use with vite-env-only

[joprice]

I was attempting to use the vite-env-only plugin with a solid-start template, but found that the use of use server causes the denyFiles configurations to fail to work for transitive dependencies. An example would be client.js -> api.js -> db.js, where api.js has use server directives, and db.js is listed in the denyFiles client array in the vite config.

I'm not familiar with the internals, but since I noticed that the resulting api asset (.vinxi/build/client/_build/assets/api-....js) has the definition of db.js inlined, my guess is that the use server directive is processed first and generates a new module that no longer references db.js, so the vite-env-only plugin is no longer able to detect it the import.

It would be nice to use the vite-env-only plugin to enforce the invariant that secrets or server code do not split into the client bundle, but perhaps that functionality could be provided directly by vinxi.

[doeixd]

Why not just use: "use server" in the first line of db.js to avoid vinxi and vite-env-only stepping on each other's feet?

[joprice]

I may have tried that, but I've lost context as I switched off of solid-start for now due to these issues of server code leaking into the client. Overall, I want to enforce at build time that there hasn't been any server code leaked, whether or not use server was used in the correct place. I remember trying a lot of different configurations, and all of them not getting quite what I expected. I can make a repro repo with some examples since I know it's hard to tell what the expected behavior should be and there's a lot of moving targets involved.