Skip to content

[Feature?]: mark module or variable as secret to stop being bundled into client #1103

Description

@samualtnorman

Duplicates

  • I have searched the existing issues

Latest version

  • I have tested the latest version

Summary 💡

I'd like a way to mark a variable (e.g. by a macro) or a module (e.g. by a naming convention) as server only (secret).
The macro should fail at build time and print the source location of where the variable was mistakenly used.
The naming convention should fail at build time and print the source location of the mistaken import statement.

Examples 🌈

const prisma = new PrismaClient

async function getUserByToken(token: string): User {
	// code that uses `prisma` variable
}

export default () => {
	if (isServer) {
		// ...
	} else {
		const token = getToken(document.cookie)
		// didn't notice that forgot to create a `server$()` wrapper for `getUserByToken()`
		// this may also leak `datasource` `url` in prisma schema which may contain a password
		const user = await getUserByToken(token)
	}
	
	return <>{/* ... */}</>
}

Motivation 🔦

With collocation I have accidentally bundled in server only code into the client and created hard to track down errors twice now.
I've searched the issues and the community discord server and created a post in the support channel but have found no answers.
If this already exists then instead this issue should probably be about documenting this feature on the docs.
Some leaks may be subtle enough that they aren't noticed during dev so these 2 incident are just ones that I noticed because they create errors on the client at dev.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions