fix: safer top level await checks (#149)

Co-authored-by: Julien Huang <[email protected]>

Author: harlan-zw

package.json

@@ -75,7 +75,6 @@
     "@types/youtube": "^0.0.50",
     "@unhead/vue": "^1.9.15",
     "@vueuse/core": "^10.11.0",
-    "acorn": "^8.12.1",
     "consola": "^3.2.3",
     "defu": "^6.1.4",
     "h3": "^1.12.0",

playground/nuxt.config.ts

@@ -3,5 +3,7 @@ export default defineNuxtConfig({
     '@nuxt/scripts',
     '@nuxt/ui',
   ],
+
   devtools: { enabled: true },
+  compatibilityDate: '2024-07-14',
 })

playground/pages/features/top-level-await.vue

@@ -0,0 +1,14 @@
+<script lang="ts" setup>
+// import { useScript } from '#imports'
+
+// const { $script } = useScript('/test.js')
+
+// uncomment will trigger build-error
+// await $script
+// or
+// await $script.load()
+</script>
+
+<template>
+  <div>hello world</div>
+</template>

pnpm-lock.yaml

@@ -25,7 +25,7 @@ import type {
   RegistryScript,
   RegistryScripts,
 } from './runtime/types'
-import checkScripts from './plugins/check-scripts'
+import { NuxtScriptsCheckScripts } from './plugins/check-scripts'
 import { templatePlugin } from './templates'
 import { addTpc } from './tpc/addTpc'
 
@@ -116,7 +116,6 @@ export default defineNuxtModule<ModuleOptions>({
         return
       }
     }
-    addBuildPlugin(checkScripts())
     // allow augmenting the options
     nuxt.options.alias['#nuxt-scripts-validator'] = resolve(`./runtime/validation/${(nuxt.options.dev || nuxt.options._prepare) ? 'valibot' : 'mock'}`)
     nuxt.options.alias['#nuxt-scripts'] = resolve('./runtime/types')
@@ -198,6 +197,10 @@ ${newScripts.map((i) => {
       const { normalizeScriptData } = setupPublicAssetStrategy(config.assets)
 
       const moduleInstallPromises: Map<string, () => Promise<boolean> | undefined> = new Map()
+
+      addBuildPlugin(NuxtScriptsCheckScripts(), {
+        dev: true,
+      })
       addBuildPlugin(NuxtScriptBundleTransformer({
         scripts: registryScriptsWithImport,
         defaultBundle: config.defaultScriptOptions?.bundle,

