npm - vinext - Versions diffs - 0.0.0 → 0.0.1 - Mend

vinext 0.0.0 → 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/LICENSE +21 -0
package/README.md +1 -0
package/dist/build/static-export.d.ts +78 -0
package/dist/build/static-export.d.ts.map +1 -0
package/dist/build/static-export.js +553 -0
package/dist/build/static-export.js.map +1 -0
package/dist/check.d.ts +52 -0
package/dist/check.d.ts.map +1 -0
package/dist/check.js +483 -0
package/dist/check.js.map +1 -0
package/dist/cli.d.ts +15 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +565 -0
package/dist/cli.js.map +1 -0
package/dist/client/entry.d.ts +2 -0
package/dist/client/entry.d.ts.map +1 -0
package/dist/client/entry.js +85 -0
package/dist/client/entry.js.map +1 -0
package/dist/cloudflare/index.d.ts +8 -0
package/dist/cloudflare/index.d.ts.map +1 -0
package/dist/cloudflare/index.js +8 -0
package/dist/cloudflare/index.js.map +1 -0
package/dist/cloudflare/kv-cache-handler.d.ts +68 -0
package/dist/cloudflare/kv-cache-handler.d.ts.map +1 -0
package/dist/cloudflare/kv-cache-handler.js +304 -0
package/dist/cloudflare/kv-cache-handler.js.map +1 -0
package/dist/cloudflare/tpr.d.ts +78 -0
package/dist/cloudflare/tpr.d.ts.map +1 -0
package/dist/cloudflare/tpr.js +672 -0
package/dist/cloudflare/tpr.js.map +1 -0
package/dist/config/config-matchers.d.ts +106 -0
package/dist/config/config-matchers.d.ts.map +1 -0
package/dist/config/config-matchers.js +499 -0
package/dist/config/config-matchers.js.map +1 -0
package/dist/config/next-config.d.ts +153 -0
package/dist/config/next-config.d.ts.map +1 -0
package/dist/config/next-config.js +274 -0
package/dist/config/next-config.js.map +1 -0
package/dist/deploy.d.ts +87 -0
package/dist/deploy.d.ts.map +1 -0
package/dist/deploy.js +644 -0
package/dist/deploy.js.map +1 -0
package/dist/index.d.ts +156 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3287 -0
package/dist/index.js.map +1 -0
package/dist/init.d.ts +55 -0
package/dist/init.d.ts.map +1 -0
package/dist/init.js +201 -0
package/dist/init.js.map +1 -0
package/dist/routing/app-router.d.ts +96 -0
package/dist/routing/app-router.d.ts.map +1 -0
package/dist/routing/app-router.js +815 -0
package/dist/routing/app-router.js.map +1 -0
package/dist/routing/pages-router.d.ts +52 -0
package/dist/routing/pages-router.d.ts.map +1 -0
package/dist/routing/pages-router.js +239 -0
package/dist/routing/pages-router.js.map +1 -0
package/dist/server/api-handler.d.ts +18 -0
package/dist/server/api-handler.d.ts.map +1 -0
package/dist/server/api-handler.js +169 -0
package/dist/server/api-handler.js.map +1 -0
package/dist/server/app-dev-server.d.ts +42 -0
package/dist/server/app-dev-server.d.ts.map +1 -0
package/dist/server/app-dev-server.js +2718 -0
package/dist/server/app-dev-server.js.map +1 -0
package/dist/server/app-router-entry.d.ts +18 -0
package/dist/server/app-router-entry.d.ts.map +1 -0
package/dist/server/app-router-entry.js +34 -0
package/dist/server/app-router-entry.js.map +1 -0
package/dist/server/dev-server.d.ts +40 -0
package/dist/server/dev-server.d.ts.map +1 -0
package/dist/server/dev-server.js +758 -0
package/dist/server/dev-server.js.map +1 -0
package/dist/server/html.d.ts +22 -0
package/dist/server/html.d.ts.map +1 -0
package/dist/server/html.js +29 -0
package/dist/server/html.js.map +1 -0
package/dist/server/image-optimization.d.ts +56 -0
package/dist/server/image-optimization.d.ts.map +1 -0
package/dist/server/image-optimization.js +103 -0
package/dist/server/image-optimization.js.map +1 -0
package/dist/server/instrumentation.d.ts +68 -0
package/dist/server/instrumentation.d.ts.map +1 -0
package/dist/server/instrumentation.js +90 -0
package/dist/server/instrumentation.js.map +1 -0
package/dist/server/isr-cache.d.ts +61 -0
package/dist/server/isr-cache.d.ts.map +1 -0
package/dist/server/isr-cache.js +134 -0
package/dist/server/isr-cache.js.map +1 -0
package/dist/server/metadata-routes.d.ts +103 -0
package/dist/server/metadata-routes.d.ts.map +1 -0
package/dist/server/metadata-routes.js +270 -0
package/dist/server/metadata-routes.js.map +1 -0
package/dist/server/middleware.d.ts +77 -0
package/dist/server/middleware.d.ts.map +1 -0
package/dist/server/middleware.js +228 -0
package/dist/server/middleware.js.map +1 -0
package/dist/server/prod-server.d.ts +78 -0
package/dist/server/prod-server.d.ts.map +1 -0
package/dist/server/prod-server.js +712 -0
package/dist/server/prod-server.js.map +1 -0
package/dist/shims/amp.d.ts +17 -0
package/dist/shims/amp.d.ts.map +1 -0
package/dist/shims/amp.js +21 -0
package/dist/shims/amp.js.map +1 -0
package/dist/shims/app.d.ts +12 -0
package/dist/shims/app.d.ts.map +1 -0
package/dist/shims/app.js +2 -0
package/dist/shims/app.js.map +1 -0
