@vercel/build-utils - npm Package Compare versions

Comparing version 13.24.0 to 13.25.0

CHANGELOG.md

 # @vercel/build-utils
 
+## 13.25.0
+
+### Minor Changes
+
+- fb0cb8d: Add normalized entrypoint detector for runtime builders.
+- 4fc110b: [services] add preDeployCommand for experimentalServices
+
 ## 13.24.0
@@ -4,0 +11,0 @@

dist/trace/constants.d.ts

 export declare const BUILDER_INSTALLER_STEP = "vc.builder.install";
 export declare const BUILDER_COMPILE_STEP = "vc.builder.build";
+export declare const BUILDER_PRE_DEPLOY_STEP = "vc.builder.preDeploy";

dist/trace/constants.js

@@ -22,3 +22,4 @@ "use strict";
   BUILDER_COMPILE_STEP: () => BUILDER_COMPILE_STEP,
-  BUILDER_INSTALLER_STEP: () => BUILDER_INSTALLER_STEP
+  BUILDER_INSTALLER_STEP: () => BUILDER_INSTALLER_STEP,
+  BUILDER_PRE_DEPLOY_STEP: () => BUILDER_PRE_DEPLOY_STEP
 });
@@ -28,6 +29,8 @@ module.exports = __toCommonJS(constants_exports);
 const BUILDER_COMPILE_STEP = "vc.builder.build";
+const BUILDER_PRE_DEPLOY_STEP = "vc.builder.preDeploy";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BUILDER_COMPILE_STEP,
-  BUILDER_INSTALLER_STEP
+  BUILDER_INSTALLER_STEP,
+  BUILDER_PRE_DEPLOY_STEP
 });

dist/trace/index.d.ts

 export { Span } from './trace';
-export { BUILDER_COMPILE_STEP, BUILDER_INSTALLER_STEP } from './constants';
+export { BUILDER_COMPILE_STEP, BUILDER_INSTALLER_STEP, BUILDER_PRE_DEPLOY_STEP, } from './constants';
 export type { SpanId, TraceEvent, Reporter } from './trace';

dist/trace/index.js

@@ -23,2 +23,3 @@ "use strict";
   BUILDER_INSTALLER_STEP: () => import_constants.BUILDER_INSTALLER_STEP,
+  BUILDER_PRE_DEPLOY_STEP: () => import_constants.BUILDER_PRE_DEPLOY_STEP,
   Span: () => import_trace.Span
@@ -33,3 +34,4 @@ });
   BUILDER_INSTALLER_STEP,
+  BUILDER_PRE_DEPLOY_STEP,
   Span
 });

dist/types.d.ts

@@ -101,2 +101,8 @@ import type FileRef from './file-ref';
     /**
+     * Called by the builder to register a callback that will execute the
+     * service's pre-deploy command. The CLI collects these and invokes
+     * them only after every builder has succeeded.
+     */
+    registerPreDeploy?: (callback: () => Promise<void>) => void;
+    /**
      * The current trace state from the internal vc tracing
@@ -522,2 +528,3 @@ */
     installCommand?: string;
+    preDeployCommand?: string;
     routePrefix?: string;
@@ -810,1 +817,35 @@ routePrefixSource?: 'configured' | 'generated';
 export type ExperimentalServiceGroups = Record<string, string[]>;
+/**
+ * Result of a runtime builder's normalized entrypoint detection.
+ *
+ * - `kind: 'file'` — `entrypoint` is a path relative to the scanned `workPath`
+ *   (e.g. `"src/index.ts"`, `"main.go"`, `"main.py"`).
+ * - `kind: 'py-module:attr'` — `entrypoint` is a Python `module:attr` reference
+ *   where the module is dot-separated and resolved relative to the scanned
+ *   `workPath` (e.g. `"main:app"`, `"src.main:app"`).
+ *
+ * @experimental This feature is experimental and may change.
+ */
+export type DetectedEntrypoint = {
+    kind: 'file';
+    entrypoint: string;
+} | {
+    kind: 'py-module:attr';
+    entrypoint: string;
+} | null;
+/**
+ * Input to a runtime builder's normalized entrypoint detector.
+ * @experimental This feature is experimental and may change.
+ */
+export interface DetectEntrypointOptions {
+    /** Path to the candidate service directory relative to project root. */
+    workPath: string;
+    /** Framework slug detected for this directory, if any. */
+    framework?: string;
+}
+/**
+ * Normalized entrypoint detector signature, implemented by each runtime builder
+ * and consumed by services auto-detection to populate suggested service configs.
+ * @experimental This feature is experimental and may change.
+ */
+export type DetectEntrypointFn = (opts: DetectEntrypointOptions) => Promise<DetectedEntrypoint>;

package.json

 {
   "name": "@vercel/build-utils",
-  "version": "13.24.0",
+  "version": "13.25.0",
   "license": "Apache-2.0",
@@ -5,0 +5,0 @@ "main": "./dist/index.js",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 11 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 11 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1999511

0.11%

Lines of code

51306

0.1%

Number of low supply chain risk alerts

51

-5.56%

No dependency changes