Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

server-cli-only

Package Overview
Dependencies
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

server-cli-only

The server-cli-only package is designed to restrict the import of modules exclusively to React Server Components or scripts running on the CLI.

  • 0.3.2
  • latest
  • npm
  • Socket score
Version published
Weekly downloads
1.5K
decreased by-30.89%
Maintainers
1
Weekly downloads
 
Created
Source

server-cli-only

This package is designed as a failsafe. All modules marked with import "server-cli-only" will throw an error on build-time if imported into a module running in the "browser" runtime (e.g., React Client Components). This package is an alternative to the server-only package, which permits the execution of React Server Components runtimes but doesn't allow using other server or edge runtimes. This package aims for the use with React but can also be used in other projects that follow this strategy.

Installation

npm i server-cli-only

Module Usage

Import server-cli-only at the beginning of a module that you want to protect from leaking to the front-end (browser):

import "server-cli-only";

Now, imports of your module importing server-cli-only into "browser" modules (e.g., React Client Components) will throw an error.

Command Line Usage

You can directly execute scripts in server runtimes like node, deno, and bun. For example:

node your-script.js

Or in your package.json:

{
  "scripts": {
    "your-cli-script": "node your-script.js"
  }
}

Context

This package tries to align with the guidelines in the React Server Module Conventions of RFC #227 but extends this guideline to also allow executions in other server and edge runtimes, not only the "react-server" runtime. The overarching goal is to restrict modules with sensitive data from being leaked to the front-end (browser) by using "conditional exports" in Node.js's package.json file. Doing so results in build-time errors for "browser" and unknown runtime modules. Following, all allowed and forbidden (error-throwing) runtimes.

Allowed Runtimes

KeyTarget
react-serverReact Server Components
nodeNode.js runtime
bunBun runtime
denoDeno runtime
edge-lightVercel edge
netlifyNetlify edge
workerdCloudflare edge

Forbidden Runtimes (Error-Throwing)

KeyTarget
browserReact Client Components
<unknown>All unknown runtimes

Lookout Places for Additional Runtime Keys in the Future

Proposed Specs concerning the different runtime keys available by the Web-interoperable Runtimes Community Group (WinterCG). And React-DOM's package.json "conditional exports" field.

License

MIT License.

Links

Keywords

FAQs

Package last updated on 30 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Package Targets Solana Developers and Hijacks Funds

Research

Security News

Malicious npm Package Targets Solana Developers and Hijacks Funds

A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.

By Socket Research Team  -  Dec 02, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc