@sveltia/cms 0.106.3 → 0.106.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -9
- package/dist/sveltia-cms.js +237 -239
- package/dist/sveltia-cms.js.map +1 -1
- package/dist/sveltia-cms.mjs +237 -239
- package/dist/sveltia-cms.mjs.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -156,6 +156,7 @@ Sveltia CMS is currently in **beta** and version 1.0 (GA) is expected to ship in
|
|
|
156
156
|
While we fix reported bugs as quickly as possible, usually within 24 hours, our overall progress may be slower than you think. The thing is, it’s not just a personal project of [@kyoshino](https://github.com/kyoshino), but also a complicated system involving various kinds of activities that require considerable effort:
|
|
157
157
|
|
|
158
158
|
- Ensuring substantial [compatibility with Netlify/Decap CMS](#current-limitations)
|
|
159
|
+
- Some missing features will be implemented before or shortly after GA
|
|
159
160
|
- Providing partial [compatibility with Static CMS](#compatibility-with-static-cms)
|
|
160
161
|
- Tackling as many [Netlify/Decap CMS issues](https://github.com/decaporg/decap-cms/issues) as possible
|
|
161
162
|
- So far, **250+ issues, or 550+ if including duplicates, have been effectively solved** in Sveltia CMS (Yes, you read it right)
|
|
@@ -201,7 +202,7 @@ Note: This lengthy section compares Sveltia CMS with both Netlify CMS and Decap
|
|
|
201
202
|
### Better performance
|
|
202
203
|
|
|
203
204
|
- Built completely from scratch with [Svelte](https://svelte.dev/) instead of forking React-based Netlify/Decap CMS. The app starts fast and stays fast with [no virtual DOM overhead](https://svelte.dev/blog/virtual-dom-is-pure-overhead). Note that Svelte is a compiler and Sveltia CMS is framework-agnostic; it’s served as a vanilla JavaScript bundle.
|
|
204
|
-
- Small footprint: The bundle size is less than 500 KB when minified and [brotlied](https://en.wikipedia.org/wiki/Brotli), which is much lighter than Netlify CMS (1.5 MB), Decap CMS (1.5 MB) and Static CMS (2.6 MB).[^57][^64] This
|
|
205
|
+
- Small footprint: The bundle size is less than 500 KB when minified and [brotlied](https://en.wikipedia.org/wiki/Brotli), which is much lighter than Netlify CMS (1.5 MB), Decap CMS (1.5 MB) and Static CMS (2.6 MB).[^57][^64] This significant reduction in size is thanks to the combination of [Svelte 5](https://svelte.dev/blog/svelte-5-is-alive) and [Vite](https://vite.dev/). Sveltia CMS also dynamically loads certain dependencies only when needed, further reducing the initial load time.
|
|
205
206
|
- Uses the GraphQL API for GitHub and GitLab to quickly fetch content at once, so that entries and assets can be listed and searched instantly[^32][^65] (the useless `search` configuration option is therefore ignored). It also avoids the slowness and potential API rate limit violations caused by hundreds of requests with Relation fields.[^14]
|
|
206
207
|
- Saving entries and assets to GitHub is also much faster thanks to the [GraphQL mutation](https://github.blog/changelog/2021-09-13-a-simpler-api-for-authoring-commits/).
|
|
207
208
|
- The Gitea/Forgejo backend is also faster because it utilizes an efficient API method introduced in Gitea 1.24 and Forgejo 12.0.
|
|
@@ -238,6 +239,7 @@ We’ve made various improvements to help you get your work done faster and more
|
|
|
238
239
|
- We also use the [`cooldown`](https://github.com/raineorshine/npm-check-updates#cooldown) option for `ncu` and the [`minimumReleaseAge`](https://pnpm.io/settings#minimumreleaseage) option for `pnpm` to avoid upgrading to a version that was just released. These options help protect against npm supply chain attacks.
|
|
239
240
|
- The **unpatched** [XSS vulnerability](https://github.com/advisories/GHSA-xp8g-32qh-mv28) in Decap CMS does not affect Sveltia CMS, as our entry preview implementation is completely different.
