@sveltejs/kit 2.62.0 → 3.0.0-next.0

package/src/exports/hooks/index.js

@@ -1 +1,14 @@
+/** @import { EnvVarConfig } from '@sveltejs/kit' */
+
 export { sequence } from './sequence.js';
+
+/**
+ * Utility for defining [environment variables](https://svelte.dev/docs/kit/environment-variables),
+ * which are made available via `$app/env/public` and `$app/env/private`.
+ * @template {Record<string, EnvVarConfig<any>>} T
+ * @param {T} variables
+ * @returns {T}
+ */
+export function defineEnvVars(variables) {
+	return variables;
+}

package/src/exports/index.js

@@ -14,19 +14,6 @@ import { text_encoder } from '../runtime/utils.js';
 
 export { VERSION } from '../version.js';
 
-// TODO 3.0: remove these types as they are not used anymore (we can't remove them yet because that would be a breaking change)
-/**
- * @template {number} TNumber
- * @template {any[]} [TArray=[]]
- * @typedef {TNumber extends TArray['length'] ? TArray[number] : LessThan<TNumber, [...TArray, TArray['length']]>} LessThan
- */
-
-/**
- * @template {number} TStart
- * @template {number} TEnd
- * @typedef {Exclude<TEnd | LessThan<TEnd>, LessThan<TStart>>} NumericRange
- */
-
 // Keep the status codes as `number` because restricting to certain numbers makes it unnecessarily hard to use compared to the benefits
 // (we have runtime errors already to check for invalid codes). Also see https://github.com/sveltejs/kit/issues/11780
 
@@ -44,7 +31,7 @@ export { VERSION } from '../version.js';
  * @param {number} status
  * @param {App.Error} body
  * @return {never}
- * @throws {HttpError} This error instructs SvelteKit to initiate HTTP error handling.
+ * @throws {import('./public.js').HttpError} This error instructs SvelteKit to initiate HTTP error handling.
  * @throws {Error} If the provided status is invalid (not between 400 and 599).
  */
 /**
@@ -58,7 +45,7 @@ export { VERSION } from '../version.js';
  * @param {number} status
  * @param {{ message: string } extends App.Error ? App.Error | string | undefined : never} [body]
  * @return {never}
- * @throws {HttpError} This error instructs SvelteKit to initiate HTTP error handling.
+ * @throws {import('./public.js').HttpError} This error instructs SvelteKit to initiate HTTP error handling.
  * @throws {Error} If the provided status is invalid (not between 400 and 599).
  */
 /**
@@ -69,7 +56,7 @@ export { VERSION } from '../version.js';
  * @param {number} status The [HTTP status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses). Must be in the range 400-599.
  * @param {{ message: string } extends App.Error ? App.Error | string | undefined : never} body An object that conforms to the App.Error type. If a string is passed, it will be used as the message property.
  * @return {never}
- * @throws {HttpError} This error instructs SvelteKit to initiate HTTP error handling.
+ * @throws {import('./public.js').HttpError} This error instructs SvelteKit to initiate HTTP error handling.
  * @throws {Error} If the provided status is invalid (not between 400 and 599).
  */
 export function error(status, body) {
@@ -85,7 +72,7 @@ export function error(status, body) {
  * @template {number} T
  * @param {unknown} e
  * @param {T} [status] The status to filter for.
- * @return {e is (HttpError & { status: T extends undefined ? never : T })}
+ * @return {e is (import('./public.js').HttpError & { status: T extends undefined ? never : T })}
  */
 export function isHttpError(e, status) {
 	if (!(e instanceof HttpError)) return false;
@@ -105,7 +92,7 @@ export function isHttpError(e, status) {
  *
  * @param {300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | ({} & number)} status The [HTTP status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#redirection_messages). Must be in the range 300-308.
  * @param {string | URL} location The location to redirect to.
- * @throws {Redirect} This error instructs SvelteKit to redirect to the specified location.
+ * @throws {import('./public.js').Redirect} This error instructs SvelteKit to redirect to the specified location.
  * @throws {Error} If the provided status is invalid or the location cannot be used as a header value.
  * @return {never}
  */
@@ -124,7 +111,7 @@ export function redirect(status, location) {
 /**
  * Checks whether this is a redirect thrown by {@link redirect}.
  * @param {unknown} e The object to check.
- * @return {e is Redirect}
+ * @return {e is import('./public.js').Redirect}
  */
 export function isRedirect(e) {
 	return e instanceof Redirect;
@@ -134,10 +121,9 @@ export function isRedirect(e) {
  * Create a JSON `Response` object from the supplied data.
  * @param {any} data The value that will be serialized as JSON.
  * @param {ResponseInit} [init] Options such as `status` and `headers` that will be added to the response. `Content-Type: application/json` and `Content-Length` headers will be added automatically.
+ * @deprecated use `Response.json`
  */
 export function json(data, init) {
-	// TODO deprecate this in favour of `Response.json` when it's
-	// more widely supported
 	const body = JSON.stringify(data);
 
