npm - vike - Versions diffs - 0.4.144-commit-68c730d → 0.4.144-commit-d6e4411 - Mend

vike 0.4.144-commit-68c730d → 0.4.144-commit-d6e4411

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cjs/node/plugin/plugins/envVars.js +34 -20
package/dist/cjs/utils/projectInfo.js +1 -1
package/dist/esm/node/plugin/plugins/envVars.d.ts +2 -0
package/dist/esm/node/plugin/plugins/envVars.js +35 -20
package/dist/esm/utils/projectInfo.d.ts +1 -1
package/dist/esm/utils/projectInfo.js +1 -1
package/package.json +1 -1

package/dist/cjs/node/plugin/plugins/envVars.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.envVarsPlugin = void 0;
+exports.applyEnvVar = exports.envVarsPlugin = void 0;
 const vite_1 = require("vite");
 const utils_js_1 = require("../utils.js");
 function envVarsPlugin() {
@@ -35,27 +35,32 @@ function envVarsPlugin() {
                         : [config.envPrefix];
                 return !envPrefix.some((prefix) => key.startsWith(prefix));
             })
-                .forEach(([key, val]) => {
-                const varName = `import.meta.env.${key}`;
-                const publicPrefix = 'PUBLIC_ENV__';
-                const keyPublic = `${publicPrefix}${key}`;
-                const isPrivate = !key.startsWith(publicPrefix);
-                if (isPrivate && isClientSide) {
-                    if (!code.includes(varName))
-                        return;
-                    const filePathToShowToUser = (0, utils_js_1.getFilePathRelativeToUserRootDir)(id, config.root);
-                    const errMsgAddendum = isBuild ? '' : ' (vike will prevent your app from building for production)';
-                    const errMsg = `${varName} used in ${filePathToShowToUser} and therefore included in client-side bundle which can be be a security leak${errMsgAddendum}, remove ${varName} or rename ${key} to ${keyPublic}, see https://vike.dev/env`;
-                    if (isBuild) {
-                        (0, utils_js_1.assertUsage)(false, errMsg);
-                    }
-                    else {
-                        // Only a warning for faster development DX (e.g. when use toggles `ssr: boolean` or `onBeforeRenderIsomorph: boolean`)
-                        (0, utils_js_1.assertWarning)(false, errMsg, { onlyOnce: true });
+                .forEach(([envName, envVal]) => {
+                // Security check
+                {
+                    const envStatement = getEnvStatement(envName);
+                    const publicPrefix = 'PUBLIC_ENV__';
+                    const isPrivate = !envName.startsWith(publicPrefix);
+                    if (isPrivate && isClientSide) {
+                        if (!code.includes(envStatement))
+                            return;
+                        const filePathToShowToUser = (0, utils_js_1.getFilePathRelativeToUserRootDir)(id, config.root);
+                        const errMsgAddendum = isBuild ? '' : ' (Vike will prevent your app from building for production)';
+                        const keyPublic = `${publicPrefix}${envName}`;
+                        const errMsg = `${envStatement} is used in client-side file ${filePathToShowToUser} which means that the environment variable ${envName} will be included in client-side bundles and, therefore, ${envName} will be publicly exposed which can be a security leak${errMsgAddendum}. Use ${envStatement} only in server-side files, or rename ${envName} to ${keyPublic}, see https://vike.dev/env`;
+                        if (isBuild) {
+                            (0, utils_js_1.assertUsage)(false, errMsg);
+                        }
+                        else {
+                            // Only a warning for faster development DX (e.g. when user toggles `ssr: boolean` or `onBeforeRenderIsomorph: boolean`)
+                            (0, utils_js_1.assertWarning)(false, errMsg, { onlyOnce: true });
+                        }
                     }
+                    // Double check
+                    (0, utils_js_1.assert)(!(isPrivate && isClientSide) || !isBuild);
                 }
-                (0, utils_js_1.assert)(!(isPrivate && isClientSide) || !isBuild);
-                code = code.replaceAll(varName, JSON.stringify(val));
+                // Apply
+                code = applyEnvVar(envName, envVal, code);
             });
             // No need for low-resolution source map since line numbers didn't change. (Does Vite do high-resolution column numbers source mapping?)
             return code;
@@ -63,6 +68,15 @@ function envVarsPlugin() {
     };
 }
 exports.envVarsPlugin = envVarsPlugin;
+function applyEnvVar(envName, envVal, code) {
+    const envStatement = getEnvStatement(envName);
+    const regex = new RegExp((0, utils_js_1.escapeRegex)(envStatement) + '\\b', 'g');
+    return code.replace(regex, JSON.stringify(envVal));
+}
+exports.applyEnvVar = applyEnvVar;
+function getEnvStatement(envName) {
+    return `import.meta.env.${envName}`;
+}
 function getIsClientSide(config, options) {
     const isBuild = config.command === 'build';
     if (isBuild) {

package/dist/cjs/utils/projectInfo.js CHANGED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.projectInfo = void 0;
 const assertSingleInstance_js_1 = require("./assertSingleInstance.js");
-const PROJECT_VERSION = '0.4.144-commit-68c730d';
+const PROJECT_VERSION = '0.4.144-commit-d6e4411';
 const projectInfo = {
     projectName: 'Vike',
     projectVersion: PROJECT_VERSION,

package/dist/esm/node/plugin/plugins/envVars.d.ts CHANGED Viewed

@@ -1,3 +1,5 @@
 export { envVarsPlugin };
+export { applyEnvVar };
 import type { Plugin } from 'vite';
 declare function envVarsPlugin(): Plugin;
+declare function applyEnvVar(envName: string, envVal: string, code: string): string;

