npm - vite - Versions diffs - 6.2.6 → 6.2.7 - Mend

vite 6.2.6 → 6.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/node/chunks/{dep-CEj2138F.js → dep-CtglLrfJ.js} +1 -1
package/dist/node/chunks/{dep-BXMtZB7a.js → dep-Cyy1mE-y.js} +1 -1
package/dist/node/chunks/{dep-Bid9ssRr.js → dep-DbCvTk3B.js} +80 -32
package/dist/node/cli.js +5 -5
package/dist/node/index.d.ts +1 -3
package/dist/node/index.js +2 -2
package/package.json +1 -1

package/dist/node/chunks/{dep-CEj2138F.js → dep-CtglLrfJ.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { Q as commonjsGlobal, P as getDefaultExportFromCjs } from './dep-Bid9ssRr.js';
+import { Q as commonjsGlobal, P as getDefaultExportFromCjs } from './dep-DbCvTk3B.js';
 import require$$0$2 from 'fs';
 import require$$0 from 'postcss';
 import require$$0$1 from 'path';

package/dist/node/chunks/{dep-BXMtZB7a.js → dep-Cyy1mE-y.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { P as getDefaultExportFromCjs } from './dep-Bid9ssRr.js';
+import { P as getDefaultExportFromCjs } from './dep-DbCvTk3B.js';
 import require$$0 from 'path';
 import { l as lib } from './dep-3RmXg9uo.js';