 	// we can't just do `text(JSON.stringify(data), init)` because
@@ -162,6 +148,7 @@ export function json(data, init) {
  * Create a `Response` object from the supplied body.
  * @param {string} body The value that will be used as-is.
  * @param {ResponseInit} [init] Options such as `status` and `headers` that will be added to the response. A `Content-Length` header will be added automatically.
+ * @deprecated use `new Response`
  */
 export function text(body, init) {
 	const headers = new Headers(init?.headers);

package/src/exports/internal/env.js

@@ -0,0 +1,71 @@
+/** @import { StandardSchemaV1 } from '@standard-schema/spec' */
+/** @import { EnvVarConfig } from '@sveltejs/kit' */
+
+import { stackless } from '../vite/utils.js';
+
+const MISSING = {
+	message: `Value is missing. If it is optional, add a Standard Schema validator declaring it as such.`
+};
+
+const BAD_VALIDATOR = {
+	message: 'Variable was configured with a validator that does not implement Standard Schema'
+};
+
+const ASYNC_VALIDATOR = {
+	message: 'Variable uses an async validator, which is not supported'
+};
+
+/**
+ * @param {Record<string, EnvVarConfig<any>>} variables
+ * @param {string | undefined} value
+ * @param {string} name
+ * @param {Record<string, StandardSchemaV1.Issue[]>} issues
+ * @returns
+ */
+export function validate(variables, value, name, issues) {
+	const config = variables[name] ?? {};
+	const validator = config.schema;
+
+	if (!validator) {
+		if (!value) issues[name] = [MISSING];
+		return value;
+	}
+
+	if (!validator['~standard']) {
+		issues[name] = [BAD_VALIDATOR];
+		return;
+	}
+
+	const result = validator['~standard'].validate(value);
+
+	if (result instanceof Promise) {
+		issues[name] = [ASYNC_VALIDATOR];
+		return;
+	}
+
+	if (result.issues) {
+		issues[name] = [...result.issues];
+		return;
+	}
+
+	return result.value;
+}
+
+/**
+ * @param {Record<string, StandardSchemaV1.Issue[]>} issues
+ */
+export function handle_issues(issues) {
+	const entries = Object.entries(issues);
+
+	if (entries.length === 0) {
+		return;
+	}
+
+	let message = 'Invalid environment variables\n';
+
+	for (const [name, issues] of entries) {
+		message += `\n${name}\n${issues.map((issue) => `  - ${issue.message}`).join('\n')}\n`;
+	}
+
+	throw stackless(message);
+}

package/src/exports/internal/types.d.ts

@@ -0,0 +1,3 @@
+// We re-export this so we can use it in the `$app/env/*` module declarations
+// without the app needing to depend on this package
+export { StandardSchemaV1 } from '@standard-schema/spec';

package/src/exports/node/index.js

@@ -2,7 +2,6 @@ import { createReadStream } from 'node:fs';
 import { Readable } from 'node:stream';
 import { SvelteKitError } from '../internal/index.js';
 import { noop } from '../../utils/functions.js';
-import { get_set_cookies } from '../../utils/http.js';
 