package/dist/shims/cache-runtime.d.ts +68 -0
package/dist/shims/cache-runtime.d.ts.map +1 -0
package/dist/shims/cache-runtime.js +437 -0
package/dist/shims/cache-runtime.js.map +1 -0
package/dist/shims/cache.d.ts +243 -0
package/dist/shims/cache.d.ts.map +1 -0
package/dist/shims/cache.js +415 -0
package/dist/shims/cache.js.map +1 -0
package/dist/shims/client-only.d.ts +18 -0
package/dist/shims/client-only.d.ts.map +1 -0
package/dist/shims/client-only.js +18 -0
package/dist/shims/client-only.js.map +1 -0
package/dist/shims/config.d.ts +27 -0
package/dist/shims/config.d.ts.map +1 -0
package/dist/shims/config.js +30 -0
package/dist/shims/config.js.map +1 -0
package/dist/shims/constants.d.ts +13 -0
package/dist/shims/constants.d.ts.map +1 -0
package/dist/shims/constants.js +13 -0
package/dist/shims/constants.js.map +1 -0
package/dist/shims/document.d.ts +33 -0
package/dist/shims/document.d.ts.map +1 -0
package/dist/shims/document.js +32 -0
package/dist/shims/document.js.map +1 -0
package/dist/shims/dynamic.d.ts +33 -0
package/dist/shims/dynamic.d.ts.map +1 -0
package/dist/shims/dynamic.js +148 -0
package/dist/shims/dynamic.js.map +1 -0
package/dist/shims/error-boundary.d.ts +33 -0
package/dist/shims/error-boundary.d.ts.map +1 -0
package/dist/shims/error-boundary.js +88 -0
package/dist/shims/error-boundary.js.map +1 -0
package/dist/shims/error.d.ts +16 -0
package/dist/shims/error.d.ts.map +1 -0
package/dist/shims/error.js +45 -0
package/dist/shims/error.js.map +1 -0
package/dist/shims/fetch-cache.d.ts +61 -0
package/dist/shims/fetch-cache.d.ts.map +1 -0
package/dist/shims/fetch-cache.js +307 -0
package/dist/shims/fetch-cache.js.map +1 -0
package/dist/shims/font-google.d.ts +122 -0
package/dist/shims/font-google.d.ts.map +1 -0
package/dist/shims/font-google.js +387 -0
package/dist/shims/font-google.js.map +1 -0
package/dist/shims/font-local.d.ts +61 -0
package/dist/shims/font-local.d.ts.map +1 -0
package/dist/shims/font-local.js +303 -0
package/dist/shims/font-local.js.map +1 -0
package/dist/shims/form.d.ts +30 -0
package/dist/shims/form.d.ts.map +1 -0
package/dist/shims/form.js +78 -0
package/dist/shims/form.js.map +1 -0
package/dist/shims/head-state.d.ts +11 -0
package/dist/shims/head-state.d.ts.map +1 -0
package/dist/shims/head-state.js +47 -0
package/dist/shims/head-state.js.map +1 -0
package/dist/shims/head.d.ts +28 -0
package/dist/shims/head.d.ts.map +1 -0
package/dist/shims/head.js +148 -0
package/dist/shims/head.js.map +1 -0
package/dist/shims/headers.d.ts +150 -0
package/dist/shims/headers.d.ts.map +1 -0
package/dist/shims/headers.js +412 -0
package/dist/shims/headers.js.map +1 -0
package/dist/shims/image-config.d.ts +30 -0
package/dist/shims/image-config.d.ts.map +1 -0
package/dist/shims/image-config.js +91 -0
package/dist/shims/image-config.js.map +1 -0
package/dist/shims/image.d.ts +63 -0
package/dist/shims/image.d.ts.map +1 -0
package/dist/shims/image.js +284 -0
package/dist/shims/image.js.map +1 -0
package/dist/shims/internal/api-utils.d.ts +12 -0
package/dist/shims/internal/api-utils.d.ts.map +1 -0
package/dist/shims/internal/api-utils.js +7 -0
package/dist/shims/internal/api-utils.js.map +1 -0
package/dist/shims/internal/app-router-context.d.ts +21 -0
package/dist/shims/internal/app-router-context.d.ts.map +1 -0
package/dist/shims/internal/app-router-context.js +15 -0
package/dist/shims/internal/app-router-context.js.map +1 -0
package/dist/shims/internal/cookies.d.ts +9 -0
package/dist/shims/internal/cookies.d.ts.map +1 -0
package/dist/shims/internal/cookies.js +9 -0
package/dist/shims/internal/cookies.js.map +1 -0
package/dist/shims/internal/router-context.d.ts +2 -0
package/dist/shims/internal/router-context.d.ts.map +1 -0
package/dist/shims/internal/router-context.js +9 -0
package/dist/shims/internal/router-context.js.map +1 -0
package/dist/shims/internal/utils.d.ts +48 -0
package/dist/shims/internal/utils.d.ts.map +1 -0
package/dist/shims/internal/utils.js +35 -0
package/dist/shims/internal/utils.js.map +1 -0
package/dist/shims/internal/work-unit-async-storage.d.ts +12 -0
package/dist/shims/internal/work-unit-async-storage.d.ts.map +1 -0
package/dist/shims/internal/work-unit-async-storage.js +13 -0
package/dist/shims/internal/work-unit-async-storage.js.map +1 -0
package/dist/shims/layout-segment-context.d.ts +21 -0
package/dist/shims/layout-segment-context.d.ts.map +1 -0
package/dist/shims/layout-segment-context.js +27 -0
package/dist/shims/layout-segment-context.js.map +1 -0
package/dist/shims/legacy-image.d.ts +52 -0
package/dist/shims/legacy-image.d.ts.map +1 -0
package/dist/shims/legacy-image.js +46 -0
package/dist/shims/legacy-image.js.map +1 -0
package/dist/shims/link.d.ts +48 -0
