mnfst-render 0.5.25 → 0.5.26

package/manifest.render.mjs

@@ -214,102 +214,18 @@ function parseArgs() {
 function loadConfig(rootDir) {
   const manifestPath = join(rootDir, 'manifest.json');
   if (!existsSync(manifestPath)) {
-    return { render: {} };
+    return { prerender: {} };
   }
   const raw = readFileSync(manifestPath, 'utf8');
   let manifest;
   try {
     manifest = JSON.parse(raw);
   } catch {
-    return { render: {} };
+    return { prerender: {} };
   }
   return manifest;
 }
 
-// Move credential-shaped values out of manifest.json into .env. Anything
-// inlined into manifest.json ships verbatim into dist/ (the file is copied
-// to the output unchanged), so a literal devKey there is a production leak.
-// Rewriting source AND the in-memory object covers both directions: future
-// renders see the placeholder, and the dist copy this run produces does too.
-// Idempotent — values already shaped like ${VAR} are skipped.
-function relocateSecretsToEnv(rootDir, manifest) {
-  const moves = [];
-
-  function maybeMove(obj, key, envVar, displayPath) {
-    if (!obj || typeof obj !== 'object') return;
-    const v = obj[key];
-    if (typeof v !== 'string' || !v) return;
-    if (/^\$\{[^}]+\}$/.test(v)) return; // already a placeholder
-    moves.push({ obj, key, value: v, envVar, displayPath });
-  }
-
-  maybeMove(manifest.appwrite, 'devKey', 'APPWRITE_DEV_KEY', 'appwrite.devKey');
-  if (manifest.data && typeof manifest.data === 'object') {
-    for (const [srcName, src] of Object.entries(manifest.data)) {
-      maybeMove(src, 'appwriteDevKey', 'APPWRITE_DEV_KEY', `data.${srcName}.appwriteDevKey`);
-    }
-  }
-
-  if (moves.length === 0) return manifest;
-
-  for (const m of moves) {
-    m.obj[m.key] = `\${${m.envVar}}`;
-  }
-
-  const manifestPath = join(rootDir, 'manifest.json');
-  try {
-    writeFileSync(manifestPath, JSON.stringify(manifest, null, 4) + '\n');
-  } catch (err) {
-    console.error(`mnfst-render: failed to rewrite ${manifestPath}: ${err.message}`);
-    process.exit(1);
-  }
-
-  const envPath = join(rootDir, '.env');
-  let envText = '';
-  try {
-    if (existsSync(envPath)) envText = readFileSync(envPath, 'utf8');
-  } catch {}
-  if (envText && !envText.endsWith('\n')) envText += '\n';
-
-  const existingVars = new Set();
-  for (const line of envText.split(/\r?\n/)) {
-    const m = line.match(/^([A-Z_][A-Z0-9_]*)\s*=/);
-    if (m) existingVars.add(m[1]);
-  }
-
-  const additions = [];
-  for (const m of moves) {
-    if (!existingVars.has(m.envVar)) {
-      additions.push(`${m.envVar}=${m.value}`);
-      existingVars.add(m.envVar);
-    }
-  }
-
-  if (additions.length) {
-    try {
-      writeFileSync(envPath, envText + additions.join('\n') + '\n');
-    } catch (err) {
-      console.error(`mnfst-render: failed to write ${envPath}: ${err.message}`);
-      process.exit(1);
-    }
-  }
-
-  console.warn('');
-  console.warn('mnfst-render: relocated credentials from manifest.json to .env');
-  for (const m of moves) {
-    console.warn(`  • ${m.displayPath} → \${${m.envVar}}`);
-  }
-  if (additions.length) {
-    console.warn(`  Appended ${additions.length} var(s) to .env (verify .env is in .gitignore).`);
-  } else {
-    console.warn('  .env already had matching vars; manifest.json placeholders now point at them.');
-  }
-  console.warn('  Browser-side dev needs window.env populated separately (e.g. env.local.js).');
-  console.warn('');
-
-  return manifest;
-}
-
 function normalizeLocaleRouteExclude(val) {
   if (val == null) return [];
   if (Array.isArray(val)) return val.map((s) => String(s).trim()).filter(Boolean);
@@ -321,44 +237,44 @@ function resolveConfig() {
   const cli = parseArgs();
   const cwd = process.cwd();
   const root = resolve(cwd, cli.root ?? '.');
-  const manifest = relocateSecretsToEnv(root, loadConfig(root));
-  const ren = manifest.render ?? {};
+  const manifest = loadConfig(root);
+  const pre = manifest.prerender ?? {};
 
