From 6da5c56ff541acd12d82c0f4389f7c88c3999bad Mon Sep 17 00:00:00 2001 From: Ryan Atkinson Date: Sun, 29 Oct 2023 23:11:37 -0600 Subject: [PATCH] upgrade deps --- README.md | 18 ++++++++++++++++-- gro.config.ts | 24 ------------------------ package-lock.json | 16 ++++++++-------- package.json | 6 +++--- src/lib/package.ts | 6 +++--- 5 files changed, 30 insertions(+), 40 deletions(-) delete mode 100644 gro.config.ts diff --git a/README.md b/README.md index 6fa5d46..b9eeb45 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,22 @@ This project uses [SvelteKit](https://kit.svelte.dev/) with the static adapter and [Vite](https://vitejs.dev/), so the normal commands like `vite dev` work as expected. -It also uses [`gro`](https://github.com/grogarden/gro) -for additional things like deploying - see below for more. +It also uses [Gro](https://github.com/grogarden/gro) +for tasks like deploying and more. + +**⚠️ Important,** this template is designed for **public** open source projects. +Its `package.json` has `"public": true` by default, +which [tells Gro](https://github.com/grogarden/gro/blob/main/src/lib/docs/gro_plugin_sveltekit_frontend.md#well_known_package_json) +to publish the `package.json` and a map of its `src/` directory +to `static/.well-known/` during the build. +This can leak sensitive information if you are not careful ⚠️ +To disable the feature: + +```diff +// package.json +- "public": true, // remove this to disable the public `.well-known` files ++ "private": true, // maybe add this to opt into disabling npm publish +``` > [Windows is not yet supported](https://github.com/fuz-dev/fuz_template/issues/4) > (we recommend [WSL](https://docs.microsoft.com/en-us/windows/wsl/about)) diff --git a/gro.config.ts b/gro.config.ts deleted file mode 100644 index 39518c8..0000000 --- a/gro.config.ts +++ /dev/null @@ -1,24 +0,0 @@ -import {type CreateGroConfig, replace_plugin} from '@grogarden/gro'; - -// This config file can be deleted for projects that want the normal defaults. -// Gro docs: https://github.com/grogarden/gro - -const config: CreateGroConfig = async (cfg) => { - // This template's `package.json` has `"private": true` to protect users, - // disabling `.well-known/package.json`, but in this case we want to publish it, - // so we re-enable it here. - // See the Gro docs for more about `.well-known/package.json`: - // https://github.com/grogarden/gro/blob/main/src/lib/docs/gro_plugin_sveltekit_frontend.md - const get_base_plugins = cfg.plugins; - cfg.plugins = async (ctx) => - replace_plugin( - await get_base_plugins(ctx), - (await import('@grogarden/gro/gro_plugin_sveltekit_frontend.js')).plugin({ - well_known_package_json: true, - }), - ); - - return cfg; -}; - -export default config; diff --git a/package-lock.json b/package-lock.json index c229df0..f0cc1f2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,8 +12,8 @@ "@fuz.dev/fuz": "^0.76.0", "@fuz.dev/fuz_contextmenu": "^0.5.0", "@fuz.dev/fuz_dialog": "^0.4.0", - "@fuz.dev/fuz_library": "^0.16.0", - "@grogarden/gro": "^0.97.0", + "@fuz.dev/fuz_library": "^0.16.1", + "@grogarden/gro": "^0.98.0", "@grogarden/util": "^0.15.2", "@sveltejs/adapter-static": "^2.0.3", "@sveltejs/kit": "^1.27.1", @@ -564,9 +564,9 @@ } }, "node_modules/@fuz.dev/fuz_library": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/@fuz.dev/fuz_library/-/fuz_library-0.16.0.tgz", - "integrity": "sha512-5EQzhkoeeqjNDRbc2w7VIhy0g1CpRk8Q2edZQxKGw72wkBUHRTEm/87GN++HO6auH3n0RALC0izYOYFCDWcnYQ==", + "version": "0.16.1", + "resolved": "https://registry.npmjs.org/@fuz.dev/fuz_library/-/fuz_library-0.16.1.tgz", + "integrity": "sha512-z0qissukYNldsam6sY3nmpxVLyuY0lHir+EuDWG+xOjnL1Vd+QVtSYaCMolNyLA1bH04hkPUHd2EZlaoZ+lp5w==", "dev": true, "dependencies": { "@grogarden/util": "^0.15.2" @@ -580,9 +580,9 @@ } }, "node_modules/@grogarden/gro": { - "version": "0.97.0", - "resolved": "https://registry.npmjs.org/@grogarden/gro/-/gro-0.97.0.tgz", - "integrity": "sha512-cfenK0WWyD7FPEciveDdQ8x0fUQGtxG0YJUTFgU2CowXplnSnXUqkUzhnhRLmamDUBcHlWM+N/MlBGrgIWHffw==", + "version": "0.98.0", + "resolved": "https://registry.npmjs.org/@grogarden/gro/-/gro-0.98.0.tgz", + "integrity": "sha512-DTp/per9TtT3dqqRUeywnw9YbPq0EFBZAb8RAIz40G/yYY8XZbHMTKmGVw6ESAa2bMzzaRpgizyS7HmbPBLyUg==", "dev": true, "dependencies": { "@grogarden/util": "^0.15.2", diff --git a/package.json b/package.json index 1b74bbc..e239a3e 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,8 @@ { "name": "@fuz.dev/fuz_template", - "private": true, "description": "a static web app and Node library template with TypeScript, Svelte, SvelteKit, Vite, esbuild, Fuz, and Gro", "version": "0.0.1", + "public": true, "homepage": "https://template.fuz.dev/", "repository": "https://github.com/fuz-dev/fuz_template", "type": "module", @@ -24,8 +24,8 @@ "@fuz.dev/fuz": "^0.76.0", "@fuz.dev/fuz_contextmenu": "^0.5.0", "@fuz.dev/fuz_dialog": "^0.4.0", - "@fuz.dev/fuz_library": "^0.16.0", - "@grogarden/gro": "^0.97.0", + "@fuz.dev/fuz_library": "^0.16.1", + "@grogarden/gro": "^0.98.0", "@grogarden/util": "^0.15.2", "@sveltejs/adapter-static": "^2.0.3", "@sveltejs/kit": "^1.27.1", diff --git a/src/lib/package.ts b/src/lib/package.ts index 79ab3f3..52d2a83 100644 --- a/src/lib/package.ts +++ b/src/lib/package.ts @@ -4,10 +4,10 @@ import type {PackageJson} from '@grogarden/gro/package_json.js'; export const package_json = { name: '@fuz.dev/fuz_template', - private: true, description: 'a static web app and Node library template with TypeScript, Svelte, SvelteKit, Vite, esbuild, Fuz, and Gro', version: '0.0.1', + public: true, homepage: 'https://template.fuz.dev/', repository: 'https://github.com/fuz-dev/fuz_template', type: 'module', @@ -25,8 +25,8 @@ export const package_json = { '@fuz.dev/fuz': '^0.76.0', '@fuz.dev/fuz_contextmenu': '^0.5.0', '@fuz.dev/fuz_dialog': '^0.4.0', - '@fuz.dev/fuz_library': '^0.16.0', - '@grogarden/gro': '^0.97.0', + '@fuz.dev/fuz_library': '^0.16.1', + '@grogarden/gro': '^0.98.0', '@grogarden/util': '^0.15.2', '@sveltejs/adapter-static': '^2.0.3', '@sveltejs/kit': '^1.27.1',