glashjs 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +7 -7
  2. package/package.json +9 -1
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # glashjs
2
2
 
3
- The glashdb-native web framework — a **Next.js alternative** with the same file-based routing, SSR, API routes, layouts, and JSX component model you know from Next, rebuilt from scratch on **Preact + esbuild + Node** (zero Next dependency) and made **fast, offline-capable, and hard-to-hack by default**. It ships real features instead of promises.
3
+ The glashdb-native web framework — **a Next.js alternative** with the file-based routing, SSR, API routes, layouts, and JSX component model you know from Next, made **fast, offline-capable, and secure by default**. It ships real features instead of promises.
4
4
 
5
5
  > **Status:** `0.6.0` — the full framework is here: file-based routing, server-side rendering, API routes, JSX components with client hydration, nested layouts, streaming SSR, a dev/prod server, plus the asset optimizer, offline service worker, animated favicon, and secure-by-default headers. Core installs with zero mandatory dependencies.
6
6
 
@@ -24,9 +24,9 @@ security strict CSP + 11 headers
24
24
 
25
25
  ## The three pillars
26
26
 
27
- ### 1. Asset optimizer — the honest version of "10–20× compression"
28
- JPG and MP4 are *already* compressed; you can't losslessly shrink them 10–20× and restore them. So glashjs does what actually wins:
29
- - **Text / SVG / JS / CSS / HTML** → **Brotli + Gzip** (`zlib`, built in). Real 4–8× on text/SVG. The browser decompresses transparently via `Content-Encoding` — *that's* "compress on build, decompress when live," done correctly.
27
+ ### 1. Asset optimizer — the smallest payload a browser can decode
28
+ At build time glashjs re-encodes every asset to the leanest format the client supports, then serves the best variant per request — no config, no runtime image server, originals never touched. How each asset type is handled:
29
+ - **Text / SVG / JS / CSS / HTML** → **Brotli + Gzip** (`zlib`, built in). Real 4–8× on text/SVG. The browser decompresses transparently via `Content-Encoding` — compress on build, decompress in the browser.
30
30
  - **jpg / png / webp** → **AVIF + WebP** variants (needs optional `sharp`). Typically 3–10× vs unoptimized originals.
31
31
  - **mp4 / mov / webm** → **AV1** + poster frame (needs optional `ffmpeg`).
32
32
  - Emits `glash-assets.manifest.json` so the glashdb edge (or any server) serves the best variant per client. Originals are never mutated.
@@ -42,8 +42,8 @@ Generates a **Service Worker** (`glash-sw.js`) + PWA manifest that precache the
42
42
  - **HTML** → stale-while-revalidate (instant, self-healing)
43
43
  - **`/api` `/rest` `/auth` `/live` `/stream`** → **network-first**, so offline mode degrades *exactly* at live/updated data and streaming — the site keeps working, just without fresh data. (Configurable via `dataPrefixes`.)
44
44
 
45
- ### 3. Security — "hard to hack," honestly (not "unhackable")
46
- Nothing is unhackable. glashjs ships strong, opinionated defaults so you're secure unless you loosen them:
45
+ ### 3. Security — secure by default
46
+ glashjs ships strong, opinionated defaults so you're secure unless you loosen them:
47
47
  - **Strict CSP** with no `'unsafe-inline'` scripts (XSS-via-injection blocked by default)
48
48
  - HSTS, `X-Content-Type-Options`, `X-Frame-Options: DENY`, COOP/COEP/CORP isolation, tight `Permissions-Policy` & `Referrer-Policy`
49
49
  - **Subresource Integrity** helper (`sri()`) for build assets
@@ -180,4 +180,4 @@ animatedFavicon: true, // bundled animated glash mark (d
180
180
  - [ ] `glash deploy` → glashdb hosting in one command
181
181
 
182
182
  ## Design stance
183
- glashjs is a **Next.js alternative** — it keeps the conventions you know from Next (file-based routing, SSR, layouts, the component model) but is built from scratch on **Preact + esbuild + Node**, with **zero Next.js dependency**. The value is in the **defaults**: every glashjs site is optimized, offline-capable, and hardened out of the box.
183
+ glashjs is **a Next.js alternative** — it keeps the conventions you know from Next (file-based routing, SSR, layouts, the component model) and composes proven primitives rather than reinventing them. The value is in the **defaults**: every glashjs site is optimized, offline-capable, and secure out of the box.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "glashjs",
3
- "version": "0.7.0",
3
+ "version": "0.7.2",
4
4
  "description": "glashjs — a web framework built on top of Next.js: file-based routing, SSR, API routes, JSX components with client hydration, nested layouts, streaming SSR, a best-in-class build-time asset optimizer, offline PWA layer, animated favicon, and secure-by-default headers. Zero mandatory dependencies.",
5
5
  "type": "module",
6
6
  "bin": {
@@ -64,5 +64,13 @@
64
64
  "esbuild": "^0.28.0",
65
65
  "preact": "^10.29.2",
66
66
  "preact-render-to-string": "^6.7.0"
67
+ },
68
+ "repository": {
69
+ "type": "git",
70
+ "url": "git+https://github.com/theChrisJohn/glashjs.git"
71
+ },
72
+ "homepage": "https://github.com/theChrisJohn/glashjs#readme",
73
+ "bugs": {
74
+ "url": "https://github.com/theChrisJohn/glashjs/issues"
67
75
  }
68
76
  }