Skip to content

breaking: stricter server file checks + additional guard possibilities#16235

Open
dummdidumm wants to merge 2 commits into
version-3from
server-only-validation-enhancements
Open

breaking: stricter server file checks + additional guard possibilities#16235
dummdidumm wants to merge 2 commits into
version-3from
server-only-validation-enhancements

Conversation

@dummdidumm

Copy link
Copy Markdown
Member

closes #12529

  • The server-only module guard no longer skips files outside the project cwd, so *.server.* files imported from workspace packages are now also protected from being bundled into the client. Files in node_modules are still skipped to avoid false positives.
  • Added a @sveltejs/kit/server-only export that throws when imported on the client and is a no-op on the server. This is useful for library authors who want to ensure a module is never included in client-side bundles.
  • @sveltejs/package now warns when publishing files that contain .server. in their filename or are in a server directory, as these are not protected from client-side imports when consumed from node_modules. The warning recommends using @sveltejs/kit/server-only

closes #12529

- The server-only module guard no longer skips files outside the project `cwd`, so `*.server.*` files imported from workspace packages are now also protected from being bundled into the client. Files in `node_modules` are still skipped to avoid false positives.
- Added a `@sveltejs/kit/server-only` export that throws when imported on the client and is a no-op on the server. This is useful for library authors who want to ensure a module is never included in client-side bundles.
- `@sveltejs/package` now warns when publishing files that contain `.server.` in their filename or are in a `server` directory, as these are not protected from client-side imports when consumed from `node_modules`. The warning recommends using `@sveltejs/kit/server-only`
@pkg-svelte-dev

pkg-svelte-dev Bot commented Jul 3, 2026

Copy link
Copy Markdown

Install the latest version of @sveltejs/kit from a1cf325:

pnpm add https://pkg.svelte.dev/@sveltejs/kit/c/a1cf3256b980be2594e5648216d5010b08b7fd49

Open in pkg.svelte.dev: https://pkg.svelte.dev/repos/kit/pr/16235

@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: a1cf325

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@sveltejs/kit Major
@sveltejs/package Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@svelte-docs-bot

Copy link
Copy Markdown

Comment thread packages/kit/package.json Outdated
Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant