npm - fastscript - Versions diffs - 0.1.1 → 2.0.0 - Mend

fastscript 0.1.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/CHANGELOG.md +31 -2
package/LICENSE +33 -21
package/README.md +568 -59
package/node_modules/@fastscript/core-private/BOUNDARY.json +15 -0
package/node_modules/@fastscript/core-private/README.md +5 -0
package/node_modules/@fastscript/core-private/package.json +34 -0
package/node_modules/@fastscript/core-private/src/asset-optimizer.mjs +67 -0
package/node_modules/@fastscript/core-private/src/audit-log.mjs +50 -0
package/node_modules/@fastscript/core-private/src/auth-flows.mjs +29 -0
package/node_modules/@fastscript/core-private/src/auth.mjs +115 -0
package/node_modules/@fastscript/core-private/src/bench.mjs +45 -0
package/node_modules/@fastscript/core-private/src/build.mjs +670 -0
package/node_modules/@fastscript/core-private/src/cache.mjs +248 -0
package/node_modules/@fastscript/core-private/src/check.mjs +22 -0
package/node_modules/@fastscript/core-private/src/cli.mjs +95 -0
package/node_modules/@fastscript/core-private/src/compat.mjs +128 -0
package/node_modules/@fastscript/core-private/src/create.mjs +278 -0
package/node_modules/@fastscript/core-private/src/csp.mjs +26 -0
package/node_modules/@fastscript/core-private/src/db-cli.mjs +185 -0
package/node_modules/@fastscript/core-private/src/db-postgres-collection.mjs +110 -0
package/node_modules/@fastscript/core-private/src/db-postgres.mjs +40 -0
package/node_modules/@fastscript/core-private/src/db.mjs +103 -0
package/node_modules/@fastscript/core-private/src/deploy.mjs +662 -0
package/node_modules/@fastscript/core-private/src/dev.mjs +5 -0
package/node_modules/@fastscript/core-private/src/docs-search.mjs +35 -0
package/node_modules/@fastscript/core-private/src/env.mjs +118 -0
package/node_modules/@fastscript/core-private/src/export.mjs +83 -0
package/node_modules/@fastscript/core-private/src/fs-diagnostics.mjs +70 -0
package/node_modules/@fastscript/core-private/src/fs-error-codes.mjs +141 -0
package/node_modules/@fastscript/core-private/src/fs-formatter.mjs +66 -0
package/node_modules/@fastscript/core-private/src/fs-linter.mjs +274 -0
package/node_modules/@fastscript/core-private/src/fs-normalize.mjs +91 -0
package/node_modules/@fastscript/core-private/src/fs-parser.mjs +980 -0
package/node_modules/@fastscript/core-private/src/generated/docs-search-index.mjs +3182 -0
package/node_modules/@fastscript/core-private/src/i18n.mjs +25 -0
package/node_modules/@fastscript/core-private/src/interop.mjs +16 -0
package/node_modules/@fastscript/core-private/src/jobs.mjs +378 -0
package/node_modules/@fastscript/core-private/src/logger.mjs +27 -0
package/node_modules/@fastscript/core-private/src/metrics.mjs +45 -0
package/node_modules/@fastscript/core-private/src/middleware.mjs +14 -0
package/node_modules/@fastscript/core-private/src/migrate.mjs +81 -0
package/node_modules/@fastscript/core-private/src/migration-wizard.mjs +16 -0
package/node_modules/@fastscript/core-private/src/module-loader.mjs +46 -0
