Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/red-carpets-wave.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@stephansama/svelte-social-share-links": patch
---

updated the svelte-social-share-links to export storybook website for user testing
1 change: 0 additions & 1 deletion .config/www/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
"private": true,
"type": "module",
"scripts": {
"prebuild": "pnpm run setup",
"build": "vitepress build",
"predev": "pnpm run setup",
"dev": "vitepress dev",
Expand Down
10 changes: 6 additions & 4 deletions .config/www/setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@

pnpm --workspace-root run scripts:generate-examples

./node_modules/.bin/typedoc
pnpm exec typedoc

./node_modules/.bin/eslint-config-inspector build --base /eslint --outDir public/eslint
pnpm exec eslint-config-inspector build --base /eslint --outDir public/eslint

./node_modules/.bin/node-modules-inspector build --base /node_modules --outDir public/node_modules
pnpm exec node-modules-inspector build --base /node_modules --outDir public/node_modules

node -e "console.log(JSON.stringify({message: Date.now()}))" >public/healthcheck.json

pnpm --workspace-root run --silent scripts:meta >public/meta.json
pnpm --workspace-root run scripts:meta >public/meta.json

pnpm --workspace-root run scripts:storybook
9 changes: 7 additions & 2 deletions .config/www/turbo.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,16 @@
"./api/",
"./public/healthcheck.json",
"./public/node_modules",
"./public/eslint"
"./public/eslint",
"./public/api"
]
},
"build": {
"dependsOn": ["create-stephansama-example#build", "www#setup"],
"dependsOn": [
"create-stephansama-example#build",
"@stephansama/svelte-social-share-links#build:storybook",
"www#setup"
],
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated
"outputs": ["$TURBO_ROOT$/dist"]
}
}
Expand Down
21 changes: 15 additions & 6 deletions core/svelte-social-share-links/package.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"name": "@stephansama/svelte-social-share-links",
"version": "1.1.1",
"private": false,
"description": "Svelte/Web component to share the current url with various social media providers",
"homepage": "https://packages.stephansama.info/api/@stephansama/svelte-social-share-links",
"repository": {
"type": "git",
"url": "git+https://github.com/stephansama/packages.git",
"directory": "core/svelte-social-share-links"
},
"author": {
"name": "Stephan Randle",
"email": "stephanrandle.dev@gmail.com",
"url": "https://stephansama.info"
},
"type": "module",
"exports": {
".": {
Expand All @@ -30,13 +35,14 @@
"!dist/**/*.spec.*"
],
"scripts": {
"prebuild": "svelte-package",
"build": "vite -c ./vite.webcomponent.config.ts build",
"build": "pnpm run --sequential \"/^build:.*/\"",
"postbuild": "publint",
"build:storybook": "storybook build",
"build:svelte": "svelte-package",
"build:vite": "vite -c ./vite.webcomponent.config.ts build",
"check": "svelte-check --tsconfig ./tsconfig.json",
"dev": "svelte-package --watch",
"storybook": "storybook dev -p 6006",
"storybook:build": "storybook build"
"dev:storybook": "storybook dev -p 6006"
},
"devDependencies": {
"@chromatic-com/storybook": "catalog:storybook",
Expand All @@ -60,5 +66,8 @@
"access": "public",
"provenance": true
},
"readme": "./README.md"
"readme": "./README.md",
"storybook": {
"url": "https://packages.stephansama.info/api/@stephansama/svelte-social-share-links/storybook"
}
}
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
"scripts:lint-examples": "node ./scripts/lint-examples.js",
"scripts:meta": "node ./scripts/meta.js",
"scripts:pkg-pr-new": "node ./scripts/pkg-pr-new.js",
"scripts:storybook": "node ./scripts/storybook.js",
"test": "turbo test",
"pretest:ci": "pnpm run scripts:generate-examples",
"test:ci": "vitest --run --coverage",
Expand Down
2 changes: 2 additions & 0 deletions pnpm-workspace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ catalog:
'@types/react': ^19.2.14
'@types/vfile': ^4.0.0
'@types/yargs': ^17.0.35
actions-up: ^1.11.0
astro: 5.9.3
deepmerge: ^4.3.1
es-toolkit: 1.43.0
Expand All @@ -40,6 +41,7 @@ catalog:
remark: ^15.0.1
tailwind-scrollbar: ^4.0.2
tailwindcss: ^4.1.18
taze: ^19.9.2
tsdown: 0.15.12
tsx: 4.21.0
typescript: 5.9.3
Expand Down
27 changes: 27 additions & 0 deletions scripts/storybook.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/usr/bin/env node

import { getPackages } from "@manypkg/get-packages";
import * as fs from "node:fs";
import * as path from "node:path";

const { packages } = await getPackages(process.cwd());

const www = packages.find((pkg) => pkg.packageJson.name === "www");
if (!www) throw new Error("unable to find www package");

for (const pkg of packages) {
if (!("storybook" in pkg.packageJson)) continue;
if (!("url" in pkg.packageJson.storybook)) continue;
if (typeof pkg.packageJson.storybook.url !== "string") continue;
Comment on lines +13 to +15

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For improved readability and conciseness, you can combine these checks into a single line using optional chaining (?.).

	if (typeof pkg.packageJson.storybook?.url !== "string") continue;


const storybookDir = path.resolve(path.join(pkg.dir, "storybook-static"));
const outputDir = path.resolve(
path.join(www.dir, "public", "api", pkg.packageJson.name, "storybook"),
);
Comment on lines +18 to +20

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

The script uses pkg.packageJson.name directly in path.join to construct outputDir. If a package in the monorepo has a malicious name containing path traversal characters (e.g., ../../), it could lead to files being copied to unintended locations outside the public/api directory. This could be exploited by an attacker who can submit a pull request with a malicious package.json file, potentially overwriting sensitive files in the repository during the build process.


await fs.promises.cp(storybookDir, outputDir, { recursive: true });
Comment thread
stephansama marked this conversation as resolved.
Comment thread
stephansama marked this conversation as resolved.

console.info(
`successfully copied ${pkg.packageJson.name} storybook configuration to documentation site`,
);
Comment on lines +22 to +26

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The script will crash with an unhandled exception if the storybook-static directory doesn't exist. It's more robust to catch this specific error, log a warning, and allow the script to continue with other packages. Other unexpected errors should still cause the script to fail.

	await fs.promises.cp(storybookDir, outputDir, { recursive: true }).then(() => {
		console.info(
			`successfully copied ${pkg.packageJson.name} storybook configuration to documentation site`,
		);
	}).catch((error) => {
		if (error.code === 'ENOENT') {
			console.warn(`Skipping ${pkg.packageJson.name}: source directory not found at ${storybookDir}.`);
		} else {
			console.error(`Error copying storybook for ${pkg.packageJson.name}:`);
			throw error;
		}
	});

}
14 changes: 7 additions & 7 deletions turbo.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@
},
"build": {
"dependsOn": ["^build"],
"outputs": ["dist*/**", "config", "!.next/cache/**"]
"outputs": ["dist*/**", "config", "storybook-static", "!.next/cache/**"]
},
"lint:fix": { "cache": false },
"lint": {
"dependsOn": ["^lint"]
},
"check-types": {
"dependsOn": ["^check-types"]
"build:storybook": {
"dependsOn": ["^build"],
"outputs": ["storybook-static"]
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated
},
"lint": { "dependsOn": ["^lint"] },
"lint:fix": { "cache": false },
"check-types": { "dependsOn": ["^check-types"] },
"publish": {
"persistent": true,
"cache": false,
Expand Down
Loading