|
|
240
241
|
- However, the Markdown widget was potentially vulnerable to XSS attacks because the `sanitize_preview` option was set to `false` by default for compatibility with Netlify/Decap CMS. This behaviour is [documented](https://decapcms.org/docs/widgets/#markdown) and is not a bug, but it’s definitely not secure. In [Sveltia CMS 0.105.0](https://github.com/sveltia/sveltia-cms/releases/tag/v0.105.0), we changed the default value to `true`, assuming that most users would prefer security over compatibility.
|
|
242
|
+
- If you cannot migrate from Decap CMS to Sveltia CMS at this time, it’s advisable to disable open authoring and set `sanitize_preview: true` in your Markdown fields to mitigate the risk of XSS attacks.
|
|
241
243
|
- Our [local repository workflow](#working-with-a-local-git-repository) does not require a proxy server. This reduces attack surfaces by eliminating the possibility of compromised dependencies[^158] and unauthorized API access.[^282]
|
|
242
244
|
- Thanks to pnpm, Vite, GitHub Actions and [npm package provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/), our release process is fast, reliable and transparent. This setup makes it easy to verify the integrity of published code and assets. It also helps us avoid errors that can occur with manual build steps.[^264]
|
|
243
245
|
- We have created a [security policy](https://github.com/sveltia/sveltia-cms/blob/main/SECURITY.md).
|
|
@@ -283,8 +285,8 @@ The [GitHub](https://decapcms.org/docs/github-backend/), [GitLab](https://decapc
|
|
|
283
285
|
- Uses the GraphQL API where possible for better performance, as mentioned above. You don’t need to set the `use_graphql` option to enable it for GitHub and GitLab.[^65]
|
|
284
286
|
- The Git branch name is automatically set to the repository’s default branch (`main`, `master` or whatever) if not specified in the configuration file, preventing data loading errors due to a hardcoded fallback to `master`.[^95][^27] If a branch name is specified, it works as expected.[^232]
|
|
285
287
|
- It’s possible to [disable automatic deployments](#disabling-automatic-deployments) by default or on demand to save costs and resources associated with CI/CD and to publish multiple changes at once.[^24]
|
|
288
|
+
- The GitLab backend implements the GraphQL API with proper authorization.[^290]
|
|
286
289
|
- The GitLab backend support comes with background [service status](https://status.gitlab.com/) checking, just like GitHub.
|
|
287
|
-
- The GitLab backend properly supports authorization via the GraphQL API.[^290]
|
|
288
290
|
- Service status checks are performed frequently and an incident notification is displayed prominently.
|
|
289
291
|
- Users can quickly open the source file of an entry or asset in your repository via the 3-dot menu when Developer Mode is enabled.
|
|
290
292
|
- We provide [our own OAuth client](https://github.com/sveltia/sveltia-cms-auth) for GitHub and GitLab.
|
|
@@ -640,11 +642,10 @@ These Netlify/Decap CMS features are not yet implemented in Sveltia CMS. We are
|
|
|
640
642
|
- Comprehensive site config validation
|
|
641
643
|
- [Cloudinary](https://decapcms.org/docs/cloudinary/) and [Uploadcare](https://decapcms.org/docs/uploadcare/) media libraries ([#4](https://github.com/sveltia/sveltia-cms/discussions/4))
|
|
642
644
|
- LineString and Polygon types for the [Map](https://decapcms.org/docs/widgets/#map) widget
|
|
643
|
-
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
- [Event hooks](https://decapcms.org/docs/registering-events/) ([#167](https://github.com/sveltia/sveltia-cms/issues/167))
|
|
645
|
+
- Preview for [custom editor components](https://decapcms.org/docs/custom-widgets/#registereditorcomponent)
|
|
646
|
+
- [Custom widgets](https://decapcms.org/docs/custom-widgets/)
|
|
647
|
+
- [Custom preview templates](https://decapcms.org/docs/customization/#registerpreviewtemplate) ([#51](https://github.com/sveltia/sveltia-cms/issues/51))
|
|
648
|
+
- [Event hooks](https://decapcms.org/docs/registering-events/) ([#167](https://github.com/sveltia/sveltia-cms/issues/167))
|
|
648
649
|
|
|
649
650
|
[Localization](https://github.com/sveltia/sveltia-cms/blob/main/src/lib/locales/README.md), [documentation](https://github.com/sveltia/sveltia-cms/issues/485) and [demo site](https://github.com/sveltia/sveltia-cms/issues/1) will all be prepared once the 1.0 Release Candidate is ready.
