Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
next-sanity
Advanced tools
The all-in-one Sanity toolkit for production-grade content-editable Next.js applications.
Features:
Quicklinks: Sanity docs | Next.js docs | Clean starter template | Fully-featured starter template
Instantly create a new free Sanity project – or link to an existing one – from the command line and connect it to your Next.js application by the following terminal command in your Next.js project folder:
npx sanity@latest init
If you do not yet have a Sanity account you will be prompted to create one. This command will create basic utilities required to query content from Sanity. And optionally embed Sanity Studio - a configurable content management system - at a route in your Next.js application. See the Embedded Sanity Studio section.
If you do not yet have a Next.js application, you can create one with the following command:
npx create-next-app@latest
This README assumes you have chosen all of the default options, but should be fairly similar for most bootstrapped Next.js projects.
next-sanity
Inside your Next.js application, run the following command in the package manager of your choice to install the next-sanity toolkit:
npm install next-sanity @sanity/image-url
yarn add next-sanity @sanity/image-url
pnpm install next-sanity @sanity/image-url
bun install next-sanity @sanity/image-url
This also installs @sanity/image-url
for On-Demand Image Transformations to render images from Sanity's CDN.
When using npm
newer than v7
, or pnpm
newer than v8
, you should end up with needed dependencies like sanity
and styled-components
when you installed next-sanity
. In yarn
v1
you can use install-peerdeps
:
npx install-peerdeps --yarn next-sanity
The npx sanity@latest init
command offers to write some configuration files for your Next.js application. Most importantly is one that writes your chosen Sanity project ID and dataset name to your local environment variables. Note that unlike access tokens, the project ID and dataset name are not considered sensitive information.
Create this file at the root of your Next.js application if it does not already exist.
# .env.local
NEXT_PUBLIC_SANITY_PROJECT_ID=<your-project-id>
NEXT_PUBLIC_SANITY_DATASET=<your-dataset-name>
Create a file to access and export these values
// ./src/sanity/env.ts
export const dataset = process.env.NEXT_PUBLIC_SANITY_DATASET!
export const projectId = process.env.NEXT_PUBLIC_SANITY_PROJECT_ID!
// Values you may additionally want to configure globally
export const apiVersion = process.env.NEXT_PUBLIC_SANITY_API_VERSION || '2024-07-11'
Remember to add these environment variables to your hosting provider's environment as well.
next-sanity
exports the defineQuery
function which will give you syntax highlighting in VS Code with the Sanity extension installed. It’s also used for GROQ query result type generation with Sanity TypeGen.
// ./src/sanity/lib/queries.ts
import {defineQuery} from 'next-sanity'
export const POSTS_QUERY = defineQuery(`*[_type == "post" && defined(slug.current)][0...12]{
_id, title, slug
}`)
export const POST_QUERY = defineQuery(`*[_type == "post" && slug.current == $slug][0]{
title, body, mainImage
}`)
You can use Sanity TypeGen to generate TypeScript types for your schema types and GROQ query results in your Next.js application. It should be readily available if you have used sanity init
and chosen the embedded Studio.
[!TIP] Sanity TypeGen will create Types for queries that are assigned to a variable and use the
groq
template literal ordefineQuery
function.
If your Sanity Studio schema types are in a different project or repository, you can configure Sanity TypeGen to write types to your Next.js project.
Create a sanity-typegen.json
file at the root of your project to configure Sanity TypeGen:
// sanity-typegen.json
{
"path": "./src/**/*.{ts,tsx,js,jsx}",
"schema": "./src/sanity/extract.json",
"generates": "./src/sanity/types.ts"
}
Note: This configuration is strongly opinionated that the generated Types and the schema extraction are both within the /src/sanity
directory, not the root which is the default. This configuration is complimented by setting the path of the schema extraction in the updated package.json scripts below.