package/node_modules/@fastscript/core-private/src/oauth-providers.mjs +103 -0
package/node_modules/@fastscript/core-private/src/observability.mjs +21 -0
package/node_modules/@fastscript/core-private/src/plugins.mjs +194 -0
package/node_modules/@fastscript/core-private/src/retention.mjs +57 -0
package/node_modules/@fastscript/core-private/src/routes.mjs +178 -0
package/node_modules/@fastscript/core-private/src/scheduler.mjs +104 -0
package/node_modules/@fastscript/core-private/src/security.mjs +233 -0
package/node_modules/@fastscript/core-private/src/server-runtime.mjs +849 -0
package/node_modules/@fastscript/core-private/src/serverless-handler.mjs +20 -0
package/node_modules/@fastscript/core-private/src/session-policy.mjs +38 -0
package/node_modules/@fastscript/core-private/src/start.mjs +10 -0
package/node_modules/@fastscript/core-private/src/storage.mjs +155 -0
package/node_modules/@fastscript/core-private/src/style-primitives.mjs +538 -0
package/node_modules/@fastscript/core-private/src/style-system.mjs +461 -0
package/node_modules/@fastscript/core-private/src/tenant.mjs +55 -0
package/node_modules/@fastscript/core-private/src/typecheck.mjs +1464 -0
package/node_modules/@fastscript/core-private/src/validate.mjs +22 -0
package/node_modules/@fastscript/core-private/src/validation.mjs +88 -0
package/node_modules/@fastscript/core-private/src/webhook.mjs +81 -0
package/node_modules/@fastscript/core-private/src/worker.mjs +24 -0
package/package.json +88 -8
package/src/asset-optimizer.mjs +67 -0
package/src/audit-log.mjs +50 -0
package/src/auth.mjs +1 -115
package/src/bench.mjs +20 -7
package/src/build.mjs +1 -222
package/src/cache.mjs +210 -20
package/src/cli.mjs +29 -5
package/src/compat.mjs +7 -1
package/src/create.mjs +65 -11
package/src/csp.mjs +26 -0
package/src/db-cli.mjs +158 -18
package/src/db-postgres-collection.mjs +110 -0
package/src/deploy.mjs +1 -65
package/src/docs-search.mjs +35 -0
package/src/env.mjs +34 -5
package/src/fs-diagnostics.mjs +70 -0
package/src/fs-error-codes.mjs +126 -0
package/src/fs-formatter.mjs +66 -0
package/src/fs-linter.mjs +274 -0
package/src/fs-normalize.mjs +17 -26
package/src/fs-parser.mjs +1 -0
package/src/generated/docs-search-index.mjs +3220 -0
package/src/i18n.mjs +25 -0
package/src/jobs.mjs +283 -32
package/src/metrics.mjs +45 -0
package/src/migration-wizard.mjs +16 -0
package/src/module-loader.mjs +46 -0
package/src/oauth-providers.mjs +103 -0
package/src/plugins.mjs +194 -0
package/src/retention.mjs +57 -0
package/src/routes.mjs +178 -0
package/src/scheduler.mjs +104 -0
package/src/security.mjs +197 -19
package/src/server-runtime.mjs +1 -339
package/src/serverless-handler.mjs +20 -0
package/src/session-policy.mjs +38 -0
package/src/storage.mjs +1 -56
package/src/style-system.mjs +461 -0
package/src/tenant.mjs +55 -0
package/src/typecheck.mjs +1 -0
package/src/validate.mjs +5 -1
package/src/validation.mjs +14 -5
package/src/webhook.mjs +1 -71
package/src/worker.mjs +23 -4