-  const localUrl = (cli.localUrl ?? cli.baseUrl ?? process.env.PRERENDER_BASE ?? ren.localUrl ?? ren.baseUrl)?.replace(/\/$/, '');
+  const localUrl = (cli.localUrl ?? cli.baseUrl ?? process.env.PRERENDER_BASE ?? pre.localUrl ?? pre.baseUrl)?.replace(/\/$/, '');
   const serve = cli.localUrl ? false : (cli.serve !== undefined ? !!cli.serve : true);
   if (!serve && !localUrl) {
-    console.error('prerender: localUrl is required when not using built-in server. Set manifest.render.localUrl or use --local.');
+    console.error('prerender: localUrl is required when not using built-in server. Set manifest.prerender.localUrl or use --local.');
     process.exit(1);
   }
-  const liveUrl = (cli.liveUrl ?? process.env.PRERENDER_LIVE ?? manifest.live_url ?? manifest.liveUrl ?? ren.live_url ?? ren.liveUrl ?? localUrl ?? '')?.replace(/\/$/, '');
+  const liveUrl = (cli.liveUrl ?? process.env.PRERENDER_LIVE ?? manifest.live_url ?? manifest.liveUrl ?? pre.live_url ?? pre.liveUrl ?? localUrl ?? '')?.replace(/\/$/, '');
 
   return {
     localUrl: localUrl ?? '',
     liveUrl,
     serve,
-    output: resolve(root, cli.output ?? ren.output ?? 'website'),
+    output: resolve(root, cli.output ?? pre.output ?? 'website'),
     root,
-    routerBase: ren.routerBase ?? null,
+    routerBase: pre.routerBase ?? null,
     /** Logical path prefixes (after locale) that skip sticky locale prefix; see manifest:locale-route-exclude */
     localeRouteExclude: normalizeLocaleRouteExclude(
-      ren.localeRouteExclude ?? ren.localeStickyExclude
+      pre.localeRouteExclude ?? pre.localeStickyExclude
     ),
-    locales: ren.locales,
-    redirects: Array.isArray(ren.redirects) ? ren.redirects : [],
-    wait: cli.wait ?? ren.wait ?? null,
+    locales: pre.locales,
+    redirects: Array.isArray(pre.redirects) ? pre.redirects : [],
+    wait: cli.wait ?? pre.wait ?? null,
     waitAfterIdle: 0,
     // Default concurrency: 2.  Chromium per-page memory overhead is large and
     // our hydration source-attribute map adds more per page.  On big sites
     // (>100 routes) higher concurrency crashes the browser with OOM/target
     // closed errors.  Users can override for small projects with --concurrency.
-    concurrency: Math.max(1, cli.concurrency ?? ren.concurrency ?? 2),
-    retries: Math.max(0, cli.retries ?? ren.retries ?? 2),
+    concurrency: Math.max(1, cli.concurrency ?? pre.concurrency ?? 2),
+    retries: Math.max(0, cli.retries ?? pre.retries ?? 2),
     localeSubstitution: true,
     localeSubstitutionExclude: [],
     /** Explicit locale-neutral paths to render in addition to those discovered automatically.
      *  Each entry is expanded to all locale variants (e.g. "legal/privacy" → "cs/legal/privacy", ...) */
-    paths: Array.isArray(ren.paths)
-      ? ren.paths.map((p) => String(p).replace(/^\/+|\/+$/g, '')).filter(Boolean)
+    paths: Array.isArray(pre.paths)
+      ? pre.paths.map((p) => String(p).replace(/^\/+|\/+$/g, '')).filter(Boolean)
       : [],
     dryRun: !!cli.dryRun,
     debugPrerender: !!cli.debugPrerender,
@@ -367,12 +283,12 @@ function resolveConfig() {
     // fall back to the timeout.  10s gives slow data plugin pipelines a
     // chance while bounding worst-case per-path overhead.
     pipelineTimeout: 10000,
-    // SEO / AEO meta injection — see metaInjection() and the render.meta
+    // SEO / AEO meta injection — see metaInjection() and the prerender.meta
     // section of manifest.json.  Layered precedence (highest first):
     //   1. <template data-head> per-route (already in DOM at snapshot time)
     //   2. <head> in index.html (already in DOM at snapshot time)
-    //   3. render.meta.* expressions (Alpine-evaluated per route)
-    //   4. render.meta.fallback.* (static strings if expression empty)
+    //   3. prerender.meta.* expressions (Alpine-evaluated per route)
+    //   4. prerender.meta.fallback.* (static strings if expression empty)
     //   5. PWA-style manifest.json fields (name, description, author, icons)
     //   6. Smart defaults derived from the rendered DOM (h1, first p, etc.)
     //
@@ -383,10 +299,10 @@ function resolveConfig() {
       siteDescription: manifest.description || null,
       siteAuthor: manifest.author || null,
       icons: Array.isArray(manifest.icons) ? manifest.icons : [],
-      meta: ren.meta || null,
-      structuredData: ren.structuredData || null,
-      imageSnapshots: ren.meta?.imageSnapshots !== false, // default true
-      defaults: ren.meta?.defaults !== false,             // default true
+      meta: pre.meta || null,
+      structuredData: pre.structuredData || null,
+      imageSnapshots: pre.meta?.imageSnapshots !== false, // default true
+      defaults: pre.meta?.defaults !== false,             // default true
     },
   };
 }
@@ -853,18 +769,18 @@ function debakeThemeClass(html) {
   return out;
 }
 