Run the following command in your terminal to extract your Sanity Studio schema to a JSON file
# Run this each time your schema types change
npx sanity@latest schema extract
Run the following command in your terminal to generate TypeScript types for both your Sanity Studio schema and GROQ queries
# Run this each time your schema types or GROQ queries change
npx sanity@latest typegen generate
Update your Next.js project's package.json
to perform both of these commands by running npm run typegen
"scripts": {
"predev": "npm run typegen",
"dev": "next",
"prebuild": "npm run typegen",
"build": "next build",
"start": "next start",
"lint": "next lint",
"typegen": "sanity schema extract --path=src/sanity/extract.json && sanity typegen generate"
},
Sanity TypeGen creates TypeScript types for the results of your GROQ queries, which can be used as generics like this:
import {client} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
import {POSTS_QUERYResult} from '@/sanity/types'
const posts = await client.fetch<POSTS_QUERYResult>(POSTS_QUERY)
// ^? const post: POST_QUERYResult
However, it is much simpler to use automatic type inference. So long as your GROQ queries are wrapped in defineQuery
, the results should be inferred automatically:
import {client} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
const posts = await client.fetch(POSTS_QUERY)
// ^? const post: POST_QUERYResult
Sanity content is typically queried with GROQ queries from a configured Sanity Client. Sanity also supports GraphQL.
To interact with Sanity content in a Next.js application, we recommend creating a client.ts
file:
// ./src/sanity/lib/client.ts
import {createClient} from 'next-sanity'
import {apiVersion, dataset, projectId} from '../env'
export const client = createClient({
projectId,
dataset,
apiVersion, // https://www.sanity.io/docs/api-versioning
useCdn: true, // Set to false if statically generating pages, using ISR or tag-based revalidation
})
To fetch data in a React Server Component using the App Router you can await results from the Sanity Client inside a server component:
// ./src/app/page.tsx
import {client} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
export default async function PostIndex() {
const posts = await client.fetch(POSTS_QUERY)
return (
<ul>
{posts.map((post) => (
<li key={post._id}>
<a href={`/posts/${post?.slug.current}`}>{post?.title}</a>
</li>
))}
</ul>
)
}
If you're using the Pages Router you can await results from Sanity Client inside a getStaticProps
function:
// ./src/pages/index.tsx
import {client} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
export async function getStaticProps() {
const posts = await client.fetch(POSTS_QUERY)
return {posts}
}
export default async function PostIndex({posts}) {
return (
<ul>
{posts.map((post) => (
<li key={post._id}>
<a href={`/posts/${post?.slug.current}`}>{post?.title}</a>
</li>
))}
</ul>
)
}
useCdn
be true
or false
?You might notice that you have to set the useCdn
to true
or false
in the client configuration. Sanity offers caching on a CDN for queries. Since Next.js has its own caching, using the Sanity CDN might not be necessary, but there are some exceptions.
In general, set useCdn
to true
when:
useEffect
hook or in response to a user interaction where the client.fetch
call is made in the browser.Set useCdn
to false
when:
getStaticProps
or getStaticPaths
.stale-while-revalidate
caching is in place that keeps API requests on a consistent low, even if traffic to Next.js spikes.apiVersion
work?Sanity uses date-based API versioning. You can configure the date in a YYYY-MM-DD
format, and it will automatically fall back on the latest API version of that time. Then, if a breaking change is introduced later, it won't break your application and give you time to test before upgrading.
This toolkit includes the @sanity/client
which fully supports Next.js fetch
based features for caching and revalidation. This ensures great performance while preventing stale content in a way that's native to Next.js.
[!NOTE] Some hosts (like Vercel) will keep the content cache in a dedicated data layer and not part of the static app bundle, which means re-deploying the app will not purge the cache. We recommend reading up on caching behavior in the Next.js docs.
sanityFetch()
helper functionIt can be beneficial to set revalidation defaults for all queries. In all of the following examples, a sanityFetch()
helper function is used for this purpose.