package/dist/node/chunks/{dep-Bid9ssRr.js → dep-DbCvTk3B.js} RENAMED Viewed

@@ -40977,8 +40977,11 @@ function sirv (dir, opts={}) {
 }
 const knownJavascriptExtensionRE = /\.(?:[tj]sx?|[cm][tj]s)$/;
+const ERR_DENIED_FILE = "ERR_DENIED_FILE";
 const sirvOptions = ({
-  getHeaders
+  config,
+  getHeaders,
+  disableFsServeCheck
 }) => {
   return {
     dev: true,
@@ -40994,6 +40997,19 @@ const sirvOptions = ({
           res.setHeader(name, headers[name]);
         }
       }
+    },
+    shouldServe: disableFsServeCheck ? void 0 : (filePath) => {
+      const servingAccessResult = checkLoadingAccess(config, filePath);
+      if (servingAccessResult === "denied") {
+        const error = new Error("denied access");
+        error.code = ERR_DENIED_FILE;
+        error.path = filePath;
+        throw error;
+      }
+      if (servingAccessResult === "fallback") {
+        return false;
+      }
+      return true;
     }
   };
 };
@@ -41002,7 +41018,9 @@ function servePublicMiddleware(server, publicFiles) {
   const serve = sirv(
     dir,
     sirvOptions({
-      getHeaders: () => server.config.server.headers
+      config: server.config,
+      getHeaders: () => server.config.server.headers,
+      disableFsServeCheck: true
     })
   );
   const toFilePath = (url) => {
@@ -41028,6 +41046,7 @@ function serveStaticMiddleware(server) {
   const serve = sirv(
     dir,
     sirvOptions({
+      config: server.config,
       getHeaders: () => server.config.server.headers
     })
   );
@@ -41058,38 +41077,46 @@ function serveStaticMiddleware(server) {
     if (resolvedPathname.endsWith("/") && fileUrl[fileUrl.length - 1] !== "/") {
       fileUrl = withTrailingSlash(fileUrl);
     }
-    if (!ensureServingAccess(fileUrl, server, res, next)) {
-      return;
-    }
     if (redirectedPathname) {
       url.pathname = encodeURI(redirectedPathname);
       req.url = url.href.slice(url.origin.length);
     }
-    serve(req, res, next);
+    try {
+      serve(req, res, next);
+    } catch (e) {
+      if (e && "code" in e && e.code === ERR_DENIED_FILE) {
+        respondWithAccessDenied(e.path, server, res);
+        return;
+      }
+      throw e;
+    }
   };
 }
 function serveRawFsMiddleware(server) {
   const serveFromRoot = sirv(
     "/",
-    sirvOptions({ getHeaders: () => server.config.server.headers })
+    sirvOptions({
+      config: server.config,
+      getHeaders: () => server.config.server.headers
+    })
   );
   return function viteServeRawFsMiddleware(req, res, next) {
     if (req.url.startsWith(FS_PREFIX)) {
       const url = new URL(req.url, "http://example.com");
       const pathname = decodeURI(url.pathname);
-      if (!ensureServingAccess(
-        slash$1(path$d.resolve(fsPathFromId(pathname))),
-        server,
-        res,
-        next
-      )) {
-        return;
-      }
       let newPathname = pathname.slice(FS_PREFIX.length);
       if (isWindows$3) newPathname = newPathname.replace(/^[A-Z]:/i, "");
       url.pathname = encodeURI(newPathname);
       req.url = url.href.slice(url.origin.length);
-      serveFromRoot(req, res, next);
+      try {
+        serveFromRoot(req, res, next);
+      } catch (e) {
+        if (e && "code" in e && e.code === ERR_DENIED_FILE) {
+          respondWithAccessDenied(e.path, server, res);
+          return;
+        }
+        throw e;
+      }
     } else {
       next();
     }
@@ -41113,25 +41140,35 @@ function isFileLoadingAllowed(config, filePath) {
   if (fs.allow.some((uri) => isUriInFilePath(uri, filePath))) return true;
   return false;
 }
-function ensureServingAccess(url, server, res, next) {
+function checkLoadingAccess(config, path2) {
+  if (isFileLoadingAllowed(config, slash$1(path2))) {
+    return "allowed";
+  }
+  if (isFileReadable(path2)) {
+    return "denied";
+  }
+  return "fallback";
+}
+function checkServingAccess(url, server) {
   if (isFileServingAllowed(url, server)) {
-    return true;
+    return "allowed";
   }
   if (isFileReadable(cleanUrl(url))) {
-    const urlMessage = `The request url "${url}" is outside of Vite serving allow list.`;
-    const hintMessage = `
+    return "denied";
+  }
+  return "fallback";
+}
+function respondWithAccessDenied(url, server, res) {
+  const urlMessage = `The request url "${url}" is outside of Vite serving allow list.`;
+  const hintMessage = `
 ${server.config.server.fs.allow.map((i) => `- ${i}`).join("\n")}
 Refer to docs https://vite.dev/config/server-options.html#server-fs-allow for configurations and more details.`;
-    server.config.logger.error(urlMessage);
-    server.config.logger.warnOnce(hintMessage + "\n");
-    res.statusCode = 403;
-    res.write(renderRestrictedErrorHTML(urlMessage + "\n" + hintMessage));
-    res.end();
-  } else {
-    next();
-  }
-  return false;
+  server.config.logger.error(urlMessage);
+  server.config.logger.warnOnce(hintMessage + "\n");
+  res.statusCode = 403;
+  res.write(renderRestrictedErrorHTML(urlMessage + "\n" + hintMessage));
+  res.end();
 }
 function renderRestrictedErrorHTML(msg) {
   const html = String.raw;
@@ -42691,7 +42728,18 @@ const rawRE = /[?&]raw\b/;
 const inlineRE$2 = /[?&]inline\b/;
 const svgRE = /\.svg\b/;
 function deniedServingAccessForTransform(url, server, res, next) {
-  return (rawRE.test(url) || urlRE.test(url) || inlineRE$2.test(url) || svgRE.test(url)) && !ensureServingAccess(url, server, res, next);
+  if (rawRE.test(url) || urlRE.test(url) || inlineRE$2.test(url) || svgRE.test(url)) {
+    const servingAccessResult = checkServingAccess(url, server);
+    if (servingAccessResult === "denied") {
+      respondWithAccessDenied(url, server, res);
+      return true;
+    }
+    if (servingAccessResult === "fallback") {
+      next();
+      return true;
+    }
+  }
+  return false;
 }
 function cachedTransformMiddleware(server) {
   return function viteCachedTransformMiddleware(req, res, next) {
@@ -49273,8 +49321,8 @@ function createCachedImport(imp) {
     return cached;
   };
 }
-const importPostcssImport = createCachedImport(() => import('./dep-BXMtZB7a.js').then(function (n) { return n.i; }));
-const importPostcssModules = createCachedImport(() => import('./dep-CEj2138F.js').then(function (n) { return n.i; }));
+const importPostcssImport = createCachedImport(() => import('./dep-Cyy1mE-y.js').then(function (n) { return n.i; }));
+const importPostcssModules = createCachedImport(() => import('./dep-CtglLrfJ.js').then(function (n) { return n.i; }));
 const importPostcss = createCachedImport(() => import('postcss'));
 const preprocessorWorkerControllerCache = /* @__PURE__ */ new WeakMap();
 let alwaysFakeWorkerWorkerControllerCache;

