feat: smaller package

.gitignore

@@ -18,6 +18,7 @@
 
 # testing artifacts
 **/tests/playground/*.mjs
+**/*-test-artifact.*
 
 # moon
 .moon/cache

@kindspells/astro-shield/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@kindspells/astro-shield",
-	"version": "1.4.1",
+	"version": "1.4.2",
 	"description": "Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.",
 	"private": false,
 	"type": "module",
@@ -22,7 +22,10 @@
 		}
 	},
 	"imports": {
-		"#as/*": "./src/*"
+		"#as/*": {
+			"types": "./src/*.mts",
+			"import": "./dist/*.mjs"
+		}
 	},
 	"files": ["dist/*"],
 	"scripts": {
@@ -60,15 +63,15 @@
 		"astro": "^4.0.0"
 	},
 	"devDependencies": {
-		"@types/node": "^22.5.4",
-		"astro": "^4.15.4",
-		"get-tsconfig": "^4.8.0",
+		"@types/node": "^22.5.5",
+		"astro": "^4.15.6",
+		"get-tsconfig": "^4.8.1",
 		"rollup": "^4.21.3",
 		"rollup-plugin-dts": "^6.1.1",
 		"rollup-plugin-esbuild": "^6.1.1",
 		"typescript": "^5.6.2",
-		"vite": "^5.4.4",
-		"vitest": "^2.0.5"
+		"vite": "^5.4.5",
+		"vitest": "^2.1.1"
 	},
 	"repository": {
 		"type": "git",

@kindspells/astro-shield/rollup.config.mjs

@@ -23,13 +23,14 @@ const outputBaseConfig = {
 
 export default defineConfig([
 	{
-		input: 'src/main.mts',
-		output: [{ format: 'esm', file: 'dist/main.mjs', sourcemap: true }],
+		input: 'src/core.mts',
+		output: [{ format: 'esm', file: 'dist/core.mjs', sourcemap: true }],
 		...outputBaseConfig,
 	},
 	{
-		input: 'src/core.mts',
-		output: [{ format: 'esm', file: 'dist/core.mjs', sourcemap: true }],
+		input: 'src/main.mts',
+		output: [{ format: 'esm', file: 'dist/main.mjs', sourcemap: true }],
+		external: ['#as/core'],
 		...outputBaseConfig,
 	},
 	{
@@ -40,6 +41,7 @@ export default defineConfig([
 	{
 		input: 'src/main.mts',
 		output: [{ format: 'esm', file: 'dist/main.d.mts' }],
+		external: ['#as/core'],
 		plugins: [dts()],
 	},
 ])

@kindspells/astro-shield/src/core.mts

@@ -15,34 +15,15 @@ import type { Plugin } from 'vite'
 import { doesFileExist, scanDirectory } from './fs.mts'
 import { patchHeaders } from './headers.mts'
 import type {
+	HashesCollection,
+	Logger,
+	MiddlewareHashes,
+	PerPageHashes,
 	SecurityHeadersOptions,
 	SRIOptions,
 	StrictShieldOptions,
 } from './types.mts'
 
-export type MiddlewareHashes = {
-	scripts: Map<string, string>
-	styles: Map<string, string>
-}
-
-export type PerPageHashes = { scripts: Set<string>; styles: Set<string> }
-export type PerPageHashesCollection = Map<string, PerPageHashes>
-
-export type HashesCollection = {
-	inlineScriptHashes: Set<string>
-	inlineStyleHashes: Set<string>
-	extScriptHashes: Set<string>
-	extStyleHashes: Set<string>
-	perPageSriHashes: PerPageHashesCollection
-	perResourceSriHashes: MiddlewareHashes
-}
-
-export type Logger = {
-	info(msg: string): void
-	warn(msg: string): void
-	error(msg: string): void
-}
-
 export type HashesModule = {
 	[k in keyof HashesCollection]: HashesCollection[k] extends Set<string>
 		? string[] | undefined

@kindspells/astro-shield/e2e/e2e.test.mts → @kindspells/astro-shield/src/e2e/e2e.test.mts

@@ -23,9 +23,9 @@ import {
 	it,
 } from 'vitest'
 
-import type { HashesModule } from '#as/core.mjs'
-import { generateSRIHash } from '#as/core.mjs'
-import { doesFileExist } from '#as/fs.mjs'
+import type { HashesModule } from '../core.mts'
+import { generateSRIHash } from '../core.mts'
+import { doesFileExist } from '../fs.mts'
 
 const execFile = promisify(_execFile)
 

@kindspells/astro-shield/e2e/fixtures/dynamic/package.json → @kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json

@@ -11,7 +11,7 @@
 	"license": "MIT",
 	"dependencies": {
 		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.4"
+		"astro": "^4.15.6"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

@kindspells/astro-shield/e2e/fixtures/hybrid/package.json → @kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json