While this function is written to accept both Next.js caching options revalidate
and tags
, your application should only rely on one. For this reason, if tags
are supplied, the revalidate
setting will be set to false
(cache indefinitely) and you will need to bust the cache for these pages using revalidateTag()
.
In short:
revalidate
is good enough for most applications.
revalidatePath()
.tags
will give you more fine-grained control for complex applications.
revalidateTag()
.// ./src/sanity/lib/client.ts
import {createClient, type QueryParams} from 'next-sanity'
import {apiVersion, dataset, projectId} from '../env'
export const client = createClient({
projectId,
dataset,
apiVersion, // https://www.sanity.io/docs/api-versioning
useCdn: true, // Set to false if statically generating pages, using ISR or tag-based revalidation
})
export async function sanityFetch<const QueryString extends string>({
query,
params = {},
revalidate = 60, // default revalidation time in seconds
tags = [],
}: {
query: QueryString
params?: QueryParams
revalidate?: number | false
tags?: string[]
}) {
return client.fetch(query, params, {
next: {
revalidate: tags.length ? false : revalidate, // for simple, time-based revalidation
tags, // for tag-based revalidation
},
})
}
Be aware that you can get errors if you use cache
and revalidate
configurations for Next.js together. See the Next.js documentation on revalidation.
Time-based revalidation is often good enough for the majority of applications.
Increase the revalidate
setting for longer-lived and less frequently modified content.
// ./src/app/pages/index.tsx
import {sanityFetch} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
export default async function PostIndex() {
const posts = await sanityFetch({
query: POSTS_QUERY,
revalidate: 3600, // update cache at most once every hour
})
return (
<ul>
{posts.map((post) => (
<li key={post._id}>
<a href={`/posts/${post?.slug.current}`}>{post?.title}</a>
</li>
))}
</ul>
)
}
For on-demand revalidation of individual pages, Next.js has a revalidatePath()
function. You can create an API route in your Next.js application to execute it, and a GROQ-powered webhook in your Sanity Project to instantly request it when content is created, updated or deleted.
Create a new environment variable SANITY_REVALIDATE_SECRET
with a random string that is shared between your Sanity project and your Next.js application. This is considered sensitive and should not be committed to your repository.
# .env.local
SANITY_REVALIDATE_SECRET=<some-random-string>
Create a new API route in your Next.js application
The code example below uses the built-in parseBody
function to validate that the request comes from your Sanity project (using a shared secret and looking at the request headers). Then it looks at the document type information in the webhook payload and matches that against the revalidation tags in your application
// ./src/app/api/revalidate-path/route.ts
import {revalidatePath} from 'next/cache'
import {type NextRequest, NextResponse} from 'next/server'
import {parseBody} from 'next-sanity/webhook'
type WebhookPayload = {path?: string}
export async function POST(req: NextRequest) {
try {
if (!process.env.SANITY_REVALIDATE_SECRET) {
return new Response('Missing environment variable SANITY_REVALIDATE_SECRET', {status: 500})
}
const {isValidSignature, body} = await parseBody<WebhookPayload>(
req,
process.env.SANITY_REVALIDATE_SECRET,
)
if (!isValidSignature) {
const message = 'Invalid signature'
return new Response(JSON.stringify({message, isValidSignature, body}), {status: 401})
} else if (!body?.path) {
const message = 'Bad Request'
return new Response(JSON.stringify({message, body}), {status: 400})
}
revalidatePath(body.path)
const message = `Updated route: ${body.path}`
return NextResponse.json({body, message})
} catch (err) {
console.error(err)
return new Response(err.message, {status: 500})
}
}
Create a new GROQ-powered webhook in your Sanity project.
You can copy this template to quickly add the webhook to your Sanity project.
The Projection uses GROQ's select()
function to dynamically create paths for nested routes like /posts/[slug]
, you can extend this example your routes and other document types.
{
"path": select(
_type == "post" => "/posts/" + slug.current,
"/" + slug.current
)
}
[!TIP] If you wish to revalidate all routes on demand, create an API route that calls
revalidatePath('/', 'layout')
Tag-based revalidation is preferable for instances where many pages are affected by a single document being created, updated or deleted.