 /**
  * @param {import('http').IncomingMessage} req
@@ -38,15 +37,11 @@ function get_raw_body(req, body_size_limit) {
 	return new ReadableStream({
 		start(controller) {
 			if (body_size_limit !== undefined && has_content_length && content_length > body_size_limit) {
-				let message = `Content-length of ${content_length} exceeds limit of ${body_size_limit} bytes.`;
-
-				if (body_size_limit === 0) {
-					// https://github.com/sveltejs/kit/pull/11589
-					// TODO this exists to aid migration — remove in a future version
-					message += ' To disable body size limits, specify Infinity rather than 0.';
-				}
-
-				const error = new SvelteKitError(413, 'Payload Too Large', message);
+				const error = new SvelteKitError(
+					413,
+					'Payload Too Large',
+					`Content-length of ${content_length} exceeds limit of ${body_size_limit} bytes.`
+				);
 
 				controller.error(error);
 				return;
@@ -133,9 +128,9 @@ export async function getRequest({ request, base, bodySizeLimit }) {
 		delete headers[':scheme'];
 	}
 
-	// TODO: Whenever Node >=22 is minimum supported version, we can use `request.readableAborted`
-	// @see https://github.com/nodejs/node/blob/5cf3c3e24c7257a0c6192ed8ef71efec8ddac22b/lib/internal/streams/readable.js#L1443-L1453
 	const controller = new AbortController();
+	// TODO: Whenever Node >=22.17 is the minimum supported version, we can do `if (request.readableAborted) controller.abort()` instead
+	// see https://github.com/nodejs/node/blob/5cf3c3e24c7257a0c6192ed8ef71efec8ddac22b/lib/internal/streams/readable.js#L1443-L1453
 	let errored = false;
 	let end_emitted = false;
 	request.once('error', () => (errored = true));
@@ -169,7 +164,7 @@ export async function getRequest({ request, base, bodySizeLimit }) {
 export async function setResponse(res, response) {
 	for (const [key, value] of response.headers) {
 		try {
-			res.setHeader(key, key === 'set-cookie' ? get_set_cookies(response.headers) : value);
+			res.setHeader(key, key === 'set-cookie' ? response.headers.getSetCookie() : value);
 		} catch (error) {
 			res.getHeaderNames().forEach((name) => res.removeHeader(name));
 			res.writeHead(500).end(String(error));

package/src/exports/public.d.ts

@@ -122,13 +122,12 @@ export interface Builder {
 	/** An array of all routes (including prerendered) */
 	routes: RouteDefinition[];
 
-	// TODO 3.0 remove this method
 	/**
 	 * Create separate functions that map to one or more routes of your app.
 	 * @param fn A function that groups a set of routes into an entry point
-	 * @deprecated Use `builder.routes` instead
+	 * @deprecated removed in 3.0. Use `builder.routes` instead
 	 */
-	createEntries: (fn: (route: RouteDefinition) => AdapterEntry) => Promise<void>;
+	createEntries?: (fn: (route: RouteDefinition) => AdapterEntry) => Promise<void>;
 
 	/**
 	 * Find all the assets imported by server files belonging to `routes`
@@ -141,7 +140,7 @@ export interface Builder {
 	generateFallback: (dest: string) => Promise<void>;
 
 	/**
-	 * Generate a module exposing build-time environment variables as `$env/dynamic/public` if the app uses it.
+	 * Generate a module exposing public environment variables as `$app/env/public` if the app uses it.
 	 */
 	generateEnvModule: () => void;
 
@@ -264,57 +263,50 @@ export interface Cookies {
 	/**
 	 * Gets a cookie that was previously set with `cookies.set`, or from the request headers.
 	 * @param name the name of the cookie
-	 * @param opts the options, passed directly to `cookie.parse`. See documentation [here](https://github.com/jshttp/cookie#cookieparsestr-options)
+	 * @param opts the options, passed directly to `cookie.parse`. See documentation [here](https://github.com/jshttp/cookie?tab=readme-ov-file#cookieparsecookiestr-options)
 	 */
-	get: (name: string, opts?: import('cookie').CookieParseOptions) => string | undefined;
+	get: (name: string, opts?: import('cookie').ParseOptions) => string | undefined;
 
 	/**
 	 * Gets all cookies that were previously set with `cookies.set`, or from the request headers.
-	 * @param opts the options, passed directly to `cookie.parse`. See documentation [here](https://github.com/jshttp/cookie#cookieparsestr-options)
+	 * @param opts the options, passed directly to `cookie.parse`. See documentation [here](https://github.com/jshttp/cookie?tab=readme-ov-file#cookieparsecookiestr-options)
 	 */
-	getAll: (opts?: import('cookie').CookieParseOptions) => Array<{ name: string; value: string }>;
+	getAll: (opts?: import('cookie').ParseOptions) => Array<{ name: string; value: string }>;
 
 	/**
 	 * Sets a cookie. This will add a `set-cookie` header to the response, but also make the cookie available via `cookies.get` or `cookies.getAll` during the current request.
 	 *
-	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
+	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP.
 	 *
-	 * You must specify a `path` for the cookie. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children
+	 * The `path` option is `'/'` by default. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children.
 	 * @param name the name of the cookie
 	 * @param value the cookie value
-	 * @param opts the options, passed directly to `cookie.serialize`. See documentation [here](https://github.com/jshttp/cookie#cookieserializename-value-options)
+	 * @param opts the options passed to `cookie.serialize` with the SvelteKit defaults described above. See documentation [here](https://github.com/jshttp/cookie?tab=readme-ov-file#cookiestringifysetcookiesetcookieobj-options)
 	 */
-	set: (
-		name: string,
-		value: string,
-		opts: import('cookie').CookieSerializeOptions & { path: string }
-	) => void;
+	set: (name: string, value: string, opts: import('cookie').SerializeOptions) => void;
 
 	/**
 	 * Deletes a cookie by setting its value to an empty string and setting the expiry date in the past.
 	 *
-	 * You must specify a `path` for the cookie. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children
+	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP.
+	 *
+	 * The `path` option is `'/'` by default. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children.
 	 * @param name the name of the cookie
-	 * @param opts the options, passed directly to `cookie.serialize`. The `path` must match the path of the cookie you want to delete. See documentation [here](https://github.com/jshttp/cookie#cookieserializename-value-options)
+	 * @param opts the options passed to `cookie.serialize` with the SvelteKit defaults described above. See documentation [here](https://github.com/jshttp/cookie?tab=readme-ov-file#cookiestringifysetcookiesetcookieobj-options)
 	 */
-	delete: (name: string, opts: import('cookie').CookieSerializeOptions & { path: string }) => void;
+	delete: (name: string, opts: import('cookie').SerializeOptions) => void;
 
 	/**
 	 * Serialize a cookie name-value pair into a `Set-Cookie` header string, but don't apply it to the response.
 	 *
-	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP. The `sameSite` option defaults to `lax`.
-	 *
-	 * You must specify a `path` for the cookie. In most cases you should explicitly set `path: '/'` to make the cookie available throughout your app. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children
+	 * The `httpOnly` and `secure` options are `true` by default (except on http://localhost, where `secure` is `false`), and must be explicitly disabled if you want cookies to be readable by client-side JavaScript and/or transmitted over HTTP.
 	 *
+	 * The `path` option is `'/'` by default. You can use relative paths, or set `path: ''` to make the cookie only available on the current path and its children.
 	 * @param name the name of the cookie
 	 * @param value the cookie value
-	 * @param opts the options, passed directly to `cookie.serialize`. See documentation [here](https://github.com/jshttp/cookie#cookieserializename-value-options)
+	 * @param opts the options passed to `cookie.serialize` with the SvelteKit defaults described above. See documentation [here](https://github.com/jshttp/cookie?tab=readme-ov-file#cookiestringifysetcookiesetcookieobj-options)
 	 */
-	serialize: (
-		name: string,
-		value: string,
-		opts: import('cookie').CookieSerializeOptions & { path: string }
-	) => string;
+	serialize: (name: string, value: string, opts: import('cookie').SerializeOptions) => string;
 }
 