@@ -9,7 +9,7 @@
 	"license": "MIT",
 	"dependencies": {
 		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.4"
+		"astro": "^4.15.6"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

@kindspells/astro-shield/e2e/fixtures/hybrid2/package.json → @kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json

@@ -9,7 +9,7 @@
 	"license": "MIT",
 	"dependencies": {
 		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.4"
+		"astro": "^4.15.6"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

@kindspells/astro-shield/e2e/fixtures/hybrid3/package.json → @kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json

@@ -9,7 +9,7 @@
 	"license": "MIT",
 	"dependencies": {
 		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.4"
+		"astro": "^4.15.6"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

@kindspells/astro-shield/e2e/fixtures/static/package.json → @kindspells/astro-shield/src/e2e/fixtures/static/package.json

@@ -8,7 +8,7 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"astro": "^4.15.4"
+		"astro": "^4.15.6"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

@kindspells/astro-shield/src/fs.mts

@@ -7,8 +7,7 @@
 import { readdir, stat } from 'node:fs/promises'
 import { resolve } from 'node:path'
 
-import type { HashesCollection, Logger } from './core.mts'
-import type { SRIOptions } from './types.mts'
+import type { HashesCollection, Logger, SRIOptions } from './types.mts'
 
 export const doesFileExist = async (path: string): Promise<boolean> => {
 	try {

@kindspells/astro-shield/src/headers.mts

@@ -1,4 +1,4 @@
-import type { PerPageHashes } from './core.mts'
+import type { PerPageHashes } from './types.mts'
 import type {
 	CSPDirectives,
 	CSPOptions,
@@ -67,7 +67,7 @@ export const patchCspHeader = (
 					plainHeaders['content-security-policy'] as string,
 				),
 			}
-		: cspOpts.cspDirectives ?? ({} satisfies CSPDirectives)
+		: (cspOpts.cspDirectives ?? ({} satisfies CSPDirectives))
 
 	if (pageHashes.scripts.size > 0) {
 		setSrcDirective(directives, 'script-src', pageHashes.scripts)

@kindspells/astro-shield/src/main.mts

@@ -8,7 +8,7 @@ import { fileURLToPath } from 'node:url'
 
 import type { AstroIntegration } from 'astro'
 
-import { getAstroConfigSetup, processStaticFiles } from './core.mts'
+import { getAstroConfigSetup, processStaticFiles } from '#as/core'
 import type { ShieldOptions, SRIOptions } from './types.mts'
 
 type AstroHooks = AstroIntegration['hooks']

@kindspells/astro-shield/src/state.mts

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: MIT
  */
 
-import type { MiddlewareHashes } from './core.mts'
+import type { MiddlewareHashes } from './types.mts'
 
 let globalHashes: MiddlewareHashes
 

@kindspells/astro-shield/src/tests/core.test.mts

@@ -21,8 +21,8 @@ import {
 	sriHashesEqual,
 	updateDynamicPageSriHashes,
 	updateStaticPageSriHashes,
-} from '#as/core.mts'
-import { doesFileExist } from '#as/fs.mts'
+} from '../core.mts'
+import { doesFileExist } from '../fs.mts'
 
 type SriHashes = {
 	scripts: Record<string, string>
@@ -615,7 +615,7 @@ describe('updateStaticPageSriHashes', () => {
 				<title>My Test Page</title>
 			</head>
 			<body>
-				<script type="module" src="/core.mjs"></script>
+				<script type="module" src="/state.mjs"></script>
 			</body>
 		</html>`
 
@@ -624,7 +624,7 @@ describe('updateStaticPageSriHashes', () => {
 				<title>My Test Page</title>
 			</head>
 			<body>
-				<script type="module" src="/core.mjs" integrity="sha256-Pl+u7V7n6H0yGnuW+XJq9vAtnskDhX+uuHdOPF/MuEU="></script>
+				<script type="module" src="/state.mjs" integrity="sha256-GnAS2y0U5qIXDOpQOY7sE+D1/ncp19EQxwySQzSR/bQ="></script>
 			</body>
 		</html>`
 
@@ -642,7 +642,7 @@ describe('updateStaticPageSriHashes', () => {
 
 		expect(
 			h.extScriptHashes.has(
-				'sha256-Pl+u7V7n6H0yGnuW+XJq9vAtnskDhX+uuHdOPF/MuEU=',
+				'sha256-GnAS2y0U5qIXDOpQOY7sE+D1/ncp19EQxwySQzSR/bQ=',
 			),
 		).toBe(true)
 		expect(h.inlineScriptHashes.size).toBe(0)

@kindspells/astro-shield/src/tests/fs.test.mts

@@ -9,9 +9,9 @@ import { relative, resolve } from 'node:path'
 
 import { describe, expect, it } from 'vitest'
 
