					return devalue.parse(result.result, app.decoders);
+				}
+			} finally {
+				// Decrement pending count when command completes
+				pending_count--;
+			}
+		})();
+
+		promise.updates = (/** @type {any} */ ...args) => {
+			updates = args;
+			// @ts-expect-error Don't allow updates to be called multiple times
+			delete promise.updates;
+			return promise;
+		};
+
+		return promise;
+	};
+
+	Object.defineProperty(command_function, 'pending', {
+		get: () => pending_count
+	});
+
+	return command_function;
+}

package/src/runtime/client/remote-functions/form.svelte.js

@@ -5,7 +5,14 @@ import { app_dir, base } from '__sveltekit/paths';
 import * as devalue from 'devalue';
 import { DEV } from 'esm-env';
 import { HttpError } from '@sveltejs/kit/internal';
-import { app, remote_responses, started, goto, set_nearest_error_page } from '../client.js';
+import {
+	app,
+	remote_responses,
+	started,
+	goto,
+	set_nearest_error_page,
+	invalidateAll
+} from '../client.js';
 import { tick } from 'svelte';
 import { refresh_queries, release_overrides } from './shared.svelte.js';
 
@@ -27,6 +34,9 @@ export function form(id) {
 		/** @type {any} */
 		let result = $state(started ? undefined : remote_responses[action_id]);
 
+		/** @type {number} */
+		let pending_count = $state(0);
+
 		/**
 		 * @param {FormData} data
 		 * @returns {Promise<any> & { updates: (...args: any[]) => any }}
@@ -42,6 +52,9 @@ export function form(id) {
 				entry.count++;
 			}
 
+			// Increment pending count when submission starts
+			pending_count++;
+
 			/** @type {Array<Query<any> | RemoteQueryOverride>} */
 			let updates = [];
 
@@ -78,7 +91,11 @@ export function form(id) {
 					if (form_result.type === 'result') {
 						result = devalue.parse(form_result.result, app.decoders);
 
-						refresh_queries(form_result.refreshes, updates);
+						if (form_result.refreshes) {
+							refresh_queries(form_result.refreshes, updates);
+						} else {
+							void invalidateAll();
+						}
 					} else if (form_result.type === 'redirect') {
 						const refreshes = form_result.refreshes ?? '';
 						const invalidateAll = !refreshes && updates.length === 0;
@@ -94,6 +111,9 @@ export function form(id) {
 					release_overrides(updates);
 					throw e;
 				} finally {
+					// Decrement pending count when submission completes
+					pending_count--;
+
 					void tick().then(() => {
 						if (entry) {
 							entry.count--;
@@ -242,6 +262,10 @@ export function form(id) {
 			}
 		});
 
+		Object.defineProperty(button_props, 'pending', {
+			get: () => pending_count
+		});
+
 		Object.defineProperties(instance, {
 			buttonProps: {
 				value: button_props
@@ -249,6 +273,9 @@ export function form(id) {
 			result: {
 				get: () => result
 			},
+			pending: {
+				get: () => pending_count
+			},
 			enhance: {
 				/** @type {RemoteForm<any>['enhance']} */
 				value: (callback) => {

package/src/runtime/client/remote-functions/index.js

@@ -1,4 +1,4 @@
-export { command } from './command.js';
+export { command } from './command.svelte.js';
 export { form } from './form.svelte.js';
 export { prerender } from './prerender.svelte.js';
 export { query } from './query.svelte.js';