 /**
@@ -329,9 +321,11 @@ export interface Emulator {
 }
 
 export interface KitConfig {
+	// TODO: remove this in 4.0
 	/**
 	 * Your [adapter](https://svelte.dev/docs/kit/adapters) is run when executing `vite build`. It determines how the output is converted for different platforms.
 	 * @default undefined
+	 * @deprecated removed in 3.0.0. Adapters should now be passed to the `sveltekit` Vite plugin in `vite.config.js`
 	 */
 	adapter?: Adapter;
 	/**
@@ -428,7 +422,7 @@ export interface KitConfig {
 		 *
 		 * To allow people to make `POST`, `PUT`, `PATCH`, or `DELETE` requests with a `Content-Type` of `application/x-www-form-urlencoded`, `multipart/form-data`, or `text/plain` to your app from other origins, you will need to disable this option. Be careful!
 		 * @default true
-		 * @deprecated Use `trustedOrigins: ['*']` instead
+		 * @deprecated removed in 3.0. Use `trustedOrigins: ['*']` instead
 		 */
 		checkOrigin?: boolean;
 		/**
@@ -462,17 +456,6 @@ export interface KitConfig {
 		 * @default "."
 		 */
 		dir?: string;
-		/**
-		 * A prefix that signals that an environment variable is safe to expose to client-side code. See [`$env/static/public`](https://svelte.dev/docs/kit/$env-static-public) and [`$env/dynamic/public`](https://svelte.dev/docs/kit/$env-dynamic-public). Note that Vite's [`envPrefix`](https://vitejs.dev/config/shared-options.html#envprefix) must be set separately if you are using Vite's environment variable handling - though use of that feature should generally be unnecessary.
-		 * @default "PUBLIC_"
-		 */
-		publicPrefix?: string;
-		/**
-		 * A prefix that signals that an environment variable is unsafe to expose to client-side code. Environment variables matching neither the public nor the private prefix will be discarded completely. See [`$env/static/private`](https://svelte.dev/docs/kit/$env-static-private) and [`$env/dynamic/private`](https://svelte.dev/docs/kit/$env-dynamic-private).
-		 * @default ""
-		 * @since 1.21.0
-		 */
-		privatePrefix?: string;
 	};
 	/** Experimental features. Here be dragons. These are not subject to semantic versioning, so breaking changes or removal can happen in any release. */
 	experimental?: {
@@ -620,6 +603,16 @@ export interface KitConfig {
 	 * Options related to the build output format
 	 */
 	output?: {
+		/**
+		 * Whether to use the [HTTP `Link` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Link) to preload assets instead of the [`<link>` HTML element](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/link) for non-prerendered pages.
+		 *
+		 * Note that some web servers such as Nginx and Apache have a default header size limit which may be easily exceeded.
+		 * If you are using one of these web servers, you may want to leave this as `false` or configure a higher limit.
+		 *
+		 * @default false
+		 * @since 3.0.0
+		 */
+		linkHeaderPreload?: boolean;
 		/**
 		 * SvelteKit will preload the JavaScript modules needed for the initial page to avoid import 'waterfalls', resulting in faster application startup. There
 		 * are three strategies with different trade-offs:
@@ -628,6 +621,7 @@ export interface KitConfig {
 		 * - `preload-mjs` - uses `<link rel="preload">` but with the `.mjs` extension which prevents double-parsing in Chromium. Some static webservers will fail to serve .mjs files with a `Content-Type: application/javascript` header, which will cause your application to break. If that doesn't apply to you, this is the option that will deliver the best performance for the largest number of users, until `modulepreload` is more widely supported.
 		 * @default "modulepreload"
 		 * @since 1.8.4
+		 * @deprecated removed in 3.0
 		 */
 		preloadStrategy?: 'modulepreload' | 'preload-js' | 'preload-mjs';
 		/**
@@ -636,7 +630,7 @@ export interface KitConfig {
 		 * - If `'single'`, creates just one .js bundle and one .css file containing code for the entire app.
 		 * - If `'inline'`, inlines all JavaScript and CSS of the entire app into the HTML. The result is usable without a server (i.e. you can just open the file in your browser).
 		 *
-		 * When using `'split'`, you can also adjust the bundling behaviour by setting [`output.experimentalMinChunkSize`](https://rollupjs.org/configuration-options/#output-experimentalminchunksize) and [`output.manualChunks`](https://rollupjs.org/configuration-options/#output-manualchunks) inside your Vite config's [`build.rollupOptions`](https://vite.dev/config/build-options.html#build-rollupoptions).
+		 * When using `'split'`, you can also adjust the bundling behaviour by setting [`output.codeSplitting`](https://rolldown.rs/reference/OutputOptions.codeSplitting) inside your Vite config's [`build.rolldownOptions`](https://vite.dev/config/build-options#build-rolldownoptions).
 		 *
 		 * If you want to inline your assets, you'll need to set Vite's [`build.assetsInlineLimit`](https://vite.dev/config/build-options.html#build-assetsinlinelimit) option to an appropriate size then import your assets through Vite.
 		 *
@@ -1281,13 +1275,6 @@ export interface NavigationGoto extends NavigationBase {
 	 * - `goto`: Navigation was triggered by a `goto(...)` call or a redirect
 	 */
 	type: 'goto';
-
-	// TODO 3.0 remove this property, so that it only exists when type is 'popstate'
-	// (would possibly be a breaking change to do it prior to that)
-	/**
-	 * In case of a history back/forward navigation, the number of steps to go back/forward
-	 */
-	delta?: undefined;
 }
 