package/dist/shims/link.d.ts.map +1 -0
package/dist/shims/link.js +395 -0
package/dist/shims/link.js.map +1 -0
package/dist/shims/metadata.d.ts +184 -0
package/dist/shims/metadata.d.ts.map +1 -0
package/dist/shims/metadata.js +472 -0
package/dist/shims/metadata.js.map +1 -0
package/dist/shims/navigation-state.d.ts +14 -0
package/dist/shims/navigation-state.d.ts.map +1 -0
package/dist/shims/navigation-state.js +77 -0
package/dist/shims/navigation-state.js.map +1 -0
package/dist/shims/navigation.d.ts +201 -0
package/dist/shims/navigation.d.ts.map +1 -0
package/dist/shims/navigation.js +672 -0
package/dist/shims/navigation.js.map +1 -0
package/dist/shims/og.d.ts +20 -0
package/dist/shims/og.d.ts.map +1 -0
package/dist/shims/og.js +19 -0
package/dist/shims/og.js.map +1 -0
package/dist/shims/router-state.d.ts +11 -0
package/dist/shims/router-state.d.ts.map +1 -0
package/dist/shims/router-state.js +56 -0
package/dist/shims/router-state.js.map +1 -0
package/dist/shims/router.d.ts +103 -0
package/dist/shims/router.d.ts.map +1 -0
package/dist/shims/router.js +536 -0
package/dist/shims/router.js.map +1 -0
package/dist/shims/script.d.ts +58 -0
package/dist/shims/script.d.ts.map +1 -0
package/dist/shims/script.js +163 -0
package/dist/shims/script.js.map +1 -0
package/dist/shims/server-only.d.ts +19 -0
package/dist/shims/server-only.d.ts.map +1 -0
package/dist/shims/server-only.js +19 -0
package/dist/shims/server-only.js.map +1 -0
package/dist/shims/server.d.ts +178 -0
package/dist/shims/server.d.ts.map +1 -0
package/dist/shims/server.js +377 -0
package/dist/shims/server.js.map +1 -0
package/dist/shims/web-vitals.d.ts +24 -0
package/dist/shims/web-vitals.d.ts.map +1 -0
package/dist/shims/web-vitals.js +17 -0
package/dist/shims/web-vitals.js.map +1 -0
package/dist/utils/hash.d.ts +6 -0
package/dist/utils/hash.d.ts.map +1 -0
package/dist/utils/hash.js +20 -0
package/dist/utils/hash.js.map +1 -0
package/dist/utils/project.d.ts +36 -0
package/dist/utils/project.d.ts.map +1 -0
package/dist/utils/project.js +112 -0
package/dist/utils/project.js.map +1 -0
package/dist/utils/query.d.ts +10 -0
package/dist/utils/query.d.ts.map +1 -0
package/dist/utils/query.js +27 -0
package/dist/utils/query.js.map +1 -0
package/package.json +65 -7
package/index.js +0 -1

package/dist/shims/headers.js ADDED Viewed

@@ -0,0 +1,412 @@
+/**
+ * next/headers shim
+ *
+ * Provides cookies() and headers() functions for App Router Server Components.
+ * These read from a request context set by the RSC handler before rendering.
+ *
+ * In Next.js 15+, cookies() and headers() return Promises (async).
+ * We support both the sync (legacy) and async patterns.
+ */
+import { AsyncLocalStorage } from "node:async_hooks";
+// NOTE:
+// - This shim can be loaded under multiple module specifiers in Vite's
+//   multi-environment setup (RSC/SSR). Store the AsyncLocalStorage on
+//   globalThis so `connection()` (next/server) and `consumeDynamicUsage()`
+//   (next/headers) always share it.
+// - We use AsyncLocalStorage so concurrent requests don't stomp each other's
+//   headers/cookies/dynamic-usage state.
+const _ALS_KEY = Symbol.for("vinext.nextHeadersShim.als");
+const _FALLBACK_KEY = Symbol.for("vinext.nextHeadersShim.fallback");
+const _g = globalThis;
+const _als = (_g[_ALS_KEY] ??= new AsyncLocalStorage());
+const _fallbackState = (_g[_FALLBACK_KEY] ??= {
+    headersContext: null,
+    dynamicUsageDetected: false,
+    pendingSetCookies: [],
+    draftModeCookieHeader: null,
+});
+function _enterWith(state) {
+    // Some non-Node runtimes/polyfills provide AsyncLocalStorage but not enterWith().
+    const enterWith = _als.enterWith;
+    if (typeof enterWith === "function") {
+        try {
+            enterWith.call(_als, state);
+            return;
+        }
+        catch {
+            // Fall through to best-effort fallback.
+        }
+    }
+    // Best-effort fallback: global state (not concurrency-safe).
+    _fallbackState.headersContext = state.headersContext;
+    _fallbackState.dynamicUsageDetected = state.dynamicUsageDetected;
+    _fallbackState.pendingSetCookies = state.pendingSetCookies;
+    _fallbackState.draftModeCookieHeader = state.draftModeCookieHeader;
+}
+function _getState() {
+    const state = _als.getStore();
+    return state ?? _fallbackState;
+}
+/**
+ * Dynamic usage flag — set when a component calls connection(), cookies(),
+ * headers(), or noStore() during rendering. When true, ISR caching is
+ * bypassed and the response gets Cache-Control: no-store.
+ */
+// (stored on _state)
+/**
+ * Mark the current render as requiring dynamic (uncached) rendering.
+ * Called by connection(), cookies(), headers(), and noStore().