For on-demand revalidation of many pages, Next.js has a revalidateTag()
function. You can create an API route in your Next.js application to execute it, and a GROQ-powered webhook in your Sanity Project to instantly request it when content is created, updated or deleted.
// ./src/app/pages/index.tsx
import {sanityFetch} from '@/sanity/lib/client'
import {POSTS_QUERY} from '@/sanity/lib/queries'
export default async function PostIndex() {
const posts = await sanityFetch({
query: POSTS_QUERY,
tags: ['post', 'author'], // revalidate all pages with the tags 'post' and 'author'
})
return (
<ul>
{posts.map((post) => (
<li key={post._id}>
<a href={`/posts/${post?.slug.current}`}>{post?.title}</a>
</li>
))}
</ul>
)
}
Create a new environment variable SANITY_REVALIDATE_SECRET
with a random string that is shared between your Sanity project and your Next.js application. This is considered sensitive and should not be committed to your repository.
# .env.local
SANITY_REVALIDATE_SECRET=<some-random-string>
Create a new API route in your Next.js application
The code example below uses the built-in parseBody
function to validate that the request comes from your Sanity project (using a shared secret and looking at the request headers). Then it looks at the document type information in the webhook payload and matches that against the revalidation tags in your application
// ./src/app/api/revalidate-tag/route.ts
import {revalidateTag} from 'next/cache'
import {type NextRequest, NextResponse} from 'next/server'
import {parseBody} from 'next-sanity/webhook'
type WebhookPayload = {
_type: string
}
export async function POST(req: NextRequest) {
try {
if (!process.env.SANITY_REVALIDATE_SECRET) {
return new Response('Missing environment variable SANITY_REVALIDATE_SECRET', {status: 500})
}
const {isValidSignature, body} = await parseBody<WebhookPayload>(
req,
process.env.SANITY_REVALIDATE_SECRET,
)
if (!isValidSignature) {
const message = 'Invalid signature'
return new Response(JSON.stringify({message, isValidSignature, body}), {status: 401})
} else if (!body?._type) {
const message = 'Bad Request'
return new Response(JSON.stringify({message, body}), {status: 400})
}
// If the `_type` is `post`, then all `client.fetch` calls with
// `{next: {tags: ['post']}}` will be revalidated
revalidateTag(body._type)
return NextResponse.json({body})
} catch (err) {
console.error(err)
return new Response(err.message, {status: 500})
}
}
Create a new GROQ-powered webhook in your Sanity project.
You can copy this template to quickly add the webhook to your Sanity project.
To aid in debugging and understanding what's in the cache, revalidated, skipped, and more, add the following to your Next.js configuration file:
// ./next.config.js
module.exports = {
logging: {
fetches: {
fullUrl: true,
},
},
}
Check out the Personal website template to see a feature-complete example of how revalidateTag
is used together with Visual Editing.
Interactive live previews of draft content are the best way for authors to find and edit content with the least amount of effort and the most confidence to press publish.
[!TIP] Visual Editing is available on all Sanity plans and can be enabled on all hosting environments.
[!NOTE] Vercel "Content Link" adds an "edit" button to the Vercel toolbar on preview builds and is available on Vercel Pro and Enterprise plans.
An end-to-end tutorial of how to configure Sanity and Next.js for Visual Editing using the same patterns demonstrated in this README is available on the Sanity Exchange.
The Live Content API can be used to receive real time updates in your application when viewing both draft content in contexts like Presentation tool, and published content in your user-facing production application.
[!NOTE] The Live Content API is currently considered experimental and may change in the future.
defineLive
Use defineLive
to enable automatic revalidation and refreshing of your fetched content.
