@sveltia/cms 0.91.8 → 0.91.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -7
- package/dist/sveltia-cms.js +201 -201
- package/dist/sveltia-cms.js.map +1 -1
- package/dist/sveltia-cms.mjs +199 -199
- package/dist/sveltia-cms.mjs.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -134,7 +134,7 @@ While we fix reported bugs as quickly as possible, usually within 24 hours, our
|
|
|
134
134
|
|
|
135
135
|
- Ensuring substantial [compatibility with Netlify/Decap CMS](#compatibility)
|
|
136
136
|
- Tackling as many [Netlify/Decap CMS issues](https://github.com/decaporg/decap-cms/issues) as possible
|
|
137
|
-
- So far, 235+ issues, or
|
|
137
|
+
- So far, 235+ issues, or 495+ if including duplicates, have been effectively solved in Sveltia CMS (Yes, you read it right)
|
|
138
138
|
- Target:
|
|
139
139
|
- 250 issues, or 500 if including duplicates, by GA — Almost there!
|
|
140
140
|
- 400 issues, or 800 if including duplicates, in the future 💪
|
|
@@ -217,14 +217,13 @@ Note: This lengthy section compares Sveltia CMS with both Netlify CMS and Decap
|
|
|
217
217
|
### Better security
|
|
218
218
|
|
|
219
219
|
- Avoids vulnerabilities in dependencies through constant updates, Dependabot alerts, [`pnpm audit`](https://pnpm.io/cli/audit), and frequent releases, unlike Netlify/Decap CMS where a number of high severity vulnerabilities remain unpatched for a long time.[^33]
|
|
220
|
-
-
|
|
221
|
-
- Thanks to pnpm, Svelte, Vite and GitHub Actions, our release process is fast, reliable and transparent. It makes it easy to verify the integrity of published code and assets while avoiding errors that can occur with manual build steps.[^264]
|
|
222
|
-
- We have enabled [npm package provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/).
|
|
220
|
+
- Thanks to pnpm, Svelte, Vite, GitHub Actions and [npm package provenance](https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/), our release process is fast, reliable and transparent. This setup makes it easy to verify the integrity of published code and assets. It also helps us avoid errors that can occur with manual build steps.[^264]
|
|
223
221
|
- We have documented how to [set up a Content Security Policy](#setting-up-content-security-policy) for the CMS to prevent any unexpected errors or otherwise insecure configuration.[^108]
|
|
224
222
|
- The `unsafe-eval` and `unsafe-inline` keywords are not needed in the `script-src` CSP directive.[^34]
|
|
225
223
|
- The `same-origin` referrer policy is automatically set with a `<meta>` tag.
|
|
226
224
|
- Sveltia CMS has a [secure context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts) requirement that forces the site content, including the CMS configuration file, to be served over HTTPS.
|
|
227
225
|
- GitHub commits are automatically GPG-signed and [marked as verified](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification).[^144]
|
|
226
|
+
- Our [local repository workflow](#working-with-a-local-git-repository) doesn’t require a proxy server, reducing an attack surface.[^158]
|
|
228
227
|
|
|
229
228
|
### Better installation
|
|
230
229
|
|
|
@@ -844,11 +843,11 @@ Here are the workflow steps and tips:
|
|
|
844
843
|
1. Use `git diff` or a GUI like [GitHub Desktop](https://desktop.github.com/) to see if the produced changes look good.
|
|
845
844
|
1. Commit and push the changes if satisfied, or discard them if you’re just testing.
|
|
846
845
|
|
|
847
|
-
|
|
846
|
+
If you have migrated from Netlify/Decap CMS and are happy with the local repository workflow of Sveltia CMS, you can remove the `local_backend` property from your configuration and uninstall the proxy server. If you have configured a custom port number with the `.env` file, you can remove it as well.
|
|
848
847
|
|
|
849
|
-
|
|
848
|
+
Note that, as with Netlify/Decap CMS, the local repository support in Sveltia CMS doesn’t perform any Git operations. You have to manually fetch, pull, commit and push all changes using a Git client. Additionally, you’ll need to reload the CMS after modifying the configuration file or retrieving remote updates.
|
|
850
849
|
|
|
851
|
-
|
|
850
|
+
In the future, it will probably be possible to commit changes locally. The proxy server actually has an experimental, undocumented Git mode that allows it.[^131] ([Discussion](https://github.com/sveltia/sveltia-cms/discussions/31)) We also plan to use the newly available [File System Observer API](https://developer.chrome.com/blog/file-system-observer) to eliminate manual reloads.
|
|
852
851
|
|
|
853
852
|
### Enabling local development in Brave
|
|
854
853
|
|
|
@@ -1663,6 +1662,7 @@ Due early 2026
|
|
|
1663
1662
|
- Scheduled posts[^167]
|
|
1664
1663
|
- Credential management for service API keys, deploy hook URL, etc.
|
|
1665
1664
|
- [Git LFS support for GitHub](https://github.com/sveltia/sveltia-cms/discussions/353)[^244] (due to a [CORS issue](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors))
|
|
1665
|
+
- [Local repository workflow](#working-with-a-local-git-repository) improvements: Git mode and File System Observer support
|
|
1666
1666
|
- [Preact+HTM support](https://github.com/sveltia/sveltia-cms/discussions/153) for custom widgets, editor components and preview templates
|
|
1667
1667
|
- View, compare and restore revisions (like [WordPress](https://wordpress.com/support/page-post-revisions/))
|
|
1668
1668
|
- More integration options: stock photos, stock videos, cloud storage providers, translation services, maps, analytics tools, etc.
|