+ */
+export function markDynamicUsage() {
+    _getState().dynamicUsageDetected = true;
+}
+/**
+ * Check and reset the dynamic usage flag.
+ * Called by the server after rendering to decide on caching.
+ */
+export function consumeDynamicUsage() {
+    const state = _getState();
+    const used = state.dynamicUsageDetected;
+    state.dynamicUsageDetected = false;
+    return used;
+}
+/**
+ * Set the headers/cookies context for the current RSC render.
+ * Called by the framework's RSC entry before rendering each request.
+ *
+ * NOTE: This uses enterWith() which only works reliably within the same
+ * synchronous call stack. For full async context propagation (needed for
+ * RSC streaming), use runWithHeadersContext() instead.
+ */
+export function setHeadersContext(ctx) {
+    // Start of request: enter a fresh per-request store.
+    if (ctx !== null) {
+        _enterWith({
+            headersContext: ctx,
+            dynamicUsageDetected: false,
+            pendingSetCookies: [],
+            draftModeCookieHeader: null,
+        });
+        return;
+    }
+    // End of request cleanup: keep the store (so consumeDynamicUsage and
+    // cookie flushing can still run), but clear the request headers/cookies.
+    const state = _als.getStore();
+    if (state) {
+        state.headersContext = null;
+    }
+    else {
+        _fallbackState.headersContext = null;
+    }
+}
+/**
+ * Run a function with headers context, ensuring the context propagates
+ * through all async operations (including RSC streaming).
+ *
+ * IMPORTANT: RSC rendering is streaming - renderToReadableStream() returns
+ * immediately but component execution happens later when the stream is consumed.
+ * AsyncLocalStorage.run() only maintains context within the callback scope,
+ * so by the time components actually render, we'd be outside that scope.
+ *
+ * Solution: We use enterWith() to set persistent context AND update the
+ * fallback state. This way, even after run() returns, getStore() still
+ * returns the right state (via enterWith), and if that fails, we have
+ * the fallback. For single-request-at-a-time scenarios (dev mode), this
+ * works correctly. For concurrent requests, the ALS should work.
+ */
+export function runWithHeadersContext(ctx, fn) {
+    const state = {
+        headersContext: ctx,
+        dynamicUsageDetected: false,
+        pendingSetCookies: [],
+        draftModeCookieHeader: null,
+    };
+    // Use enterWith to set persistent context for this async context
+    _enterWith(state);
+    // Also update fallback state directly for environments where ALS doesn't
+    // propagate correctly (this is not concurrency-safe but works for dev)
+    _fallbackState.headersContext = ctx;
+    _fallbackState.dynamicUsageDetected = false;
+    _fallbackState.pendingSetCookies = [];
+    _fallbackState.draftModeCookieHeader = null;
+    return fn();
+}
+/**
+ * Apply middleware-forwarded request headers to the current headers context.
+ *
+ * When Next.js middleware calls `NextResponse.next({ request: { headers } })`,
+ * the modified headers are encoded as `x-middleware-request-<name>` on the
+ * middleware response.  This function unpacks those prefixed headers and
+ * replaces the corresponding entries on the live `HeadersContext` so that
+ * subsequent calls to `headers()` / `cookies()` see the middleware changes.
+ */
+export function applyMiddlewareRequestHeaders(middlewareResponseHeaders) {
+    const state = _getState();
+    if (!state.headersContext)
+        return;
+    const ctx = state.headersContext;
+    const PREFIX = "x-middleware-request-";
+    for (const [key, value] of middlewareResponseHeaders) {
+        if (key.startsWith(PREFIX)) {
+            const realName = key.slice(PREFIX.length);
+            ctx.headers.set(realName, value);
+        }
+    }
+    // If middleware modified the cookie header, rebuild the cookies map.
+    const newCookieHeader = ctx.headers.get("cookie");
+    if (newCookieHeader !== null) {
+        ctx.cookies.clear();
+        for (const part of newCookieHeader.split(";")) {
+            const [k, ...rest] = part.split("=");
+            if (k) {
+                ctx.cookies.set(k.trim(), rest.join("=").trim());
+            }
+        }
+    }
+}
+/**
+ * Create a HeadersContext from a standard Request object.
+ */
+export function headersContextFromRequest(request) {
+    const cookies = new Map();
+    const cookieHeader = request.headers.get("cookie") || "";
+    for (const part of cookieHeader.split(";")) {
+        const [key, ...rest] = part.split("=");
+        if (key) {
+            cookies.set(key.trim(), rest.join("=").trim());
+        }
+    }
+    return {
+        headers: request.headers,
+        cookies,
+    };
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Read-only Headers instance from the incoming request.
+ * Returns a Promise in Next.js 15+ style (but resolves synchronously since
+ * the context is already available).
+ */
+export async function headers() {
+    const state = _getState();
+    if (!state.headersContext) {
+        throw new Error("headers() can only be called from a Server Component, Route Handler, " +
+            "or Server Action. Make sure you're not calling it from a Client Component.");
+    }
+    markDynamicUsage();
+    return state.headersContext.headers;
+}
+/**
+ * Cookie jar from the incoming request.
+ * Returns a ReadonlyRequestCookies-like object.
+ */
+export async function cookies() {
+    const state = _getState();
+    if (!state.headersContext) {
+        throw new Error("cookies() can only be called from a Server Component, Route Handler, " +
+            "or Server Action.");
+    }
+    markDynamicUsage();
+    return new RequestCookies(state.headersContext.cookies);
+}
+// ---------------------------------------------------------------------------
+// Writable cookie accumulator for Route Handlers / Server Actions
+// ---------------------------------------------------------------------------
+/** Accumulated Set-Cookie headers from cookies().set() / .delete() calls */
+// (stored on _state)
+/**
+ * Get and clear all pending Set-Cookie headers generated by cookies().set()/delete().