// src/sanity/lib/live.ts
import {createClient, defineLive} from 'next-sanity'
const client = createClient({
projectId: process.env.NEXT_PUBLIC_SANITY_PROJECT_ID,
dataset: process.env.NEXT_PUBLIC_SANITY_DATASET,
useCdn: true,
apiVersion: 'vX', // Target the experimental API version
stega: {studioUrl: '/studio'},
})
const token = process.env.SANITY_API_READ_TOKEN
if (!token) {
throw new Error('Missing SANITY_API_READ_TOKEN')
}
export const {sanityFetch, SanityLive} = defineLive({
client,
serverToken: token,
browserToken: token,
})
The token
passed to defineLive
needs Viewer rights in order to fetch draft content.
The same token can be used as both browserToken
and serverToken
, as the browserToken
is only shared with the browser when Draft Mode is enabled. Draft Mode can only be initiated by either Sanity's Presentation Tool or the Vercel Toolbar.
Good to know: Enterprise plans allow the creation of custom roles with more resticted access rights than the
Viewer
role, enabling the use of abrowserToken
specifically for authenticating the Live Content API. We're working to extend this capability to all Sanity price plans.
<SanityLive />
in the root layout.tsx
// src/app/layout.tsx
import {VisualEditing} from 'next-sanity'
import {SanityLive} from '@/sanity/lib/live'
export default function RootLayout({children}: {children: React.ReactNode}) {
return (
<html lang="en">
<body>
{children}
<SanityLive />
{(await draftMode()).isEnabled && <VisualEditing />}
</body>
</html>
)
}
The <SanityLive>
component is responsible for making all sanityFetch
calls in your application live, so should always be rendered. This differs from the <VisualEditing />
component, which should only be rendered when Draft Mode is enabled.
sanityFetch
Use sanityFetch
to fetch data in any server component.
// src/app/products.tsx
import {defineQuery} from 'next-sanity'
import {sanityFetch} from '@/sanity/lib/live'
const PRODUCTS_QUERY = defineQuery(`*[_type == "product" && defined(slug.current)][0...$limit]`)
export default async function Page() {
const {data: products} = await sanityFetch({
query: PRODUCTS_QUERY,
params: {limit: 10},
})
return (
<section>
{products.map((product) => (
<article key={product._id}>
<a href={`/product/${product.slug}`}>{product.title}</a>
</article>
))}
</section>
)
}
generateMetadata
, generateStaticParams
and moresanityFetch
can also be used in functions like generateMetadata
in order to make updating the page title, or even its favicon, live.
import {sanityFetch} from '@/sanity/lib/live'
import type {Metadata} from 'next'
export async function generateMetadata(): Promise<Metadata> {
const {data} = await sanityFetch({
query: SETTINGS_QUERY,
// Metadata should never contain stega
stega: false,
})
return {
title: {
template: `%s | ${data.title}`,
default: data.title,
},
}
}
Good to know: Always set
stega: false
when callingsanityFetch
within these:
generateMetadata
generateViewport
generateSitemaps
generateImageMetadata
import {sanityFetch} from '@/sanity/lib/live'
export async function generateStaticParams() {
const {data} = await sanityFetch({
query: POST_SLUGS_QUERY,
// Use the published perspective in generateStaticParams
perspective: 'published',
stega: false,
})
return data
}
To support previewing draft content when Draft Mode is enabled, the serverToken
passed to defineLive
should be assigned the Viewer role, which has the ability to fetch content using the previewDrafts
perspective.
Click the Draft Mode button in the Vercel toolbar to enable draft content:
With drafts enabled, you'll see the Edit Mode button show up if your Vercel plan is eligible:
Ensure that browserToken
is setup if you want draft content that isn't yet published to also update live.
The defineLive
API also supports Presentation Tool and Sanity Visual Editing.
