npm - @zap-js/client - Versions diffs - 0.1.2 → 0.1.4 - Mend

@zap-js/client 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli/commands/build.js +10 -2
package/dist/cli/utils/build-validator.js +75 -18
package/package.json +7 -4

package/dist/cli/commands/build.js CHANGED Viewed

@@ -27,8 +27,16 @@ export async function buildCommand(options) {
                 cliLogger.error(error);
             }
             cliLogger.newline();
-            cliLogger.error('Cannot use server-side imports in frontend code');
-            cliLogger.info('Server imports (@zap-js/server, @zap-js/client/node) should only be used in routes/api/ or routes/ws/');
+            cliLogger.error('Server imports found in restricted locations');
+            cliLogger.newline();
+            cliLogger.info('Allowed locations for server imports:');
+            cliLogger.info('  - routes/api/** (server-side routes)');
+            cliLogger.info('  - routes/ws/** (WebSocket routes)');
+            cliLogger.info('  - src/api/** (API clients)');
+            cliLogger.info('  - src/services/** (business logic)');
+            cliLogger.info('  - src/generated/** (generated code)');
+            cliLogger.newline();
+            cliLogger.info('Move server imports to allowed directories or remove them.');
             throw new Error('Build validation failed');
         }
         if (validation.warnings.length > 0) {

package/dist/cli/utils/build-validator.js CHANGED Viewed

@@ -1,10 +1,17 @@
 import { existsSync, readFileSync, readdirSync } from 'fs';
 import { join } from 'path';
+import { parse } from '@babel/parser';
+import traverse from '@babel/traverse';
 const SERVER_ONLY_IMPORTS = [
     '@zap-js/server',
     '@zap-js/client/node',
     '@zap-js/client/server',
 ];
+// Path classification tiers
+const ALWAYS_ALLOWED = ['/routes/api/', '/routes/ws/'];
+const BUSINESS_LOGIC_ALLOWED = ['/src/api/', '/src/services/', '/src/generated/', '/src/lib/api/'];
+const UI_LAYER_BLOCKED = ['/src/components/', '/src/pages/', '/src/ui/'];
+const ALLOWED_FILE_PATTERNS = [/\/rpc-client\.(ts|js)$/, /\/api-client\.(ts|js)$/];
 /**
  * Validates that frontend code doesn't import server-only packages
  * Returns array of error messages (empty if valid)
@@ -15,34 +22,84 @@ export function validateNoServerImportsInFrontend(srcDir) {
         // Only scan TypeScript/JavaScript files
         if (!filePath.match(/\.(tsx?|jsx?)$/))
             return;
-        // Skip API routes (these are server-side)
-        if (filePath.includes('/routes/api/'))
-            return;
-        if (filePath.includes('/routes/ws/'))
-            return;
         // Skip node_modules
         if (filePath.includes('node_modules'))
             return;
+        // Tier 1: Check server-side paths first (early exit)
+        for (const allowed of ALWAYS_ALLOWED) {
+            if (filePath.includes(allowed))
+                return;
+        }
+        // Tier 2: Check business logic paths
+        for (const allowed of BUSINESS_LOGIC_ALLOWED) {
+            if (filePath.includes(allowed))
+                return;
+        }
+        // Tier 3: Check special file patterns
+        for (const pattern of ALLOWED_FILE_PATTERNS) {
+            if (pattern.test(filePath))
+                return;
+        }
+        // Now scan file for server imports using AST parsing
         try {
             const content = readFileSync(filePath, 'utf-8');
-            for (const serverImport of SERVER_ONLY_IMPORTS) {
-                // Check for both single and double quotes
-                const patterns = [
-                    `from '${serverImport}'`,
-                    `from "${serverImport}"`,
-                    `require('${serverImport}')`,
-                    `require("${serverImport}")`,
-                ];
-                for (const pattern of patterns) {
-                    if (content.includes(pattern)) {
-                        errors.push(`${filePath}: Illegal server import '${serverImport}' in frontend code`);
-                        break; // Only report once per file
+            let serverImportFound = null;
+            // Parse file to AST
+            const ast = parse(content, {
+                sourceType: 'module',
+                plugins: ['typescript', 'jsx'],
+                errorRecovery: true,
+            });
+            // Traverse AST to find actual import declarations
+            traverse(ast, {
+                ImportDeclaration(path) {
+                    const importSource = path.node.source.value;
+                    // Check if this is a server-only import
+                    for (const serverImport of SERVER_ONLY_IMPORTS) {
+                        if (importSource === serverImport || importSource.startsWith(serverImport + '/')) {
+                            serverImportFound = serverImport;
+                            path.stop(); // Stop traversal once we find one
+                            return;
+                        }
                     }
+                },
+                CallExpression(path) {
+                    // Also check for require() calls
+                    if (path.node.callee.type === 'Identifier' &&
+                        path.node.callee.name === 'require' &&
+                        path.node.arguments.length > 0 &&
+                        path.node.arguments[0].type === 'StringLiteral') {
+                        const requireSource = path.node.arguments[0].value;
+                        for (const serverImport of SERVER_ONLY_IMPORTS) {
+                            if (requireSource === serverImport || requireSource.startsWith(serverImport + '/')) {
+                                serverImportFound = serverImport;
+                                path.stop();
+                                return;
+                            }
+                        }
+                    }
+                },
+            });
+            // Tier 4: Classify and report errors
+            if (serverImportFound) {
+                // Check if in UI layer (explicit block)
+                let inUILayer = false;
+                for (const blocked of UI_LAYER_BLOCKED) {
+                    if (filePath.includes(blocked)) {
+                        inUILayer = true;
+                        break;
+                    }
+                }
+                if (inUILayer) {
+                    errors.push(`${filePath}: Server import '${serverImportFound}' in UI layer`);
+                }
+                else {
+                    errors.push(`${filePath}: Server import '${serverImportFound}' in unclassified path`);
                 }
             }
         }
         catch (err) {
-            // Ignore files that can't be read
+            // Ignore files that can't be parsed or read
         }
     }
     function scanDir(dir) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@zap-js/client",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "High-performance fullstack React framework - Client package",
   "homepage": "https://github.com/saint0x/zapjs",
   "repository": {
@@ -53,6 +53,9 @@
     "test:coverage": "bun test --coverage"
   },
   "dependencies": {
+    "@babel/parser": "^7.28.5",
+    "@babel/traverse": "^7.28.5",
+    "@babel/types": "^7.28.5",
     "@msgpack/msgpack": "^3.1.2",
     "@types/fs-extra": "^11.0.4",
     "chalk": "^5.3.0",
@@ -71,9 +74,9 @@
     "ws": "^8.16.0"
   },
   "optionalDependencies": {
-    "@zap-js/darwin-arm64": "0.1.2",
-    "@zap-js/darwin-x64": "0.1.2",
-    "@zap-js/linux-x64": "0.1.2"
+    "@zap-js/darwin-arm64": "0.1.4",
+    "@zap-js/darwin-x64": "0.1.4",
+    "@zap-js/linux-x64": "0.1.4"
   },
   "peerDependencies": {
     "react": "^18.0.0",