 export interface NavigationLeave extends NavigationBase {
@@ -1296,13 +1283,6 @@ export interface NavigationLeave extends NavigationBase {
 	 * - `leave`: The app is being left either because the tab is being closed or a navigation to a different document is occurring
 	 */
 	type: 'leave';
-
-	// TODO 3.0 remove this property, so that it only exists when type is 'popstate'
-	// (would possibly be a breaking change to do it prior to that)
-	/**
-	 * In case of a history back/forward navigation, the number of steps to go back/forward
-	 */
-	delta?: undefined;
 }
 
 export interface NavigationFormSubmit extends NavigationBase {
@@ -1316,13 +1296,6 @@ export interface NavigationFormSubmit extends NavigationBase {
 	 * The `SubmitEvent` that caused the navigation
 	 */
 	event: SubmitEvent;
-
-	// TODO 3.0 remove this property, so that it only exists when type is 'popstate'
-	// (would possibly be a breaking change to do it prior to that)
-	/**
-	 * In case of a history back/forward navigation, the number of steps to go back/forward
-	 */
-	delta?: undefined;
 }
 
 export interface NavigationPopState extends NavigationBase {
@@ -1354,13 +1327,6 @@ export interface NavigationLink extends NavigationBase {
 	 * The `PointerEvent` that caused the navigation
 	 */
 	event: PointerEvent;
-
-	// TODO 3.0 remove this property, so that it only exists when type is 'popstate'
-	// (would possibly be a breaking change to do it prior to that)
-	/**
-	 * In case of a history back/forward navigation, the number of steps to go back/forward
-	 */
-	delta?: undefined;
 }
 
 export type Navigation =
@@ -2314,4 +2280,37 @@ export type RemoteLiveQueryFunction<Input, Output, _Validated = Input> = (
 	arg: undefined extends Input ? Input | void : Input
 ) => RemoteLiveQuery<Output>;
 