package/node_modules/@fastscript/core-private/package.json ADDED Viewed

@@ -0,0 +1,34 @@
+{
+  "name": "@fastscript/core-private",
+  "version": "2.0.0",
+  "private": true,
+  "type": "module",
+  "description": "Protected FastScript compiler/runtime/platform core",
+  "license": "UNLICENSED",
+  "files": [
+    "src",
+    "package.json",
+    "README.md",
+    "BOUNDARY.json"
+  ],
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "acorn": "^8.16.0",
+    "acorn-walk": "^8.3.5",
+    "astring": "^1.9.0",
+    "esbuild": "^0.25.11"
+  },
+  "exports": {
+    "./build": "./src/build.mjs",
+    "./deploy": "./src/deploy.mjs",
+    "./server-runtime": "./src/server-runtime.mjs",
+    "./parser": "./src/fs-parser.mjs",
+    "./typecheck": "./src/typecheck.mjs",
+    "./style-primitives": "./src/style-primitives.mjs",
+    "./auth": "./src/auth.mjs",
+    "./storage": "./src/storage.mjs",
+    "./webhook": "./src/webhook.mjs"
+  }
+}

package/node_modules/@fastscript/core-private/src/asset-optimizer.mjs ADDED Viewed

@@ -0,0 +1,67 @@
+import { createHash } from "node:crypto";
+import { cpSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from "node:fs";
+import { dirname, extname, join, relative, resolve } from "node:path";
+function walk(dir) {
+  if (!existsSync(dir)) return [];
+  const out = [];
+  for (const entry of readdirSync(dir)) {
+    const full = join(dir, entry);
+    const st = statSync(full);
+    if (st.isDirectory()) out.push(...walk(full));
+    else out.push(full);
+  }
+  return out;
+}
+function hashFile(path) {
+  return createHash("sha1").update(readFileSync(path)).digest("hex").slice(0, 8);
+}
+export async function optimizeImageAssets({ appDir = "app", distDir = "dist" } = {}) {
+  const sourceRoot = resolve(appDir, "assets", "images");
+  const targetRoot = resolve(distDir, "assets", "images");
+  mkdirSync(targetRoot, { recursive: true });
+  const files = walk(sourceRoot).filter((file) => [".png", ".jpg", ".jpeg", ".webp", ".svg", ".gif"].includes(extname(file).toLowerCase()));
+  const manifest = {};
+  for (const file of files) {
+    const rel = relative(sourceRoot, file).replace(/\\/g, "/");
+    const ext = extname(rel);
+    const base = rel.slice(0, -ext.length);
+    const hashed = `${base}.${hashFile(file)}${ext}`;
+    const out = join(targetRoot, hashed);
+    mkdirSync(dirname(out), { recursive: true });
+    cpSync(file, out);
+    manifest[`/assets/images/${rel}`] = `/assets/images/${hashed}`;
+  }
+  writeFileSync(resolve(distDir, "image-manifest.json"), JSON.stringify(manifest, null, 2), "utf8");
+  return manifest;
+}
+export async function optimizeFontAssets({ appDir = "app", distDir = "dist" } = {}) {
+  const sourceRoot = resolve(appDir, "assets", "fonts");
+  const targetRoot = resolve(distDir, "assets", "fonts");
+  mkdirSync(targetRoot, { recursive: true });
+  const files = walk(sourceRoot).filter((file) => [".woff2", ".woff", ".ttf", ".otf"].includes(extname(file).toLowerCase()));
+  const manifest = {};
+  const css = [];
+  for (const file of files) {
+    const rel = relative(sourceRoot, file).replace(/\\/g, "/");
+    const ext = extname(rel);
+    const base = rel.slice(0, -ext.length);
+    const hashed = `${base}.${hashFile(file)}${ext}`;
+    const out = join(targetRoot, hashed);
+    mkdirSync(dirname(out), { recursive: true });
+    cpSync(file, out);
+    manifest[`/assets/fonts/${rel}`] = `/assets/fonts/${hashed}`;
+    const family = base.split("/").pop().replace(/[-_]/g, " ");
+    css.push(`@font-face{font-family:"${family}";src:url('/assets/fonts/${hashed}') format('${ext.replace(".", "")}');font-display:swap;}`);
+  }
+  writeFileSync(resolve(distDir, "font-manifest.json"), JSON.stringify(manifest, null, 2), "utf8");
+  if (css.length) writeFileSync(resolve(distDir, "fonts.generated.css"), `${css.join("\n")}\n`, "utf8");
+  return manifest;
+}

