server-only isolation strategies (vite-env-only, `import 'server-only'`, etc.)
Hello!
I wonder what strategies people adopt here to make sure no server-side code is leaking to their client budle or ssr outputs.
I tried using
import 'server-only' + vite-env-only blocking server-only, but that seems to create false positives when you use createServerFn.
Right now I rely on a blocklist of some modules that I know have no place in client bundle (like pg, iovalkey, some node: modules, etc. but it's not exhaustive list and for example node:* creates a false positive as well).3 Replies
quickest-silver•4mo ago
we will add such a mechanism into start directly, just takes some more time to finish up other things
sensitive-blue•4mo ago
have you tried using a inline lazy import @palmik ?
may still bundle but at least may make sure if isn't used by client the packages only used serverside would never be pulled down by the client?
( I've found thats fixed builds when some packages break client/browser bundles ).
generous-apricotOP•4mo ago
Can you elaborate? Lazy importing dependencies that should be used on server only? Or lazy importing the special
server-only package?
That is great to hear:) Thank you for your work.