Setup an API route that uses defineEnableDraftMode
in your app:
// src/app/api/draft-mode/enable/route.ts
import {client} from '@/sanity/lib/client'
import {token} from '@/sanity/lib/token'
import {defineEnableDraftMode} from 'next-sanity/draft-mode'
export const {GET} = defineEnableDraftMode({
client: client.withConfig({token}),
})
The main benefit of defineEnableDraftMode
is that it fully implements all of Sanity Presentation Tool's features, including the perspective switcher:
And the Preview URL Sharing feature:
In your sanity.config.ts
, set the previewMode.enable
option for presentationTool
:
// sanity.config.ts
import {defineConfig} from 'sanity'
import {presentationTool} from 'next-sanity'
export default defineConfig({
// ...
plugins: [
// ...
presentationTool({
previewUrl: {
// ...
previewMode: {
enable: '/api/draft-mode/enable',
},
},
}),
],
})
Ensuring you have a valid viewer token setup for defineLive.serverToken
and defineEnableDraftMode
allows Presentation Tool to auto enable Draft Mode, and your application to pull in draft content that refreshes in real time.
The defineLive.browserToken
option isn't required, but is recommended as it enables a faster live preview experience, both standalone and when using Presentation Tool.
Standalone live preview has the following requirements:
defineLive.serverToken
must be defined, otherwise only published content is fetched.defineLive.browserToken
must be defined with a valid token.You can verify if live preview is enabled with the useIsLivePreview
hook:
'use client'
import {useIsLivePreview} from 'next-sanity/hooks'
export function DebugLivePreview() {
const isLivePreview = useIsLivePreview()
if (isLivePreview === null) return 'Checking Live Preview...'
return isLivePreview ? 'Live Preview Enabled' : 'Live Preview Disabled'
}
The following hooks can also be used to provide information about the application's current environment:
import {
useIsPresentationTool,
useDraftModeEnvironment,
useDraftModePerspective,
} from 'next-sanity/hooks'
Live components will re-render automatically as content changes. This can cause jarring layout shifts in production when items appear or disappear from a list.
To provide a better user experience, we can animate these layout changes. The following example uses framer-motion@12.0.0-alpha.1
, which supports React Server Components:
// src/app/products.tsx
import {AnimatePresence} from 'framer-motion'
import * as motion from 'framer-motion/client'
import {defineQuery} from 'next-sanity'
import {sanityFetch} from '@/sanity/lib/live'
const PRODUCTS_QUERY = defineQuery(`*[_type == "product" && defined(slug.current)][0...$limit]`)
export default async function Page() {
const {data: products} = await sanityFetch({
query: PRODUCTS_QUERY,
params: {limit: 10},
})
return (
<section>
<AnimatePresence mode="popLayout">
{products.map((product) => (
<motion.article
key={product._id}
layout="position"
animate={{opacity: 1}}
exit={{opacity: 0}}
>
<a href={`/product/${product.slug}`}>{product.title}</a>
</motion.article>
))}
</AnimatePresence>
</section>
)
}
Whilst this is an improvement, it may still lead to users attempting to click on an item as it shifts position, potentially resulting in the selection of an unintended item. We can instead require users to opt-in to changes before a layout update is triggered.
To preserve the ability to render everything on the server, we can make use of a Client Component wrapper. This can defer showing changes to the user until they've explicitly clicked to "Refresh". The example below uses sonner
to provide toast functionality:
// src/app/products/products-layout-shift.tsx
'use client'
import {useCallback, useState, useEffect} from 'react'
import isEqual from 'react-fast-compare'
import {toast} from 'sonner'
export function ProductsLayoutShift(props: {children: React.ReactNode; ids: string[]}) {
const [children, pending, startViewTransition] = useDeferredLayoutShift(props.children, props.ids)
/**
* We need to suspend layout shift for user opt-in.