package/node_modules/@fastscript/core-private/src/audit-log.mjs ADDED Viewed

@@ -0,0 +1,50 @@
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+function sha(input) {
+  return createHash("sha256").update(input).digest("hex");
+}
+function readLines(path) {
+  if (!existsSync(path)) return [];
+  return readFileSync(path, "utf8").split(/\r?\n/).filter(Boolean);
+}
+export function createAuditLog({ file = ".fastscript/audit.log" } = {}) {
+  const path = resolve(file);
+  mkdirSync(dirname(path), { recursive: true });
+  function append(event) {
+    const lines = readLines(path);
+    let prevHash = "genesis";
+    if (lines.length) {
+      const last = JSON.parse(lines[lines.length - 1]);
+      prevHash = last.hash || "genesis";
+    }
+    const record = {
+      ts: new Date().toISOString(),
+      prevHash,
+      ...event,
+    };
+    record.hash = sha(JSON.stringify({ ...record, hash: undefined }));
+    lines.push(JSON.stringify(record));
+    writeFileSync(path, `${lines.join("\n")}\n`, "utf8");
+    return record;
+  }
+  function verify() {
+    const lines = readLines(path);
+    let prevHash = "genesis";
+    for (const line of lines) {
+      const row = JSON.parse(line);
+      if (row.prevHash !== prevHash) return { ok: false, row };
+      const expected = sha(JSON.stringify({ ...row, hash: undefined }));
+      if (row.hash !== expected) return { ok: false, row };
+      prevHash = row.hash;
+    }
+    return { ok: true, count: lines.length };
+  }
+  return { append, verify, file: path };
+}

package/node_modules/@fastscript/core-private/src/auth-flows.mjs ADDED Viewed

@@ -0,0 +1,29 @@
+import { randomBytes, scryptSync, timingSafeEqual } from "node:crypto";
+export function hashPassword(password, salt = randomBytes(16).toString("hex")) {
+  const key = scryptSync(password, salt, 64).toString("hex");
+  return `${salt}:${key}`;
+}
+export function verifyPassword(password, hashed) {
+  const [salt, keyHex] = String(hashed || "").split(":");
+  if (!salt || !keyHex) return false;
+  const calc = scryptSync(password, salt, 64);
+  const key = Buffer.from(keyHex, "hex");
+  if (calc.length !== key.length) return false;
+  return timingSafeEqual(calc, key);
+}
+export function createOAuthState() {
+  return randomBytes(20).toString("hex");
+}
+export function buildOAuthAuthorizeUrl({ authorizeUrl, clientId, redirectUri, scope = "openid profile email", state }) {
+  const u = new URL(authorizeUrl);
+  u.searchParams.set("response_type", "code");
+  u.searchParams.set("client_id", clientId);
+  u.searchParams.set("redirect_uri", redirectUri);
+  u.searchParams.set("scope", scope);
+  u.searchParams.set("state", state || createOAuthState());
+  return u.toString();
+}

package/node_modules/@fastscript/core-private/src/auth.mjs ADDED Viewed

@@ -0,0 +1,115 @@
+import { createHmac, randomBytes } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+function readJson(path, fallback) {
+  if (!existsSync(path)) return fallback;
+  try {
+    return JSON.parse(readFileSync(path, "utf8"));
+  } catch {
+    return fallback;
+  }
+}
+function writeJson(path, value) {
+  writeFileSync(path, JSON.stringify(value, null, 2), "utf8");
+}
+export function parseCookies(header) {
+  const out = {};
+  if (!header) return out;
+  for (const part of header.split(";")) {
+    const [k, ...rest] = part.trim().split("=");
+    if (!k) continue;
+    out[k] = decodeURIComponent(rest.join("=") || "");
+  }
+  return out;
+}
+export function serializeCookie(name, value, opts = {}) {
+  const bits = [`${name}=${encodeURIComponent(value)}`];
+  bits.push(`Path=${opts.path ?? "/"}`);
+  if (opts.httpOnly !== false) bits.push("HttpOnly");
+  if (opts.sameSite) bits.push(`SameSite=${opts.sameSite}`);
+  else bits.push("SameSite=Lax");
+  if (opts.secure) bits.push("Secure");
+  if (typeof opts.maxAge === "number") bits.push(`Max-Age=${opts.maxAge}`);
+  return bits.join("; ");
+}
+function sign(payload, secret) {
+  return createHmac("sha256", secret).update(payload).digest("hex");
+}
+export function createSessionManager({ dir = ".fastscript", cookieName = "fs_session", secret = "fastscript-dev-secret" } = {}) {
+  mkdirSync(dir, { recursive: true });
+  const path = join(dir, "sessions.json");
+  const state = readJson(path, { sessions: {} });
+  function persist() {
+    writeJson(path, state);
+  }
+  return {
+    cookieName,
+    sweepExpired() {
+      let removed = 0;
+      const now = Date.now();
+      for (const [id, row] of Object.entries(state.sessions)) {
+        if (!row || row.exp < now) {
+          delete state.sessions[id];
+          removed += 1;
+        }
+      }
+      if (removed) persist();
+      return removed;
+    },
+    create(user, maxAgeSec = 60 * 60 * 24 * 7) {
+      const id = randomBytes(12).toString("hex");
+      const exp = Date.now() + maxAgeSec * 1000;
+      state.sessions[id] = { user, exp };
+      persist();
+      const sig = sign(`${id}.${exp}`, secret);
+      return `${id}.${exp}.${sig}`;
+    },
+    read(token) {
+      if (!token) return null;
+      const [id, expStr, sig] = token.split(".");
+      if (!id || !expStr || !sig) return null;
+      const expected = sign(`${id}.${expStr}`, secret);
+      if (expected !== sig) return null;
+      const exp = Number(expStr);
+      if (!Number.isFinite(exp) || exp < Date.now()) return null;
+      const row = state.sessions[id];
+      if (!row || row.exp < Date.now()) {
+        if (row) {
+          delete state.sessions[id];
+          persist();
+        }
+        return null;
+      }
+      return row;
+    },
+    delete(token) {
+      const [id] = String(token || "").split(".");
+      if (!id) return;
+      delete state.sessions[id];
+      persist();
+    },
+    rotate(token, maxAgeSec = 60 * 60 * 24 * 7) {
+      const row = this.read(token);
+      if (!row?.user) return null;
+      this.delete(token);
+      return this.create(row.user, maxAgeSec);
+    },
+  };
+}
+export function requireUser(user) {
+  if (!user) {
+    const error = new Error("Unauthorized");
+    error.status = 401;
+    throw error;
+  }
+  return user;
+}