src/module.ts

@@ -1,120 +1,63 @@
 import { createUnplugin } from 'unplugin'
-import type { AnyNode, VariableDeclarator, ExportDefaultDeclaration, Property } from 'acorn'
-import { extname } from 'pathe'
-import { parse } from 'acorn'
-import { transform } from 'esbuild'
-
-const SCRIPT_RE = /<script[^>]*>([\s\S]*)<\/script>/
-
-export default () => createUnplugin(() => {
-  return {
-    name: 'nuxt-scripts:check-scripts',
-    enforce: 'pre',
-    async transform(code, id) {
-      if (!code.includes('useScript')) // all integrations should start with useScript*
-        return
-
-      const extName = extname(id)
-      if (extName === '.vue') {
-        const scriptAst = await extractScriptContentAst(code)
-        if (scriptAst) {
-          analyzeNodes(id, scriptAst)
-        }
-      }
-      else if (extName === '.ts' || extName === '.js') {
-        if (!code.includes('defineComponent')) return
-
-        let result = code
-
-        if (extName === '.ts') {
-          result = (await transform(code, { loader: 'ts' })).code
-        }
-
-        const setupFunction = extractSetupFunction(result)
-
-        if (setupFunction) {
-          analyzeNodes(id, setupFunction)
-        }
-      }
-
-      return undefined
-    },
-  }
-})
-
-function analyzeNodes(id: string, nodes: AnyNode[]) {
-  let name: string | undefined
-
-  for (const node of nodes) {
-    if (name) {
-      if (isAwaitingLoad(name, node)) {
-        throw new Error('Awaiting load should not be used at top level of a composable or <script>')
-      }
-    }
-    else {
-      if (node.type === 'VariableDeclaration') {
-        name = findScriptVar(node.declarations[0])
-      }
-    }
-  }
-}
-
-function findScriptVar(scriptDeclaration: VariableDeclarator) {
-  if (scriptDeclaration.id.type === 'ObjectPattern') {
-    for (const property of scriptDeclaration.id.properties) {
-      if (property.type === 'Property' && property.key.type === 'Identifier' && property.key.name === '$script' && property.value.type === 'Identifier') {
-        return property.value.name
-      }
-    }
-  }
-  else if (scriptDeclaration.id.type === 'Identifier') {
-    return scriptDeclaration.id.name
-  }
-}
-
-function isAwaitingLoad(name: string, node: AnyNode) {
-  if (node.type === 'ExpressionStatement' && node.expression.type === 'AwaitExpression') {
-    const arg = node.expression.argument
-    if (arg.type === 'CallExpression') {
-      const callee = arg.callee
-      if (callee.type === 'MemberExpression' && callee.object.type === 'Identifier' && callee.object.name === name) {
-        // $script or alias is used
-        if (callee.property.type === 'Identifier' && callee.property.name === 'load') {
-          return true
+import { type Node, walk } from 'estree-walker'
+import type { AssignmentExpression, CallExpression, ObjectPattern, ArrowFunctionExpression, Identifier, MemberExpression } from 'estree'
+import { isVue } from './util'
+
+export function NuxtScriptsCheckScripts() {
+  return createUnplugin(() => {
+    return {
+      name: 'nuxt-scripts:check-scripts',
+      transformInclude(id) {
+        return isVue(id, { type: ['script'] })
+      },
+
+      async transform(code) {
+        if (!code.includes('useScript')) // all integrations should start with useScript*
+          return
+
+        const ast = this.parse(code)
+        let nameNode: Node | undefined
+        let errorNode: Node | undefined
+        walk(ast as Node, {
+          enter(_node) {
+            if (_node.type === 'VariableDeclaration' && _node.declarations?.[0]?.id?.type === 'ObjectPattern') {
+              const objPattern = _node.declarations[0]?.id as ObjectPattern
+              for (const property of objPattern.properties) {
+                if (property.type === 'Property' && property.key.type === 'Identifier' && property.key.name === '$script' && property.value.type === 'Identifier') {
+                  nameNode = _node
+                }
+              }
+            }
+            if (nameNode) {
+              let sequence = _node.type === 'SequenceExpression' ? _node : null
+              let assignmentExpression
+              if (_node.type === 'VariableDeclaration') {
+                if (_node.declarations[0]?.init?.type === 'SequenceExpression') {
+                  sequence = _node.declarations[0]?.init
+                  assignmentExpression = _node.declarations[0]?.init?.expressions?.[0]
+                }
+              }
+              if (sequence && !assignmentExpression) {
+                assignmentExpression = (sequence.expressions[0]?.type === 'AssignmentExpression' ? sequence.expressions[0] : null)
+              }
+              if (assignmentExpression) {
+                // check right call expression is calling $script
+                const right = (assignmentExpression as AssignmentExpression)?.right as CallExpression
+                // @ts-expect-error untyped
+                if (right.callee?.name === '_withAsyncContext') {
+                  if (((right.arguments[0] as ArrowFunctionExpression)?.body as Identifier)?.name === '$script'
+                    || ((((right.arguments[0] as ArrowFunctionExpression)?.body as CallExpression)?.callee as MemberExpression)?.object as Identifier)?.name === '$script') {
+                    errorNode = nameNode
+                  }
+                }
+              }
+            }
+          },
+        })
+        if (errorNode) {
+          return this.error(new Error('You can\'t use a top-level await on $script as it will never resolve.'))
         }
-      }
+      },
     }
-  }
-}
-
-async function extractScriptContentAst(code: string): Promise<AnyNode[] | undefined> {
-  const scriptCode = code.match(SCRIPT_RE)
-  return scriptCode
-    ? parse((await transform(scriptCode[1], { loader: 'ts' })).code, {
-      ecmaVersion: 'latest',
-      sourceType: 'module',
-    }).body
-    : undefined
-}
-
-function extractSetupFunction(code: string): AnyNode[] | undefined {
-  const ast = parse(code, {
-    ecmaVersion: 'latest',
-    sourceType: 'module',
   })
-
-  const defaultExport = ast.body.find((node): node is ExportDefaultDeclaration => node.type === 'ExportDefaultDeclaration')
-
-  if (defaultExport && defaultExport.declaration.type === 'CallExpression' && defaultExport.declaration.callee.type === 'Identifier' && defaultExport.declaration.callee.name === 'defineComponent') {
-    const arg = defaultExport.declaration.arguments[0]
-    if (arg && arg.type === 'ObjectExpression') {
-      const setupProperty = arg.properties.find((prop): prop is Property => prop.type === 'Property' && prop.key.type === 'Identifier' && prop.key.name === 'setup')
-      if (setupProperty) {
-        const setupValue = setupProperty.value
-        if (setupValue.type === 'FunctionExpression') {
-          return setupValue.body.body
-        }
-      }
-    }
-  }
 }