package/src/runtime/client/remote-functions/shared.svelte.js

@@ -2,7 +2,7 @@
 /** @import { RemoteFunctionResponse } from 'types' */
 /** @import { Query } from './query.svelte.js' */
 import * as devalue from 'devalue';
-import { app, goto, invalidateAll, query_map } from '../client.js';
+import { app, goto, query_map } from '../client.js';
 import { HttpError, Redirect } from '@sveltejs/kit/internal';
 import { tick } from 'svelte';
 import { create_remote_cache_key, stringify_remote_arg } from '../../shared.js';
@@ -125,19 +125,16 @@ export function release_overrides(updates) {
  */
 export function refresh_queries(stringified_refreshes, updates = []) {
 	const refreshes = Object.entries(devalue.parse(stringified_refreshes, app.decoders));
-	if (refreshes.length > 0) {
-		// `refreshes` is a superset of `updates`
-		for (const [key, value] of refreshes) {
-			// If there was an optimistic update, release it right before we update the query
-			const update = updates.find((u) => u._key === key);
-			if (update && 'release' in update) {
-				update.release();
-			}
-			// Update the query with the new value
-			const entry = query_map.get(key);
-			entry?.resource.set(value);
+
+	// `refreshes` is a superset of `updates`
+	for (const [key, value] of refreshes) {
+		// If there was an optimistic update, release it right before we update the query
+		const update = updates.find((u) => u._key === key);
+		if (update && 'release' in update) {
+			update.release();
 		}
-	} else {
-		void invalidateAll();
+		// Update the query with the new value
+		const entry = query_map.get(key);
+		entry?.resource.set(value);
 	}
 }

package/src/runtime/server/cookie.js

@@ -1,6 +1,7 @@
 import { parse, serialize } from 'cookie';
 import { normalize_path, resolve } from '../../utils/url.js';
 import { add_data_suffix } from '../pathname.js';
+import { text_encoder } from '../utils.js';
 
 // eslint-disable-next-line no-control-regex -- control characters are invalid in cookie names
 const INVALID_COOKIE_CHARACTER_REGEX = /[\x00-\x1F\x7F()<>@,;:"/[\]?={} \t]/;
@@ -217,7 +218,7 @@ export function get_cookies(request, url) {
 
 		if (__SVELTEKIT_DEV__) {
 			const serialized = serialize(name, value, new_cookies[name].options);
-			if (new TextEncoder().encode(serialized).byteLength > MAX_COOKIE_SIZE) {
+			if (text_encoder.encode(serialized).byteLength > MAX_COOKIE_SIZE) {
 				throw new Error(`Cookie "${name}" is too large, and will be discarded by the browser`);
 			}
 

package/src/runtime/server/data/index.js

@@ -7,8 +7,7 @@ import { clarify_devalue_error, handle_error_and_jsonify, serialize_uses } from
 import { normalize_path } from '../../../utils/url.js';
 import * as devalue from 'devalue';
 import { create_async_iterator } from '../../../utils/streaming.js';
-
-const encoder = new TextEncoder();
+import { text_encoder } from '../../utils.js';
 
 /**
  * @param {import('@sveltejs/kit').RequestEvent} event
@@ -129,9 +128,9 @@ export async function render_data(
 		return new Response(
 			new ReadableStream({
 				async start(controller) {
-					controller.enqueue(encoder.encode(data));
+					controller.enqueue(text_encoder.encode(data));
 					for await (const chunk of chunks) {
-						controller.enqueue(encoder.encode(chunk));
+						controller.enqueue(text_encoder.encode(chunk));
 					}
 					controller.close();
 				},

package/src/runtime/server/page/crypto.js

@@ -1,4 +1,4 @@
-const encoder = new TextEncoder();
+import { text_encoder } from '../../utils.js';
 
 /**
  * SHA-256 hashing function adapted from https://bitwiseshiftleft.github.io/sjcl
@@ -102,7 +102,7 @@ export function sha256(data) {
 	const bytes = new Uint8Array(out.buffer);
 	reverse_endianness(bytes);
 
-	return base64(bytes);
+	return btoa(String.fromCharCode(...bytes));
 }
 
 /** The SHA-256 initialization vector */
@@ -160,7 +160,7 @@ function reverse_endianness(bytes) {
 
 /** @param {string} str */
 function encode(str) {
-	const encoded = encoder.encode(str);
+	const encoded = text_encoder.encode(str);
 	const length = encoded.length * 8;
 