+ * Called by the framework after rendering to attach headers to the response.
+ */
+export function getAndClearPendingCookies() {
+    const state = _getState();
+    const cookies = state.pendingSetCookies;
+    state.pendingSetCookies = [];
+    return cookies;
+}
+// Draft mode cookie name (matches Next.js convention)
+const DRAFT_MODE_COOKIE = "__prerender_bypass";
+// Draft mode secret — generated once at build time via Vite `define` so the
+// __prerender_bypass cookie is consistent across all server instances (e.g.
+// multiple Cloudflare Workers isolates).
+function getDraftSecret() {
+    const secret = process.env.__VINEXT_DRAFT_SECRET;
+    if (!secret) {
+        throw new Error("[vinext] __VINEXT_DRAFT_SECRET is not defined. " +
+            "This should be set by the Vite plugin at build time.");
+    }
+    return secret;
+}
+// Store for Set-Cookie headers generated by draftMode().enable()/disable()
+// (stored on _state)
+/**
+ * Get any Set-Cookie header generated by draftMode().enable()/disable().
+ * Called by the framework after rendering to attach the header to the response.
+ */
+export function getDraftModeCookieHeader() {
+    const state = _getState();
+    const header = state.draftModeCookieHeader;
+    state.draftModeCookieHeader = null;
+    return header;
+}
+/**
+ * Draft mode — check/toggle via a `__prerender_bypass` cookie.
+ *
+ * - `isEnabled`: true if the bypass cookie is present in the request
+ * - `enable()`: sets the bypass cookie (for Route Handlers)
+ * - `disable()`: clears the bypass cookie
+ */
+export async function draftMode() {
+    const state = _getState();
+    const secret = getDraftSecret();
+    const isEnabled = state.headersContext
+        ? state.headersContext.cookies.get(DRAFT_MODE_COOKIE) === secret
+        : false;
+    return {
+        isEnabled,
+        enable() {
+            if (state.headersContext) {
+                state.headersContext.cookies.set(DRAFT_MODE_COOKIE, secret);
+            }
+            state.draftModeCookieHeader =
+                `${DRAFT_MODE_COOKIE}=${secret}; Path=/; HttpOnly; SameSite=Lax`;
+        },
+        disable() {
+            if (state.headersContext) {
+                state.headersContext.cookies.delete(DRAFT_MODE_COOKIE);
+            }
+            state.draftModeCookieHeader =
+                `${DRAFT_MODE_COOKIE}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`;
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Cookie name/value validation (RFC 6265)
+// ---------------------------------------------------------------------------
+/**
+ * RFC 6265 §4.1.1: cookie-name is a token (RFC 2616 §2.2).
+ * Allowed: any visible ASCII (0x21-0x7E) except separators: ()<>@,;:\"/[]?={}
+ */
+const VALID_COOKIE_NAME_RE = /^[\x21\x23-\x27\x2A\x2B\x2D\x2E\x30-\x39\x41-\x5A\x5E-\x7A\x7C\x7E]+$/;
+function validateCookieName(name) {
+    if (!name || !VALID_COOKIE_NAME_RE.test(name)) {
+        throw new Error(`Invalid cookie name: ${JSON.stringify(name)}`);
+    }
+}
+/**
+ * Validate cookie attribute values (path, domain) to prevent injection
+ * via semicolons, newlines, or other control characters.
+ */
+function validateCookieAttributeValue(value, attributeName) {
+    for (let i = 0; i < value.length; i++) {
+        const code = value.charCodeAt(i);
+        if (code <= 0x1F || code === 0x7F || value[i] === ";") {
+            throw new Error(`Invalid cookie ${attributeName} value: ${JSON.stringify(value)}`);
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// RequestCookies implementation
+// ---------------------------------------------------------------------------
+class RequestCookies {
+    _cookies;
+    constructor(cookies) {
+        this._cookies = cookies;
+    }
+    get(name) {
+        const value = this._cookies.get(name);
+        if (value === undefined)
+            return undefined;
+        return { name, value };
+    }
+    getAll() {
+        const result = [];
+        for (const [name, value] of this._cookies) {
+            result.push({ name, value });
+        }
+        return result;
+    }
+    has(name) {
+        return this._cookies.has(name);
+    }
+    /**
+     * Set a cookie. In Route Handlers and Server Actions, this produces
+     * a Set-Cookie header on the response.
+     */
+    set(nameOrOptions, value, options) {
+        let cookieName;
+        let cookieValue;
+        let opts;
+        if (typeof nameOrOptions === "string") {
+            cookieName = nameOrOptions;
+            cookieValue = value ?? "";
+            opts = options;
+        }
+        else {
+            cookieName = nameOrOptions.name;
+            cookieValue = nameOrOptions.value;
+            opts = nameOrOptions;
+        }
+        validateCookieName(cookieName);
+        // Update the local cookie map
+        this._cookies.set(cookieName, cookieValue);
+        // Build Set-Cookie header string
+        const parts = [`${cookieName}=${encodeURIComponent(cookieValue)}`];
+        if (opts?.path) {
+            validateCookieAttributeValue(opts.path, "Path");
+            parts.push(`Path=${opts.path}`);
+        }
+        if (opts?.domain) {
+            validateCookieAttributeValue(opts.domain, "Domain");
+            parts.push(`Domain=${opts.domain}`);
+        }
+        if (opts?.maxAge !== undefined)
+            parts.push(`Max-Age=${opts.maxAge}`);
+        if (opts?.expires)
+            parts.push(`Expires=${opts.expires.toUTCString()}`);
+        if (opts?.httpOnly)
+            parts.push("HttpOnly");
+        if (opts?.secure)
+            parts.push("Secure");
+        if (opts?.sameSite)
+            parts.push(`SameSite=${opts.sameSite}`);
+        _getState().pendingSetCookies.push(parts.join("; "));
+        return this;
+    }
+    /**
+     * Delete a cookie by setting it with Max-Age=0.
