"TanStack Start's import protection is designed to prevent server-only code, such as database queries, from leaking into client bundles, addressing a common source of bugs and security risks."
"The import protection system operates as a Vite plugin, checking every import in source files during development and at build time, ensuring that only appropriate code reaches the client or server."
"Files following the *.server.* naming convention are automatically denied in the client environment, while *.client.* files are blocked on the server, requiring no additional configuration."
"Developers can explicitly mark modules as server-only or client-only using a side-effect import, allowing for greater control over code accessibility and enhancing overall application security."
TanStack Start has launched import protection, a Vite-powered feature that prevents server-only code from appearing in client bundles and vice versa. This mechanism is enabled by default in new projects and aims to reduce bugs and security risks associated with code mismanagement. The system checks imports during development and build time, denying access based on file naming conventions and explicit markers. Developers can also create custom deny rules for specific directories or packages to enhance security further.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]