 	// result should be a multiple of 512 bits in length,
@@ -182,58 +182,3 @@ function encode(str) {
 
 	return words;
 }
-
-/*
-	Based on https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
-
-	MIT License
-	Copyright (c) 2020 Egor Nepomnyaschih
-	Permission is hereby granted, free of charge, to any person obtaining a copy
-	of this software and associated documentation files (the "Software"), to deal
-	in the Software without restriction, including without limitation the rights
-	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-	copies of the Software, and to permit persons to whom the Software is
-	furnished to do so, subject to the following conditions:
-	The above copyright notice and this permission notice shall be included in all
-	copies or substantial portions of the Software.
-	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-	SOFTWARE.
-*/
-const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'.split('');
-
-/** @param {Uint8Array} bytes */
-export function base64(bytes) {
-	const l = bytes.length;
-
-	let result = '';
-	let i;
-
-	for (i = 2; i < l; i += 3) {
-		result += chars[bytes[i - 2] >> 2];
-		result += chars[((bytes[i - 2] & 0x03) << 4) | (bytes[i - 1] >> 4)];
-		result += chars[((bytes[i - 1] & 0x0f) << 2) | (bytes[i] >> 6)];
-		result += chars[bytes[i] & 0x3f];
-	}
-
-	if (i === l + 1) {
-		// 1 octet yet to write
-		result += chars[bytes[i - 2] >> 2];
-		result += chars[(bytes[i - 2] & 0x03) << 4];
-		result += '==';
-	}
-
-	if (i === l) {
-		// 2 octets yet to write
-		result += chars[bytes[i - 2] >> 2];
-		result += chars[((bytes[i - 2] & 0x03) << 4) | (bytes[i - 1] >> 4)];
-		result += chars[(bytes[i - 1] & 0x0f) << 2];
-		result += '=';
-	}
-
-	return result;
-}

package/src/runtime/server/page/csp.js

@@ -1,11 +1,11 @@
 import { escape_html } from '../../../utils/escape.js';
-import { base64, sha256 } from './crypto.js';
+import { sha256 } from './crypto.js';
 
 const array = new Uint8Array(16);
 
 function generate_nonce() {
 	crypto.getRandomValues(array);
-	return base64(array);
+	return btoa(String.fromCharCode(...array));
 }
 
 const quoted = new Set([

package/src/runtime/server/page/load_data.js

@@ -1,7 +1,7 @@
 import { DEV } from 'esm-env';
 import { disable_search, make_trackable } from '../../../utils/url.js';
 import { validate_depends } from '../../shared.js';
-import { b64_encode } from '../../utils.js';
+import { base64_encode, text_decoder } from '../../utils.js';
 import { with_event } from '../../app/server/event.js';
 
 /**
@@ -316,12 +316,14 @@ export function create_universal_fetch(event, state, fetched, csr, resolve_opts)
 					return async () => {
 						const buffer = await response.arrayBuffer();
 
+						const bytes = new Uint8Array(buffer);
+
 						if (dependency) {
-							dependency.body = new Uint8Array(buffer);
+							dependency.body = bytes;
 						}
 
 						if (buffer instanceof ArrayBuffer) {
-							await push_fetched(b64_encode(buffer), true);
+							await push_fetched(base64_encode(bytes), true);
 						}
 
 						return buffer;
@@ -394,13 +396,12 @@ export function create_universal_fetch(event, state, fetched, csr, resolve_opts)
 async function stream_to_string(stream) {
 	let result = '';
 	const reader = stream.getReader();
-	const decoder = new TextDecoder();
 	while (true) {
 		const { done, value } = await reader.read();
 		if (done) {
 			break;
 		}
-		result += decoder.decode(value);
+		result += text_decoder.decode(value);
 	}
 	return result;
 }

package/src/runtime/server/page/render.js

@@ -17,6 +17,7 @@ import { create_server_routing_response, generate_route_object } from './server_
 import { add_resolution_suffix } from '../../pathname.js';
 import { with_event } from '../../app/server/event.js';
 import { get_event_state } from '../event-state.js';
+import { text_encoder } from '../../utils.js';
 
 // TODO rename this function/module
 
@@ -25,8 +26,6 @@ const updated = {
 	check: () => false
 };
 
-const encoder = new TextEncoder();
-
 /**
  * Creates the HTML response.
  * @param {{
@@ -586,9 +585,9 @@ export async function render_response({
 		: new Response(
 				new ReadableStream({
 					async start(controller) {
-						controller.enqueue(encoder.encode(transformed + '\n'));
+						controller.enqueue(text_encoder.encode(transformed + '\n'));
 						for await (const chunk of chunks) {
-							controller.enqueue(encoder.encode(chunk));
+							controller.enqueue(text_encoder.encode(chunk));
 						}
 						controller.close();
 					},