+     */
+    delete(name) {
+        validateCookieName(name);
+        this._cookies.delete(name);
+        _getState().pendingSetCookies.push(`${name}=; Path=/; Max-Age=0`);
+        return this;
+    }
+    get size() {
+        return this._cookies.size;
+    }
+    [Symbol.iterator]() {
+        const entries = this._cookies.entries();
+        const iter = {
+            [Symbol.iterator]() { return iter; },
+            next() {
+                const { value, done } = entries.next();
+                if (done)
+                    return { value: undefined, done: true };
+                const [name, val] = value;
+                return { value: [name, { name, value: val }], done: false };
+            },
+        };
+        return iter;
+    }
+    toString() {
+        const parts = [];
+        for (const [name, value] of this._cookies) {
+            parts.push(`${name}=${value}`);
+        }
+        return parts.join("; ");
+    }
+}
+//# sourceMappingURL=headers.js.map

package/dist/shims/headers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/shims/headers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAkBrD,QAAQ;AACR,uEAAuE;AACvE,sEAAsE;AACtE,2EAA2E;AAC3E,oCAAoC;AACpC,6EAA6E;AAC7E,yCAAyC;AACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;AAC1D,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;AACpE,MAAM,EAAE,GAAG,UAAqD,CAAC;AACjE,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,IAAI,iBAAiB,EAA0B,CAA8C,CAAC;AAE7H,MAAM,cAAc,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,KAAK;IAC5C,cAAc,EAAE,IAAI;IACpB,oBAAoB,EAAE,KAAK;IAC3B,iBAAiB,EAAE,EAAE;IACrB,qBAAqB,EAAE,IAAI;CACK,CAA2B,CAAC;AAE9D,SAAS,UAAU,CAAC,KAA6B;IAC/C,kFAAkF;IAClF,MAAM,SAAS,GAAI,IAAY,CAAC,SAAS,CAAC;IAC1C,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC;IACD,6DAA6D;IAC7D,cAAc,CAAC,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;IACrD,cAAc,CAAC,oBAAoB,GAAG,KAAK,CAAC,oBAAoB,CAAC;IACjE,cAAc,CAAC,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,CAAC;IAC3D,cAAc,CAAC,qBAAqB,GAAG,KAAK,CAAC,qBAAqB,CAAC;AACrE,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC9B,OAAO,KAAK,IAAI,cAAc,CAAC;AACjC,CAAC;AAED;;;;GAIG;AACH,qBAAqB;AAErB;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,SAAS,EAAE,CAAC,oBAAoB,GAAG,IAAI,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,oBAAoB,CAAC;IACxC,KAAK,CAAC,oBAAoB,GAAG,KAAK,CAAC;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAA0B;IAC1D,qDAAqD;IACrD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,UAAU,CAAC;YACT,cAAc,EAAE,GAAG;YACnB,oBAAoB,EAAE,KAAK;YAC3B,iBAAiB,EAAE,EAAE;YACrB,qBAAqB,EAAE,IAAI;SAC5B,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC9B,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,cAAc,GAAG,IAAI,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAmB,EACnB,EAAwB;IAExB,MAAM,KAAK,GAA2B;QACpC,cAAc,EAAE,GAAG;QACnB,oBAAoB,EAAE,KAAK;QAC3B,iBAAiB,EAAE,EAAE;QACrB,qBAAqB,EAAE,IAAI;KAC5B,CAAC;IAEF,iEAAiE;IACjE,UAAU,CAAC,KAAK,CAAC,CAAC;IAElB,yEAAyE;IACzE,uEAAuE;IACvE,cAAc,CAAC,cAAc,GAAG,GAAG,CAAC;IACpC,cAAc,CAAC,oBAAoB,GAAG,KAAK,CAAC;IAC5C,cAAc,CAAC,iBAAiB,GAAG,EAAE,CAAC;IACtC,cAAc,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAE5C,OAAO,EAAE,EAAE,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,6BAA6B,CAC3C,yBAAkC;IAElC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,cAAc;QAAE,OAAO;IAElC,MAAM,GAAG,GAAG,KAAK,CAAC,cAAc,CAAC;IACjC,MAAM,MAAM,GAAG,uBAAuB,CAAC;IAEvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,yBAAyB,EAAE,CAAC;QACrD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACpB,KAAK,MAAM,IAAI,IAAI,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,CAAC,EAAE,CAAC;gBACN,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgB;IACxD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACzD,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,OAAO;KACR,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO;IAC3B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,uEAAuE;YACrE,4EAA4E,CAC/E,CAAC;IACJ,CAAC;IACD,gBAAgB,EAAE,CAAC;IACnB,OAAO,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO;IAC3B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,uEAAuE;YACrE,mBAAmB,CACtB,CAAC;IACJ,CAAC;IACD,gBAAgB,EAAE,CAAC;IACnB,OAAO,IAAI,cAAc,CAAC,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AAC1D,CAAC;AAED,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E,4EAA4E;AAC5E,qBAAqB;AAErB;;;GAGG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,iBAAiB,CAAC;IACxC,KAAK,CAAC,iBAAiB,GAAG,EAAE,CAAC;IAC7B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sDAAsD;AACtD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAE/C,4EAA4E;AAC5E,4EAA4E;AAC5E,yCAAyC;AACzC,SAAS,cAAc;IACrB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACjD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,iDAAiD;YAC/C,sDAAsD,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,2EAA2E;AAC3E,qBAAqB;AAErB;;;GAGG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,qBAAqB,CAAC;IAC3C,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACnC,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,KAAK,CAAC,cAAc;QACpC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,MAAM;QAChE,CAAC,CAAC,KAAK,CAAC;IAEV,OAAO;QACL,SAAS;QACT,MAAM;YACJ,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;YAC9D,CAAC;YACD,KAAK,CAAC,qBAAqB;gBACzB,GAAG,iBAAiB,IAAI,MAAM,kCAAkC,CAAC;QACrE,CAAC;QACD,OAAO;YACL,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;gBACzB,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACzD,CAAC;YACD,KAAK,CAAC,qBAAqB;gBACzB,GAAG,iBAAiB,8CAA8C,CAAC;QACvE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,oBAAoB,GAAG,uEAAuE,CAAC;AAErG,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,4BAA4B,CAAC,KAAa,EAAE,aAAqB;IACxE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,kBAAkB,aAAa,WAAW,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