package/dist/esm/node/plugin/plugins/envVars.js CHANGED Viewed

@@ -1,6 +1,8 @@
 export { envVarsPlugin };
+// For ./envVars.spec.ts
+export { applyEnvVar };
 import { loadEnv } from 'vite';
-import { assert, assertPosixPath, assertUsage, assertWarning, getFilePathRelativeToUserRootDir, lowerFirst } from '../utils.js';
+import { assert, assertPosixPath, assertUsage, assertWarning, escapeRegex, getFilePathRelativeToUserRootDir, lowerFirst } from '../utils.js';
 function envVarsPlugin() {
     let envsAll;
     let config;
@@ -33,33 +35,46 @@ function envVarsPlugin() {
                         : [config.envPrefix];
                 return !envPrefix.some((prefix) => key.startsWith(prefix));
             })
-                .forEach(([key, val]) => {
-                const varName = `import.meta.env.${key}`;
-                const publicPrefix = 'PUBLIC_ENV__';
-                const keyPublic = `${publicPrefix}${key}`;
-                const isPrivate = !key.startsWith(publicPrefix);
-                if (isPrivate && isClientSide) {
-                    if (!code.includes(varName))
-                        return;
-                    const filePathToShowToUser = getFilePathRelativeToUserRootDir(id, config.root);
-                    const errMsgAddendum = isBuild ? '' : ' (vike will prevent your app from building for production)';
-                    const errMsg = `${varName} used in ${filePathToShowToUser} and therefore included in client-side bundle which can be be a security leak${errMsgAddendum}, remove ${varName} or rename ${key} to ${keyPublic}, see https://vike.dev/env`;
-                    if (isBuild) {
-                        assertUsage(false, errMsg);
-                    }
-                    else {
-                        // Only a warning for faster development DX (e.g. when use toggles `ssr: boolean` or `onBeforeRenderIsomorph: boolean`)
-                        assertWarning(false, errMsg, { onlyOnce: true });
+                .forEach(([envName, envVal]) => {
+                // Security check
+                {
+                    const envStatement = getEnvStatement(envName);
+                    const publicPrefix = 'PUBLIC_ENV__';
+                    const isPrivate = !envName.startsWith(publicPrefix);
+                    if (isPrivate && isClientSide) {
+                        if (!code.includes(envStatement))
+                            return;
+                        const filePathToShowToUser = getFilePathRelativeToUserRootDir(id, config.root);
+                        const errMsgAddendum = isBuild ? '' : ' (Vike will prevent your app from building for production)';
+                        const keyPublic = `${publicPrefix}${envName}`;
+                        const errMsg = `${envStatement} is used in client-side file ${filePathToShowToUser} which means that the environment variable ${envName} will be included in client-side bundles and, therefore, ${envName} will be publicly exposed which can be a security leak${errMsgAddendum}. Use ${envStatement} only in server-side files, or rename ${envName} to ${keyPublic}, see https://vike.dev/env`;
+                        if (isBuild) {
+                            assertUsage(false, errMsg);
+                        }
+                        else {
+                            // Only a warning for faster development DX (e.g. when user toggles `ssr: boolean` or `onBeforeRenderIsomorph: boolean`)
+                            assertWarning(false, errMsg, { onlyOnce: true });
+                        }
                     }
+                    // Double check
+                    assert(!(isPrivate && isClientSide) || !isBuild);
                 }
-                assert(!(isPrivate && isClientSide) || !isBuild);
-                code = code.replaceAll(varName, JSON.stringify(val));
+                // Apply
+                code = applyEnvVar(envName, envVal, code);
             });
             // No need for low-resolution source map since line numbers didn't change. (Does Vite do high-resolution column numbers source mapping?)
             return code;
         }
     };
 }
+function applyEnvVar(envName, envVal, code) {
+    const envStatement = getEnvStatement(envName);
+    const regex = new RegExp(escapeRegex(envStatement) + '\\b', 'g');
+    return code.replace(regex, JSON.stringify(envVal));
+}
+function getEnvStatement(envName) {
+    return `import.meta.env.${envName}`;
+}
 function getIsClientSide(config, options) {
     const isBuild = config.command === 'build';
     if (isBuild) {

package/dist/esm/utils/projectInfo.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ type ProjectVersion = typeof projectInfo.projectVersion;
 type ProjectTag = `[${PackageName}]` | `[${PackageName}@${ProjectVersion}]`;
 declare const projectInfo: {
     projectName: "Vike";
-    projectVersion: "0.4.144-commit-68c730d";
+    projectVersion: "0.4.144-commit-d6e4411";
     npmPackageName: "vike";
     githubRepository: "https://github.com/vikejs/vike";
 };

package/dist/esm/utils/projectInfo.js CHANGED Viewed

@@ -1,6 +1,6 @@
 export { projectInfo };
 import { onProjectInfo } from './assertSingleInstance.js';
-const PROJECT_VERSION = '0.4.144-commit-68c730d';
+const PROJECT_VERSION = '0.4.144-commit-d6e4411';
 const projectInfo = {
     projectName: 'Vike',
     projectVersion: PROJECT_VERSION,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vike",
-  "version": "0.4.144-commit-68c730d",
+  "version": "0.4.144-commit-d6e4411",
   "scripts": {
     "dev": "tsc --watch",
     "build": "rimraf dist/ && pnpm run build:esm && pnpm run build:cjs",