src/plugins/check-scripts.ts

@@ -1,12 +1,11 @@
-import { pathToFileURL } from 'node:url'
 import { createUnplugin } from 'unplugin'
-import { parseQuery, parseURL } from 'ufo'
 import MagicString from 'magic-string'
 import type { SourceMapInput } from 'rollup'
 import type { Node } from 'estree-walker'
 import { walk } from 'estree-walker'
 import type { Literal, ObjectExpression, Property, SimpleCallExpression } from 'estree'
 import type { InferInput } from 'valibot'
+import { isJS, isVue } from './util'
 import type { RegistryScript } from '#nuxt-scripts'
 
 export interface AssetBundlerTransformerOptions {
@@ -22,21 +21,7 @@ export function NuxtScriptBundleTransformer(options: AssetBundlerTransformerOpti
       name: 'nuxt:scripts:bundler-transformer',
 
       transformInclude(id) {
-        const { pathname, search } = parseURL(decodeURIComponent(pathToFileURL(id).href))
-        const { type } = parseQuery(search)
-
-        if (pathname.includes('node_modules/@unhead') || pathname.includes('node_modules/vueuse'))
-          return false
-
-        // vue files
-        if (pathname.endsWith('.vue') && (type === 'script' || !search))
-          return true
-
-        // js files
-        if (pathname.match(/\.((c|m)?j|t)sx?$/g))
-          return true
-
-        return false
+        return isVue(id, { type: ['template', 'script'] }) || isJS(id)
       },
 
       async transform(code, id) {

src/plugins/transform.ts

@@ -0,0 +1,44 @@
+import { pathToFileURL } from 'node:url'
+import { parseQuery, parseURL } from 'ufo'
+
+// from nuxt core
+export function isVue(id: string, opts: { type?: Array<'template' | 'script' | 'style'> } = {}) {
+  // Bare `.vue` file (in Vite)
+  const { search } = parseURL(decodeURIComponent(pathToFileURL(id).href))
+  if (id.endsWith('.vue') && !search) {
+    return true
+  }
+
+  if (!search) {
+    return false
+  }
+
+  const query = parseQuery(search)
+
+  // Component async/lazy wrapper
+  if (query.nuxt_component) {
+    return false
+  }
+
+  // Macro
+  if (query.macro && (search === '?macro=true' || !opts.type || opts.type.includes('script'))) {
+    return true
+  }
+
+  // Non-Vue or Styles
+  const type = 'setup' in query ? 'script' : query.type as 'script' | 'template' | 'style'
+  if (!('vue' in query) || (opts.type && !opts.type.includes(type))) {
+    return false
+  }
+
+  // Query `?vue&type=template` (in Webpack or external template)
+  return true
+}
+
+const JS_RE = /\.(?:[cm]?j|t)sx?$/
+
+export function isJS(id: string) {
+  // JavaScript files
+  const { pathname } = parseURL(decodeURIComponent(pathToFileURL(id).href))
+  return JS_RE.test(pathname)
+}