*/
useEffect(() => {
if (!pending) return
toast('Products have been updated', {
action: {
label: 'Refresh',
onClick: () => startViewTransition(),
},
})
}, [pending, startViewTransition])
return children
}
function useDeferredLayoutShift(children: React.ReactNode, dependencies: unknown[]) {
const [pending, setPending] = useState(false)
const [currentChildren, setCurrentChildren] = useState(children)
const [currentDependencies, setCurrentDependencies] = useState(dependencies)
if (!pending) {
if (isEqual(currentDependencies, dependencies)) {
if (currentChildren !== children) {
setCurrentChildren(children)
}
} else {
setCurrentDependencies(dependencies)
setPending(true)
}
}
const startViewTransition = useCallback(() => {
setCurrentDependencies(dependencies)
setPending(false)
}, [dependencies])
return [pending ? currentChildren : children, pending, startViewTransition] as const
}
This Client Component is used to wrap the layout that should only be updated after the user has clicked the refresh button:
// src/app/products/page.tsx
import { AnimatePresence } from "framer-motion";
import * as motion from "framer-motion/client";
import {defineQuery} from 'next-sanity'
import { sanityFetch } from "@/sanity/lib/live";
+import {ProductsLayoutShift} from './products-page-layout-shift.tsx'
const PRODUCTS_QUERY = defineQuery(`*[_type == "product" && defined(slug.current)][0...$limit]`)
export default async function Page() {
const {data: products} = await sanityFetch({ query: PRODUCTS_QUERY, params: {limit: 10} });
+ // If the list over ids change, it'll trigger the toast asking the user to opt-in to refresh
+ // but if a product title has changed, perhaps to fix a typo, we update that right away
+ const ids = products.map((product) => product._id)
return (
<section>
+ <ProductsLayoutShift ids={ids}>
<AnimatePresence mode="popLayout">
{products.map((product) => (
<motion.article
key={product._id}
layout="position"
animate={{ opacity: 1 }}
exit={{ opacity: 0 }}
>
<a href={`/product/${product.slug}`}>{product.title}</a>
</motion.article>
))}
</AnimatePresence>
+ </ProductsLayoutShift>
</section>
);
}
With this approach we've limited the use of client components to just a single component. All the server components within <ProductsLayoutShift>
remain as server components, with all their benefits.
The architecture for defineLive
works as follows:
sanityFetch
automatically sets fetch.next.tags
for you using opaque tags generated by our backend, prefixed with sanity:
.<SanityLive />
listens to change events using the Sanity Live Content API (LCAPI).<SanityLive />
invokes a Server Function that calls revalidateTag(
sanity:${tag})
.revalidateTag
integrating with ISR.With this setup, as long as one visitor accesses your Next.js app after a content change, the cache is updated globally for all users, regardless of the specific URL they visit.
If your content operations involve scenarios where you might not always have a visitor to trigger the revalidateTag
event, there are two ways to ensure your content is never stale:
revalidateTag(sanity)
All queries made using sanityFetch
include the sanity
tag in their fetch.next.tags
array. You can use this to call revalidateTag('sanity')
in an API route that handles a GROQ webhook payload.
This approach can be considered a "heavy hammer" so it's important to limit the webhook events that trigger it. You could also implement this in a custom component to manually purge the cache if content gets stuck.
<SanityLive />
alternativeYou can setup your own long-running server, using Express for example, to listen for change events using the Sanity Live Content API. Then, create an API route in your Next.js app:
// src/app/api/revalidate-tag/route.ts
import {revalidateTag} from 'next/cache'
export const POST = async (request) => {
const {tags, isValid} = await validateRequest(request)
if (!isValid) return new Response('No no no', {status: 400})
for (const _tag of tags) {
const tag = `sanity:${_tag}`
revalidateTag(tag)
// eslint-disable-next-line no-console
console.log(`revalidated tag: ${tag}`)
}
}
Your Express app can then forward change events to this endpoint, ensuring your content is always up-to-date. This method guarantees that stale content is never served, even if no browser is actively viewing your app!
Sanity Studio is a near-infinitely configurable content editing interface that can be embedded into any React application. For Next.js, you can embed the Studio on a route (like /studio
). The Studio will still require authentication and be available only for members of your Sanity project.
This opens up many possibilities including dynamic configuration of your Sanity Studio based on a network request or user input.