,MAAM,cAAc;IACV,QAAQ,CAAsB;IAEtC,YAAY,OAA4B;QACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAED,GAAG,CAAC,IAAY;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACzB,CAAC;IAED,MAAM;QACJ,MAAM,MAAM,GAA2C,EAAE,CAAC;QAC1D,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;;OAGG;IACH,GAAG,CACD,aAAoM,EACpM,KAAc,EACd,OAAyJ;QAEzJ,IAAI,UAAkB,CAAC;QACvB,IAAI,WAAmB,CAAC;QACxB,IAAI,IAAoB,CAAC;QAEzB,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,UAAU,GAAG,aAAa,CAAC;YAC3B,WAAW,GAAG,KAAK,IAAI,EAAE,CAAC;YAC1B,IAAI,GAAG,OAAO,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC;YAChC,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC;YAClC,IAAI,GAAG,aAAa,CAAC;QACvB,CAAC;QAED,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAE/B,8BAA8B;QAC9B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3C,iCAAiC;QACjC,MAAM,KAAK,GAAG,CAAC,GAAG,UAAU,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACnE,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;YACf,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,4BAA4B,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACpD,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,IAAI,IAAI,EAAE,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACvE,IAAI,IAAI,EAAE,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,IAAI,EAAE,MAAM;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,IAAI,EAAE,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAE5D,SAAS,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,IAAY;QACjB,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,SAAS,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,IAAI,sBAAsB,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,CAAC,MAAM,CAAC,QAAQ,CAAC;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACxC,MAAM,IAAI,GAAgE;YACxE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC;YACpC,IAAI;gBACF,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;gBACvC,IAAI,IAAI;oBAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;gBAClD,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YAC9D,CAAC;SACF,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ;QACN,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;CACF"}

package/dist/shims/image-config.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Image remote pattern validation.
+ *
+ * Validates remote image URLs against the `images.remotePatterns` and
+ * `images.domains` config from next.config.js. This prevents SSRF and
+ * open-redirect attacks by blocking URLs that don't match any configured
+ * pattern.
+ *
+ * Pattern matching follows Next.js semantics:
+ * - `*` matches a single segment (subdomain in hostname, path segment in pathname)
+ * - `**` matches any number of segments
+ * - protocol, port, and search are matched exactly when specified
+ */
+export interface RemotePattern {
+    protocol?: string;
+    hostname: string;
+    port?: string;
+    pathname?: string;
+    search?: string;
+}
+/**
+ * Check whether a URL matches a single remote pattern.
+ * Follows the same semantics as Next.js's matchRemotePattern().
+ */
+export declare function matchRemotePattern(pattern: RemotePattern, url: URL): boolean;
+/**
+ * Check whether a URL matches any configured remote pattern or legacy domain.
+ */
+export declare function hasRemoteMatch(domains: string[], remotePatterns: RemotePattern[], url: URL): boolean;
+//# sourceMappingURL=image-config.d.ts.map

package/dist/shims/image-config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"image-config.d.ts","sourceRoot":"","sources":["../../src/shims/image-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAwCD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAkC5E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EAAE,EACjB,cAAc,EAAE,aAAa,EAAE,EAC/B,GAAG,EAAE,GAAG,GACP,OAAO,CAKT"}

package/dist/shims/image-config.js ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Image remote pattern validation.
+ *
+ * Validates remote image URLs against the `images.remotePatterns` and
+ * `images.domains` config from next.config.js. This prevents SSRF and
+ * open-redirect attacks by blocking URLs that don't match any configured
+ * pattern.
+ *
+ * Pattern matching follows Next.js semantics:
+ * - `*` matches a single segment (subdomain in hostname, path segment in pathname)
+ * - `**` matches any number of segments
+ * - protocol, port, and search are matched exactly when specified
+ */
+/**
+ * Convert a glob pattern (with `*` and `**`) to a RegExp.
+ *
+ * For hostnames, segments are separated by `.`:
+ *   - `*` matches a single segment (no dots): [^.]+
+ *   - `**` matches any number of segments: .+
+ *
+ * For pathnames, segments are separated by `/`:
+ *   - `*` matches a single segment (no slashes): [^/]+
+ *   - `**` matches any number of segments (including empty): .*
+ *
+ * Literal characters are escaped for regex safety.
+ */
+function globToRegex(pattern, separator) {
+    // Split by ** first, then handle * within each part
+    let regexStr = "^";
+    const doubleStar = separator === "." ? ".+" : ".*";
+    const singleStar = separator === "." ? "[^.]+" : "[^/]+";
+    const parts = pattern.split("**");
+    for (let i = 0; i < parts.length; i++) {
+        if (i > 0) {
+            regexStr += doubleStar;
+        }
+        // Within each part, split by * and escape the literals
+        const subParts = parts[i].split("*");
+        for (let j = 0; j < subParts.length; j++) {
+            if (j > 0) {
+                regexStr += singleStar;
+            }
+            // Escape regex special chars in the literal portion
+            regexStr += subParts[j].replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+        }
+    }
+    regexStr += "$";
+    return new RegExp(regexStr);
+}
+/**
+ * Check whether a URL matches a single remote pattern.
+ * Follows the same semantics as Next.js's matchRemotePattern().
+ */
+export function matchRemotePattern(pattern, url) {
+    // Protocol check (strip trailing colon for comparison)
+    if (pattern.protocol !== undefined) {
+        if (pattern.protocol.replace(/:$/, "") !== url.protocol.replace(/:$/, "")) {
+            return false;
+        }
+    }
+    // Port check
+    if (pattern.port !== undefined) {
+        if (pattern.port !== url.port) {
+            return false;
+        }
+    }
+    // Hostname check (required field)
+    if (!globToRegex(pattern.hostname, ".").test(url.hostname)) {
+        return false;
+    }
+    // Search/query string check
+    if (pattern.search !== undefined) {
+        if (pattern.search !== url.search) {
+            return false;
+        }
+    }
+    // Pathname check — defaults to ** (match everything) if not specified
+    const pathnamePattern = pattern.pathname ?? "**";
+    if (!globToRegex(pathnamePattern, "/").test(url.pathname)) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Check whether a URL matches any configured remote pattern or legacy domain.
+ */
+export function hasRemoteMatch(domains, remotePatterns, url) {
+    return (domains.some((domain) => url.hostname === domain) ||
+        remotePatterns.some((p) => matchRemotePattern(p, url)));
+}
+//# sourceMappingURL=image-config.js.map

package/dist/shims/image-config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"image-config.js","sourceRoot":"","sources":["../../src/shims/image-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH;;;;;;;;;;;;GAYG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,SAAoB;IACxD,oDAAoD;IACpD,IAAI,QAAQ,GAAG,GAAG,CAAC;IACnB,MAAM,UAAU,GAAG,SAAS,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,MAAM,UAAU,GAAG,SAAS,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IAEzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,QAAQ,IAAI,UAAU,CAAC;QACzB,CAAC;QACD,uDAAuD;QACvD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,QAAQ,IAAI,UAAU,CAAC;YACzB,CAAC;YACD,oDAAoD;YACpD,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IACD,QAAQ,IAAI,GAAG,CAAC;IAChB,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAsB,EAAE,GAAQ;IACjE,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,aAAa;IACb,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IACjD,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAiB,EACjB,cAA+B,EAC/B,GAAQ;IAER,OAAO,CACL,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC;QACjD,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CACvD,CAAC;AACJ,CAAC"}

package/dist/shims/image.d.ts ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * next/image shim
+ *
+ * Translates Next.js Image props to @unpic/react Image component.
+ * @unpic/react auto-detects CDN from URL and uses native transforms.
+ * For local images (relative paths), routes through `/_vinext/image`
+ * for server-side optimization (resize, format negotiation, quality).
+ *
+ * Remote images are validated against `images.remotePatterns` and
+ * `images.domains` from next.config.js. Unmatched URLs are blocked
+ * in production and warn in development, matching Next.js behavior.
+ */
+import React from "react";
+export interface StaticImageData {
+    src: string;
+    height: number;
+    width: number;
+    blurDataURL?: string;
+}
+interface ImageProps {
+    src: string | StaticImageData;
+    alt: string;
+    width?: number;
+    height?: number;
+    fill?: boolean;
+    priority?: boolean;
+    quality?: number;
+    placeholder?: "blur" | "empty";
+    blurDataURL?: string;
+    loader?: (params: {
+        src: string;
+        width: number;
+        quality?: number;
+    }) => string;
+    sizes?: string;
+    className?: string;
+    style?: React.CSSProperties;
+    onLoad?: React.ReactEventHandler<HTMLImageElement>;
+    onError?: React.ReactEventHandler<HTMLImageElement>;
+    onClick?: React.MouseEventHandler<HTMLImageElement>;
+    id?: string;
+    unoptimized?: boolean;
+    overrideSrc?: string;
+    loading?: "lazy" | "eager";
+}
+/**
+ * Build a `/_vinext/image` optimization URL.
+ *
+ * In production (Cloudflare Workers), the worker intercepts this path and uses
+ * the Images binding to resize/transcode on the fly. In dev, the Vite dev
+ * server handles it as a passthrough (serves the original file).
+ */
+export declare function imageOptimizationUrl(src: string, width: number, quality?: number): string;
+declare const Image: React.ForwardRefExoticComponent<ImageProps & React.RefAttributes<HTMLImageElement>>;
+/**
+ * getImageProps — for advanced use cases (picture elements, background images).
+ * Returns the props that would be passed to the underlying <img> element.
+ */
+export declare function getImageProps(props: ImageProps): {
+    props: React.ImgHTMLAttributes<HTMLImageElement>;
+};
+export default Image;
+//# sourceMappingURL=image.d.ts.map

package/dist/shims/image.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../../src/shims/image.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,KAAqB,MAAM,OAAO,CAAC;AAI1C,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAyDD,UAAU,UAAU;IAClB,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,MAAM,CAAC;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;IAC5B,MAAM,CAAC,EAAE,KAAK,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IACnD,OAAO,CAAC,EAAE,KAAK,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IACpD,OAAO,CAAC,EAAE,KAAK,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IACpD,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CAC5B;AA0CD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,MAAW,GAAG,MAAM,CAE7F;AAeD,QAAA,MAAM,KAAK,qFAoKT,CAAC;AAEH;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG;IAChD,KAAK,EAAE,KAAK,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;CAClD,CA4FA;AAED,eAAe,KAAK,CAAC"}