package/node_modules/@fastscript/core-private/src/bench.mjs ADDED Viewed

@@ -0,0 +1,45 @@
+import { existsSync, readFileSync } from "node:fs";
+import { gzipSync } from "node:zlib";
+import { join, resolve } from "node:path";
+const DIST = resolve("dist");
+const JS_BUDGET_BYTES = Number(process.env.FASTSCRIPT_JS_BUDGET_KB || 30) * 1024;
+const CSS_BUDGET_BYTES = Number(process.env.FASTSCRIPT_CSS_BUDGET_KB || 15) * 1024;
+function gzipSize(path) {
+  if (!existsSync(path)) return 0;
+  const raw = readFileSync(path);
+  return gzipSync(raw, { level: 9 }).byteLength;
+}
+function kb(bytes) {
+  return `${(bytes / 1024).toFixed(2)}KB`;
+}
+export async function runBench() {
+  const manifestPath = join(DIST, "fastscript-manifest.json");
+  if (!existsSync(manifestPath)) {
+    throw new Error("Missing dist build output. Run: fastscript build");
+  }
+  const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
+  const jsAssets = [join(DIST, "router.js")];
+  const cssAssets = [join(DIST, "styles.css")];
+  if (manifest.layout) jsAssets.push(join(DIST, manifest.layout.replace(/^\.\//, "")));
+  const root = manifest.routes.find((r) => r.path === "/");
+  if (root?.module) jsAssets.push(join(DIST, root.module.replace(/^\.\//, "")));
+  const totalJs = jsAssets.reduce((sum, p) => sum + gzipSize(p), 0);
+  const totalCss = cssAssets.reduce((sum, p) => sum + gzipSize(p), 0);
+  console.log(`3G budget check -> JS: ${kb(totalJs)} / ${kb(JS_BUDGET_BYTES)}, CSS: ${kb(totalCss)} / ${kb(CSS_BUDGET_BYTES)}`);
+  const errors = [];
+  if (totalJs > JS_BUDGET_BYTES) errors.push(`JS budget exceeded by ${kb(totalJs - JS_BUDGET_BYTES)}`);
+  if (totalCss > CSS_BUDGET_BYTES) errors.push(`CSS budget exceeded by ${kb(totalCss - CSS_BUDGET_BYTES)}`);
+  if (errors.length > 0) {
+    throw new Error(errors.join("\n"));
+  }
+}