[!WARNING] The convenience of co-locating the Studio with your Next.js application is appealing, but it can also influence your content model to be too website-centric, and potentially make collaboration with other developers more difficult. Consider a standalone or monorepo Studio repository for larger projects and teams.
next-sanity
exports a <NextStudio />
component to load Sanity's <Studio />
component wrapped in a Next.js friendly layout. metadata
specifies the necessary <meta>
tags for making the Studio adapt to mobile devices and prevents the route from being indexed by search engines.
To quickly connect an existing - or create a new - Sanity project to your Next.js application, run the following command in your terminal. You will be prompted to create a route for the Studio during setup.
npx sanity@latest init
Create a file sanity.config.ts
in the project's root and copy the example below:
// ./sanity.config.ts
import {defineConfig} from 'sanity'
import {structureTool} from 'sanity/structure'
const projectId = process.env.NEXT_PUBLIC_SANITY_PROJECT_ID!
const dataset = process.env.NEXT_PUBLIC_SANITY_DATASET!
export default defineConfig({
basePath: '/studio', // `basePath` must match the route of your Studio
projectId,
dataset,
plugins: [structureTool()],
schema: {types: []},
})
Optionally, create a sanity.cli.ts
with the same projectId
and dataset
as your sanity.config.ts
to the project root so that you can run npx sanity <command>
from the terminal inside your Next.js application:
// ./sanity.cli.ts
import {defineCliConfig} from 'sanity/cli'
const projectId = process.env.NEXT_PUBLIC_SANITY_PROJECT_ID!
const dataset = process.env.NEXT_PUBLIC_SANITY_DATASET!
export default defineCliConfig({api: {projectId, dataset}})
Now you can run commands like npx sanity cors add
. Run npx sanity help
for a full list of what you can do.
Even if the rest of your app is using Pages Router, you can and should mount the Studio on an App Router route. Next.js supports both routers in the same app.
Create a new route to render the Studio, with the default metadata and viewport configuration:
// ./src/app/studio/[[...tool]]/page.tsx
import {NextStudio} from 'next-sanity/studio'
import config from '../../../../sanity.config'
export const dynamic = 'force-static'
export {metadata, viewport} from 'next-sanity/studio'
export default function StudioPage() {
return <NextStudio config={config} />
}
The default meta tags exported by next-sanity
can be customized if necessary:
// ./src/app/studio/[[...tool]]/page.tsx
import type {Metadata, Viewport} from 'next'
import {metadata as studioMetadata, viewport as studioViewport} from 'next-sanity/studio'
// Set the correct `viewport`, `robots` and `referrer` meta tags
export const metadata: Metadata = {
...studioMetadata,
// Overrides the title until the Studio is loaded
title: 'Loading Studio...',
}
export const viewport: Viewport = {
...studioViewport,
// Overrides the viewport to resize behavior
interactiveWidget: 'resizes-content',
}
export default function StudioPage() {
return <NextStudio config={config} />
}
StudioProvider
and StudioLayout
If you need even more control over the Studio, you can pass StudioProvider
and StudioLayout
from sanity
as children
:
// ./src/app/studio/[[...tool]]/page.tsx
'use client'
import {NextStudio} from 'next-sanity/studio'
import {StudioProvider, StudioLayout} from 'sanity'
import config from '../../../sanity.config'
function StudioPage() {
return (
<NextStudio config={config}>
<StudioProvider config={config}>
{/* Put components here and you'll have access to the same React hooks as Studio gives you when writing plugins */}
<StudioLayout />
</StudioProvider>
</NextStudio>
)
}
[!IMPORTANT] You're looking at the README for v9, the README for v8 is available here as well as an migration guide.
MIT-licensed. See LICENSE.
FAQs
Sanity.io toolkit for Next.js
The npm package next-sanity receives a total of 62,105 weekly downloads. As such, next-sanity popularity was classified as popular.
We found that next-sanity demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 65 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.