create-brainerce-store 1.28.1 → 1.28.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.js +7 -4
  2. package/package.json +1 -1
  3. package/templates/nextjs/base/next.config.ts +11 -4
  4. package/templates/nextjs/base/src/app/checkout/page.tsx +975 -975
  5. package/templates/nextjs/base/src/components/checkout/payment-step.tsx +5 -5
  6. package/templates/nextjs/base/src/components/layout/language-switcher.tsx.ejs +12 -5
  7. package/templates/nextjs/base/src/lib/navigation.tsx.ejs +17 -4
  8. package/templates/nextjs/base/src/middleware.ts.ejs +35 -12
package/dist/index.js CHANGED
@@ -31,7 +31,7 @@ var require_package = __commonJS({
31
31
  "package.json"(exports2, module2) {
32
32
  module2.exports = {
33
33
  name: "create-brainerce-store",
34
- version: "1.28.1",
34
+ version: "1.28.8",
35
35
  description: "Scaffold a production-ready e-commerce storefront connected to Brainerce",
36
36
  bin: {
37
37
  "create-brainerce-store": "dist/index.js"
@@ -165,11 +165,14 @@ async function installDependencies(projectDir, pkgManager) {
165
165
  }
166
166
  return new Promise((resolve, reject) => {
167
167
  const isWindows = process.platform === "win32";
168
- const args = pkgManager === "yarn" ? [] : ["install"];
169
- const child = (0, import_child_process.spawn)(pkgManager, args, {
168
+ const subcommand = pkgManager === "yarn" ? "" : "install";
169
+ const child = isWindows ? (0, import_child_process.spawn)(`${pkgManager} ${subcommand}`.trim(), {
170
170
  cwd: projectDir,
171
171
  stdio: ["ignore", "ignore", "pipe"],
172
- shell: isWindows
172
+ shell: true
173
+ }) : (0, import_child_process.spawn)(pkgManager, subcommand ? [subcommand] : [], {
174
+ cwd: projectDir,
175
+ stdio: ["ignore", "ignore", "pipe"]
173
176
  });
174
177
  let stderrBuf = "";
175
178
  child.stderr?.on("data", (chunk) => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-brainerce-store",
3
- "version": "1.28.1",
3
+ "version": "1.28.8",
4
4
  "description": "Scaffold a production-ready e-commerce storefront connected to Brainerce",
5
5
  "bin": {
6
6
  "create-brainerce-store": "dist/index.js"
package/templates/nextjs/base/next.config.ts CHANGED
@@ -2,10 +2,17 @@ import type { NextConfig } from 'next';
2
2
 
3
3
  const nextConfig: NextConfig = {
4
4
  images: {
5
- remotePatterns: [
6
- { protocol: 'https', hostname: 'cdn.brainerce.com' },
7
- { protocol: 'https', hostname: '*.brainerce.com' },
8
- ],
5
+ // The storefront is a consumer of the Brainerce API — it has to render
6
+ // whatever image URLs the API returns. In practice those URLs can be on
7
+ // cdn.brainerce.com OR on an upstream merchant host (WooCommerce, Shopify,
8
+ // self-hosted) depending on whether the product's image-import job has
9
+ // completed on the backend. Rather than hard-fail on unknown hosts, skip
10
+ // the server-side optimizer entirely and let the browser fetch each image
11
+ // directly from origin. No server-side fetching → no SSRF or DoS surface
12
+ // on this Next server. Trade-off: no webp/resize/lazy optimization, so
13
+ // LCP is marginally worse. Acceptable; the storefront is not the right
14
+ // layer to enforce a hostname policy.
15
+ unoptimized: true,
9
16
  },
10
17
  async headers() {
11
18
  return [