-/** Manifest utilities plugin: <style id="utility-styles"> and <style id="utility-styles-critical"> */
+/** Manifest utilities plugin: <style id="manifest-styles"> and <style id="manifest-styles-critical"> */
 function extractUtilityStyleBlocks(html) {
   const blocks = [];
   let out = html.replace(
-    /<style[^>]*\bid=["']utility-styles-critical["'][^>]*>([\s\S]*?)<\/style>/gi,
+    /<style[^>]*\bid=["']manifest-styles-critical["'][^>]*>([\s\S]*?)<\/style>/gi,
     (_, css) => {
       const t = (css || '').trim();
       if (t) blocks.push({ kind: 'critical', css: t });
       return '';
     }
   );
-  out = out.replace(/<style[^>]*\bid=["']utility-styles["'][^>]*>([\s\S]*?)<\/style>/gi, (_, css) => {
+  out = out.replace(/<style[^>]*\bid=["']manifest-styles["'][^>]*>([\s\S]*?)<\/style>/gi, (_, css) => {
     const t = (css || '').trim();
     if (t) blocks.push({ kind: 'main', css: t });
     return '';
@@ -926,9 +842,9 @@ function promptContinueWithRuntimeTailwind(rootDir) {
 /**
  * Build a static Tailwind stylesheet via @tailwindcss/cli (v4+), scanning project sources.
  * Only runs when the project uses data-tailwind on the manifest script tag (auto-detected).
- * Set manifest.render.tailwindInput to a custom CSS entry file if needed.
+ * Set manifest.prerender.tailwindInput to a custom CSS entry file if needed.
  */
-function runTailwindCliForPrerender(rootDir, outputDir, ren) {
+function runTailwindCliForPrerender(rootDir, outputDir, pre) {
   if (!indexHtmlUsesTailwind(rootDir)) return false;
 
   const outCss = join(outputDir, 'prerender.tailwind.css');
@@ -944,7 +860,7 @@ function runTailwindCliForPrerender(rootDir, outputDir, ren) {
   }
   let inputPath = null;
   let createdTempInput = false;
-  const userInput = ren?.tailwindInput;
+  const userInput = pre?.tailwindInput;
   if (typeof userInput === 'string' && userInput.trim()) {
     inputPath = resolve(rootDir, userInput.trim());
   }
@@ -975,15 +891,10 @@ function runTailwindCliForPrerender(rootDir, outputDir, ren) {
   }
 
   process.stdout.write('prerender: compiling Tailwind CSS (this may take a minute)...\n');
-  // On Windows, invoke the .cmd shim directly instead of routing through
-  // `shell: true`. With `shell: true`, every argument (including the user-
-  // controlled `tailwindInput` path from manifest.json) gets parsed by cmd.exe
-  // — so a value like `styles.css & evilcmd` would run `evilcmd`. Calling
-  // npx.cmd directly keeps args as a literal argv with no shell interpretation.
-  const command = process.platform === 'win32' ? 'npx.cmd' : 'npx';
-  const r = spawnSync(command, args, {
+  const r = spawnSync('npx', args, {
     cwd: rootDir,
     encoding: 'utf8',
+    shell: process.platform === 'win32',
   });
   if (createdTempInput) {
     try {
@@ -993,7 +904,7 @@ function runTailwindCliForPrerender(rootDir, outputDir, ren) {
     }
   }
   if (r.status !== 0) {
-    console.error('prerender: Tailwind CLI failed; install with `npm i -D tailwindcss @tailwindcss/cli` or check tailwindInput in manifest.render.');
+    console.error('prerender: Tailwind CLI failed; install with `npm i -D tailwindcss @tailwindcss/cli` or check tailwindInput in manifest.prerender.');
     if (r.stderr) console.error(r.stderr);
     if (r.stdout) console.error(r.stdout);
     return false;
@@ -2847,7 +2758,7 @@ async function runPrerender(config) {
 