-import type { HashesCollection } from '#as/core.mts'
-import { generateSRIHash } from '#as/core.mts'
-import { doesFileExist, scanDirectory } from '#as/fs.mts'
+import type { HashesCollection } from '../types.mts'
+import { generateSRIHash } from '../core.mts'
+import { doesFileExist, scanDirectory } from '../fs.mts'
 
 const testsDir = new URL('.', import.meta.url).pathname
 

@kindspells/astro-shield/src/tests/headers.test.mts

@@ -12,8 +12,8 @@ import {
 	serialiseCspDirectives,
 	serialiseHashes,
 	setSrcDirective,
-} from '#as/headers.mjs'
-import type { CSPDirectives, SecurityHeadersOptions } from '#as/types.mts'
+} from '../headers.mjs'
+import type { CSPDirectives, SecurityHeadersOptions } from '../types.mts'
 
 describe('serialiseHashes', () => {
 	it('returns an empty string for an empty set', () => {

@kindspells/astro-shield/src/tests/main.test.mts

@@ -7,7 +7,7 @@
 import type { AstroIntegration } from 'astro'
 import { describe, expect, it } from 'vitest'
 
-import defaultIntegrationExport, { shield } from '#as/main.mts'
+import defaultIntegrationExport, { shield } from '../main.mts'
 
 describe('sriCSP', () => {
 	it('is exported as default', () => {

@kindspells/astro-shield/src/tests/state.test.mts

@@ -6,7 +6,7 @@
 
 import { describe, expect, it } from 'vitest'
 
-import { getGlobalHashes } from '#as/state.mts'
+import { getGlobalHashes } from '../state.mts'
 
 describe('getGlobalHashes', () => {
 	it('returns a singleton', () => {

@kindspells/astro-shield/src/types.mts

@@ -111,7 +111,14 @@ export type SRIOptions = {
 	stylesAllowListUrls?: string[]
 }
 
+type VercelConfig = {
+	provider: 'vercel'
+	configFile: string // TODO: auto-discovery?
+}
+
 export type SecurityHeadersOptions = {
+	enableOnStaticPages?: VercelConfig | undefined
+
 	/**
 	 * - If set, it controls how the CSP (Content Security Policy) header will be
 	 *   generated in the middleware.
@@ -151,3 +158,26 @@ export type StrictShieldOptions = ShieldOptions & {
 	distDir: string
 	sri: SRIOptions & { enableStatic: boolean; enableMiddleware: boolean }
 }
+
+export type Logger = {
+	info(msg: string): void
+	warn(msg: string): void
+	error(msg: string): void
+}
+
+export type MiddlewareHashes = {
+	scripts: Map<string, string>
+	styles: Map<string, string>
+}
+
+export type PerPageHashes = { scripts: Set<string>; styles: Set<string> }
+export type PerPageHashesCollection = Map<string, PerPageHashes>
+
+export type HashesCollection = {
+	inlineScriptHashes: Set<string>
+	inlineStyleHashes: Set<string>
+	extScriptHashes: Set<string>
+	extStyleHashes: Set<string>
+	perPageSriHashes: PerPageHashesCollection
+	perResourceSriHashes: MiddlewareHashes
+}

@kindspells/astro-shield/vitest.config.e2e.mts

@@ -8,6 +8,6 @@ import { defineConfig } from 'vitest/config'
 
 export default defineConfig({
 	test: {
-		include: ['e2e/**/*.test.mts'],
+		include: ['src/e2e/**/*.test.mts'],
 	},
 })

biome.json

@@ -1,5 +1,5 @@
 {
-	"$schema": "https://biomejs.dev/schemas/1.8.3/schema.json",
+	"$schema": "https://biomejs.dev/schemas/1.9.0/schema.json",
 	"organizeImports": { "enabled": true },
 	"files": {
 		"include": ["*.json", "*.js", "*.mjs", "*.mts", "*.d.ts"],

docs/package.json

@@ -13,14 +13,14 @@
 	"dependencies": {
 		"astro-sst": "^2.43.5",
 		"sharp": "0.33.5",
-		"sst": "^3.1.7"
+		"sst": "^3.1.10"
 	},
 	"devDependencies": {
 		"@astrojs/check": "^0.9.3",
 		"@astrojs/starlight": "^0.27.1",
 		"@astrojs/ts-plugin": "^1.10.2",
 		"@kindspells/astro-shield": "workspace:^",
-		"astro": "^4.15.4",
+		"astro": "^4.15.6",
 		"typescript": "^5.6.2"
 	}
 }

package.json

@@ -10,11 +10,11 @@
 		}
 	],
 	"devDependencies": {
-		"@biomejs/biome": "^1.8.3",
+		"@biomejs/biome": "^1.9.0",
 		"@moonrepo/cli": "^1.28.2",
-		"@vitest/coverage-v8": "^2.0.5",
+		"@vitest/coverage-v8": "^2.1.1",
 		"publint": "^0.2.10",
-		"vitest": "^2.0.5"
+		"vitest": "^2.1.1"
 	},
 	"engines": {
 		"node": ">= 18.0.0"