package/dist/node/cli.js CHANGED Viewed

@@ -2,7 +2,7 @@ import path from 'node:path';
 import fs__default from 'node:fs';
 import { performance } from 'node:perf_hooks';
 import { EventEmitter } from 'events';
-import { O as colors, I as createLogger, r as resolveConfig } from './chunks/dep-Bid9ssRr.js';
+import { O as colors, I as createLogger, r as resolveConfig } from './chunks/dep-DbCvTk3B.js';
 import { VERSION } from './constants.js';
 import 'node:fs/promises';
 import 'node:url';
@@ -745,7 +745,7 @@ cli.command("[root]", "start dev server").alias("serve").alias("dev").option("--
   `[boolean] force the optimizer to ignore the cache and re-bundle`
 ).action(async (root, options) => {
   filterDuplicateOptions(options);
-  const { createServer } = await import('./chunks/dep-Bid9ssRr.js').then(function (n) { return n.S; });
+  const { createServer } = await import('./chunks/dep-DbCvTk3B.js').then(function (n) { return n.S; });
   try {
     const server = await createServer({
       root,
@@ -840,7 +840,7 @@ cli.command("build [root]", "build for production").option("--target <target>",
 ).option("-w, --watch", `[boolean] rebuilds when modules have changed on disk`).option("--app", `[boolean] same as \`builder: {}\``).action(
   async (root, options) => {
     filterDuplicateOptions(options);
-    const { createBuilder } = await import('./chunks/dep-Bid9ssRr.js').then(function (n) { return n.T; });
+    const { createBuilder } = await import('./chunks/dep-DbCvTk3B.js').then(function (n) { return n.T; });
     const buildOptions = cleanGlobalCLIOptions(
       cleanBuilderCLIOptions(options)
     );
@@ -879,7 +879,7 @@ cli.command(
 ).action(
   async (root, options) => {
     filterDuplicateOptions(options);
-    const { optimizeDeps } = await import('./chunks/dep-Bid9ssRr.js').then(function (n) { return n.R; });
+    const { optimizeDeps } = await import('./chunks/dep-DbCvTk3B.js').then(function (n) { return n.R; });
     try {
       const config = await resolveConfig(
         {
@@ -906,7 +906,7 @@ ${e.stack}`),
 cli.command("preview [root]", "locally preview production build").option("--host [host]", `[string] specify hostname`, { type: [convertHost] }).option("--port <port>", `[number] specify port`).option("--strictPort", `[boolean] exit if specified port is already in use`).option("--open [path]", `[boolean | string] open browser on startup`).option("--outDir <dir>", `[string] output directory (default: dist)`).action(
   async (root, options) => {
     filterDuplicateOptions(options);
-    const { preview } = await import('./chunks/dep-Bid9ssRr.js').then(function (n) { return n.U; });
+    const { preview } = await import('./chunks/dep-DbCvTk3B.js').then(function (n) { return n.U; });
     try {
       const server = await preview({
         root,

package/dist/node/index.d.ts CHANGED Viewed

@@ -4167,11 +4167,9 @@ declare function searchForWorkspaceRoot(current: string, root?: string): string;
 /**
  * Check if the url is allowed to be served, via the `server.fs` config.
+ * @deprecated Use the `isFileLoadingAllowed` function instead.
  */
 declare function isFileServingAllowed(config: ResolvedConfig, url: string): boolean;
-/**
- * @deprecated Use the `isFileServingAllowed(config, url)` signature instead.
- */
 declare function isFileServingAllowed(url: string, server: ViteDevServer): boolean;
 declare function isFileLoadingAllowed(config: ResolvedConfig, filePath: string): boolean;

package/dist/node/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 export { parseAst, parseAstAsync } from 'rollup/parseAst';
-import { a as arraify, i as isInNodeModules } from './chunks/dep-Bid9ssRr.js';
-export { B as BuildEnvironment, D as DevEnvironment, f as build, m as buildErrorMessage, g as createBuilder, F as createFilter, h as createIdResolver, I as createLogger, n as createRunnableDevEnvironment, c as createServer, y as createServerHotChannel, w as createServerModuleRunner, x as createServerModuleRunnerTransport, d as defineConfig, v as fetchModule, j as formatPostcssSourceMap, L as isFileLoadingAllowed, K as isFileServingAllowed, q as isRunnableDevEnvironment, l as loadConfigFromFile, M as loadEnv, E as mergeAlias, C as mergeConfig, z as moduleRunnerTransform, A as normalizePath, o as optimizeDeps, p as perEnvironmentPlugin, b as perEnvironmentState, k as preprocessCSS, e as preview, r as resolveConfig, N as resolveEnvPrefix, G as rollupVersion, u as runnerImport, J as searchForWorkspaceRoot, H as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-Bid9ssRr.js';
+import { a as arraify, i as isInNodeModules } from './chunks/dep-DbCvTk3B.js';
+export { B as BuildEnvironment, D as DevEnvironment, f as build, m as buildErrorMessage, g as createBuilder, F as createFilter, h as createIdResolver, I as createLogger, n as createRunnableDevEnvironment, c as createServer, y as createServerHotChannel, w as createServerModuleRunner, x as createServerModuleRunnerTransport, d as defineConfig, v as fetchModule, j as formatPostcssSourceMap, L as isFileLoadingAllowed, K as isFileServingAllowed, q as isRunnableDevEnvironment, l as loadConfigFromFile, M as loadEnv, E as mergeAlias, C as mergeConfig, z as moduleRunnerTransform, A as normalizePath, o as optimizeDeps, p as perEnvironmentPlugin, b as perEnvironmentState, k as preprocessCSS, e as preview, r as resolveConfig, N as resolveEnvPrefix, G as rollupVersion, u as runnerImport, J as searchForWorkspaceRoot, H as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-DbCvTk3B.js';
 export { defaultAllowedOrigins, DEFAULT_CLIENT_CONDITIONS as defaultClientConditions, DEFAULT_CLIENT_MAIN_FIELDS as defaultClientMainFields, DEFAULT_SERVER_CONDITIONS as defaultServerConditions, DEFAULT_SERVER_MAIN_FIELDS as defaultServerMainFields, VERSION as version } from './constants.js';
 export { version as esbuildVersion } from 'esbuild';
 import 'node:fs';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vite",
-  "version": "6.2.6",
+  "version": "6.2.7",
   "type": "module",
   "license": "MIT",
   "author": "Evan You",