+/**
+ * [Environment variables](https://svelte.dev/docs/kit/environment-variables) can be configured by exporting
+ * a `variables` object from `src/env.ts`, using [`defineEnvVars`](https://svelte.dev/docs/kit/@sveltejs-kit-hooks#defineEnvVars).
+ */
+export interface EnvVarConfig<T> {
+	/**
+	 * Whether the environment variable can be accessed by client-side code.
+	 * - if `true`, it can be imported from `$app/env/public`
+	 * - if `false`, it can be imported from `$app/env/private`, which is a [server-only module](https://svelte.dev/docs/kit/server-only-modules)
+	 * @default false
+	 */
+	public?: boolean;
+	/**
+	 * Whether the value is determined at build time or when the app runs.
+	 * - if `true`, the build time value is inlined into the bundle. This enables optimisations like dead-code elimination
+	 * - if `false`, the value is read from the environment when the app starts
+	 * @default false
+	 */
+	static?: boolean;
+	/**
+	 * A [Standard Schema](https://standardschema.dev/) validator that is applied to the value when the app starts.
+	 * The validator can output any value — not necessarily a string — but public, non-static values must be
+	 * serializable by [devalue](https://github.com/sveltejs/devalue) so that they can be sent to the browser.
+	 *
+	 * If omitted, the value must be a non-empty string.
+	 */
+	schema?: StandardSchemaV1<string | undefined, T>;
+	/**
+	 * A description of the variable that will be used for inline documentation on hover.
+	 */
+	description?: string;
+}
+
 export * from './index.js';

package/src/exports/vite/build/build_server.js

@@ -1,5 +1,5 @@
 /** @import { AssetDependencies, ManifestData, SSRNode, ValidatedKitConfig } from 'types' */
-/** @import { Manifest, Rollup } from 'vite' */
+/** @import { Manifest, Rolldown } from 'vite' */
 import fs from 'node:fs';
 import { mkdirp } from '../../../utils/filesystem.js';
 import {
@@ -24,6 +24,7 @@ import { escape_for_interpolation } from '../../../utils/escape.js';
  * @param {null} client_manifest
  * @param {null} assets_path
  * @param {null} client_chunks
+ * @param {string} root
  * @returns {void}
  */
 /**
@@ -34,7 +35,8 @@ import { escape_for_interpolation } from '../../../utils/escape.js';
  * @param {Manifest} server_manifest
  * @param {Manifest} client_manifest
  * @param {string} assets_path
- * @param {Rollup.RollupOutput['output']} client_chunks
+ * @param {Rolldown.RolldownOutput['output']} client_chunks
+ * @param {string} root
  * @returns {void}
  */
 /**
@@ -44,8 +46,8 @@ import { escape_for_interpolation } from '../../../utils/escape.js';
  * @param {Manifest} server_manifest
  * @param {Manifest | null} client_manifest
  * @param {string | null} assets_path
- * @param {Rollup.RollupOutput['output'] | null} client_chunks
- * @returns {void}
+ * @param {Rolldown.RolldownOutput['output'] | null} client_chunks
+ * @param {string} root
  */
 export function build_server_nodes(
 	out,
@@ -54,7 +56,8 @@ export function build_server_nodes(
 	server_manifest,
 	client_manifest,
 	assets_path,
-	client_chunks
+	client_chunks,
+	root
 ) {
 	mkdirp(`${out}/server/nodes`);
 	mkdirp(`${out}/server/stylesheets`);
@@ -156,7 +159,7 @@ export function build_server_nodes(
 			exports.push(
 				'let component_cache;',
 				`export const component = async () => component_cache ??= (await import('../${
-					resolve_symlinks(server_manifest, node.component).chunk.file
+					resolve_symlinks(server_manifest, node.component, root).chunk.file
 				}')).default;`
 			);
 		}
@@ -166,7 +169,7 @@ export function build_server_nodes(
 				exports.push(`export const universal = ${s(node.page_options, null, 2)};`);
 			} else {
 				imports.push(
-					`import * as universal from '../${resolve_symlinks(server_manifest, node.universal).chunk.file}';`
+					`import * as universal from '../${resolve_symlinks(server_manifest, node.universal, root).chunk.file}';`
 				);
 				// TODO: when building for analysis, explain why the file was loaded on the server if we fail to load it
 				exports.push('export { universal };');
@@ -176,7 +179,7 @@ export function build_server_nodes(
 
 		if (node.server) {
 			imports.push(
-				`import * as server from '../${resolve_symlinks(server_manifest, node.server).chunk.file}';`
+				`import * as server from '../${resolve_symlinks(server_manifest, node.server, root).chunk.file}';`
 			);
 			exports.push('export { server };');
 			exports.push(`export const server_id = ${s(node.server)};`);
@@ -188,7 +191,7 @@ export function build_server_nodes(
 			kit.output.bundleStrategy === 'split'
 		) {
 			const entry_path = `${normalizePath(kit.outDir)}/generated/client-optimized/nodes/${i}.js`;
-			const entry = find_deps(client_manifest, entry_path, true);
+			const entry = find_deps(client_manifest, entry_path, true, root);
 
 			// Eagerly load client stylesheets and fonts imported by the SSR-ed page to avoid FOUC.
 			// However, if it is not used during SSR (not present in the server manifest),
@@ -197,13 +200,13 @@ export function build_server_nodes(
 			/** @type {AssetDependencies | undefined} */
 			let component;
 			if (node.component) {
-				component = find_deps(server_manifest, node.component, true);
+				component = find_deps(server_manifest, node.component, true, root);
 			}
 
 			/** @type {AssetDependencies | undefined} */
 			let universal;
 			if (node.universal) {
-				universal = find_deps(server_manifest, node.universal, true);
+				universal = find_deps(server_manifest, node.universal, true, root);
 			}
 
 			/** @type {Set<string>} */

package/src/exports/vite/build/remote.js

@@ -1,22 +1,23 @@
 /** @import { ServerMetadata } from 'types' */
-/** @import { Rollup } from 'vite' */
+/** @import { Rolldown } from 'vite' */
 
 import fs from 'node:fs';
 import path from 'node:path';
 import { Parser } from 'acorn';
 import MagicString from 'magic-string';
-import { posixify } from '../../../utils/filesystem.js';
-import { import_peer } from '../../../utils/import.js';
+import { posixify } from '../../../utils/os.js';
 
 /**
+ * @param {typeof import('vite')} vite
  * @param {string} out
  * @param {Array<{ hash: string, file: string }>} remotes
  * @param {ServerMetadata} metadata
  * @param {string} cwd
- * @param {Rollup.OutputBundle} server_bundle
+ * @param {Rolldown.RolldownOutput} server_bundle
  * @param {NonNullable<import('vitest/config').ViteUserConfig['build']>['sourcemap']} sourcemap
  */
 export async function treeshake_prerendered_remotes(
+	vite,
 	out,
 	remotes,
 	metadata,
@@ -26,8 +27,6 @@ export async function treeshake_prerendered_remotes(
 ) {
 	if (remotes.length === 0) return;
 
-	const vite = /** @type {typeof import('vite')} */ (await import_peer('vite'));
-
 	for (const remote of remotes) {
 		const exports_map = metadata.remotes.get(remote.hash);
 		if (!exports_map) continue;
@@ -90,7 +89,7 @@ export async function treeshake_prerendered_remotes(
 		const stubbed = modified_code.toString();
 		fs.writeFileSync(chunk_path, stubbed);
 
-		const bundle = /** @type {import('vite').Rollup.RollupOutput} */ (
+		const bundle = /** @type {import('vite').Rolldown.RolldownOutput} */ (
 			await vite.build({
 				configFile: false,
 				build: {