|
|
650
651
|
|
|
@@ -671,7 +672,7 @@ The following Netlify/Decap CMS features will not be implemented, primarily due
|
|
|
671
672
|
- [Markdown](https://decapcms.org/docs/widgets/#markdown) widget: `editorComponents`
|
|
672
673
|
- [Number](https://decapcms.org/docs/widgets/#number) widget: `valueType`
|
|
673
674
|
- [Relation](https://decapcms.org/docs/widgets/#relation) widget: `displayFields`, `searchFields`, `valueField`
|
|
674
|
-
- Note: Some other camel case options, including Color widget options, are not deprecated.
|
|
675
|
+
- Note: Some other camel case options, including Color widget options, are not deprecated and will continue to work.
|
|
675
676
|
- The deprecated Date widget: It was removed from Decap CMS 3.0 and Sveltia CMS 0.10. Use the DateTime widget with the [`time_format: false` option](#changing-the-input-type-of-a-datetime-field) instead.
|
|
676
677
|
- The `allow_multiple` option for the File and Image widgets: It’s a confusing option that defaults to `true`, and there is a separate option called `media_library.config.multiple`. We have added the new `multiple` option instead, which is more intuitive and works with all media libraries.
|
|
677
678
|
- The theme and keymap inline settings for the Code widget, along with support for some languages. Instead of [CodeMirror](https://codemirror.net/), we use Lexical’s code block functionality powered by [Prism](https://prismjs.com/), which is slated to be [replaced by Shiki](https://github.com/facebook/lexical/issues/6575).
|
|
@@ -723,7 +724,7 @@ Sveitia CMS works with all modern browsers, but there are a few limitations beca
|
|
|
723
724
|
|
|
724
725
|
### Deprecations
|
|
725
726
|
|
|
726
|
-
These options are deprecated and will be removed in
|
|
727
|
+
These options were added to Sveltia CMS 0.x but are now deprecated and will be removed in version 1.0:
|
|
727
728
|
|
|
728
729
|
- The `automatic_deployments` backend option. Use the new [`skip_ci` option](#disabling-automatic-deployments) instead, which is more intuitive. `automatic_deployments: false` is equivalent to `skip_ci: true`, and `automatic_deployments: true` is equivalent to `skip_ci: false`.
|
|
729
730
|
- The `save_all_locales` i18n option. Use the [`initial_locales` option](#disabling-non-default-locale-content) instead, which provides more flexibility. `save_all_locales: false` is equivalent to `initial_locales: all`.
|
|
@@ -1911,12 +1912,14 @@ Due early/mid 2026
|
|
|
1911
1912
|
- Tackling even more Netlify/Decap CMS issues to bring the total number of issues solved to 300:
|
|
1912
1913
|
- [Manual entry sorting](https://github.com/sveltia/sveltia-cms/issues/214)[^125]
|
|
1913
1914
|
- [Directory navigation in the Asset Library](https://github.com/sveltia/sveltia-cms/issues/420)[^240]
|
|
1915
|
+
- and a few more from the TBD list below
|
|
1914
1916
|
|
|
1915
1917
|
### v3.0
|
|
1916
1918
|
|
|
1917
1919
|
- **Sveltia CMS Additions**: Edge functions for Cloudflare Workers and possibly other platforms that provide features that cannot be implemented client-side:
|
|
1918
1920
|
- User management (Netlify Identity alternative) with roles[^23]
|
|
1919
1921
|
- Commits without a Git service account (Git Gateway alternative)
|
|
1922
|
+
- more enhancements are planned for the future; see the TBD list below
|
|
1920
1923
|
- End-user documentation
|
|
1921
1924
|
- Contributor documentation
|
|
1922
1925
|
|