   const defaultLocale = locales[0] ?? null;
   const routeSegments = discoverRoutes(manifest, config.root);
-  // Merge any explicitly configured paths (manifest.render.paths) into the discovered segments.
+  // Merge any explicitly configured paths (manifest.prerender.paths) into the discovered segments.
   // These are treated as locale-neutral and get full locale-expansion like all other discovered paths.
   if (config.paths && config.paths.length > 0) {
     const segSet = new Set(routeSegments);
@@ -2894,7 +2805,7 @@ async function runPrerender(config) {
   const outputResolved = resolve(config.output);
   const rootResolved = resolve(config.root);
   // Router base = URL pathname to the app root. When dist is deployed as site root (e.g. Appwrite), use "".
-  // Set manifest.render.routerBase only when the app is served from a subpath (e.g. /app).
+  // Set manifest.prerender.routerBase only when the app is served from a subpath (e.g. /app).
   let routerBasePath = null;
   if (config.routerBase != null && String(config.routerBase).trim() !== '') {
     const trimmed = String(config.routerBase).replace(/^\/+|\/+$/g, '').trim();
@@ -2909,9 +2820,9 @@ async function runPrerender(config) {
   mkdirSync(outputResolved, { recursive: true });
   copyProjectIntoDist(rootResolved, outputResolved);
 
-  const ren = manifest.render ?? {};
-  const bundleUtilities = ren.utilitiesBundle !== false;
-  const tailwindBuilt = runTailwindCliForPrerender(rootResolved, outputResolved, ren);
+  const pre = manifest.prerender ?? {};
+  const bundleUtilities = pre.utilitiesBundle !== false;
+  const tailwindBuilt = runTailwindCliForPrerender(rootResolved, outputResolved, pre);
   const utilityBlocks = [];
 
   // Launch a fresh browser instance.  Chromium is known to accumulate memory
@@ -2943,18 +2854,12 @@ async function runPrerender(config) {
         console.error('  npm i -D puppeteer-core @sparticuz/chromium');
         process.exit(1);
       }
-      // Chrome's sandbox is the primary defense against renderer-process
-      // exploits — disabling it means any RCE in a rendered page runs as the
-      // developer's UID with full filesystem access. We render arbitrary CDN
-      // scripts and third-party iframes, so the threat is real. Opt-in only
-      // for CI environments where the sandbox legitimately can't initialize:
-      // set MNFST_RENDER_NO_SANDBOX=1 to add the flags back.
-      const extraArgs = process.env.MNFST_RENDER_NO_SANDBOX === '1'
-        ? ['--no-sandbox', '--disable-setuid-sandbox']
-        : [];
       return await puppeteer.default.launch({
         headless: true,
-        args: extraArgs,
+        args: [
+          '--no-sandbox',
+          '--disable-setuid-sandbox',
+        ],
       });
     }
   }
@@ -2965,12 +2870,12 @@ async function runPrerender(config) {
   // substantial, and we also now maintain a per-page source-attribute Map for
   // the hydration contract.  On large sites (>100 routes) higher concurrency
   // spikes memory and crashes the browser.  Users can still override via
-  // --concurrency or manifest.render.concurrency.
+  // --concurrency or manifest.prerender.concurrency.
   const concurrency = config.concurrency;
   const maxRetries = config.retries ?? 2;
   // Recycle the browser every N processed pages to bound resource growth.
-  // Configurable via manifest.render.browserRecycleEvery.
-  const browserRecycleEvery = Math.max(0, ren.browserRecycleEvery ?? 40);
+  // Configurable via manifest.prerender.browserRecycleEvery.
+  const browserRecycleEvery = Math.max(0, pre.browserRecycleEvery ?? 40);
   let pagesSinceRecycle = 0;
   const recycleLock = { busy: false };
   // Workers block on this promise before touching `browser`.  While a recycle

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mnfst-render",
-  "version": "0.5.25",
+  "version": "0.5.26",
   "description": "Render Manifest sites to static HTML for SEO",
   "type": "module",
   "bin": {