qwik
qwik copied to clipboard
QwikDev
The contents of `useServerMount$()` are bundled with client side JS
Qwik Version
0.9.0
Operating System (or Browser)
Chrome
Node Version (if applicable)
18
Which component is affected?
Qwik Optimizer (rust)
Expected Behaviour
When you run npm run build, the contents of the useServerMount$() hook should not be present in the bundles created for the client side. The contents should only be present in the Node bundle.
Actual Behaviour
When you run npm run build, the contents of the useServerMount$() are present in the client side JS bundles.
Additional Information
You can reproduce here: https://stackblitz.com/edit/qwik-starter-ixah1m
Stop the server when it boots up and run npm run build and search for find me. You will notice that the code is both in entry.express.mjs (Good!) and also in one of the files under ./dist/build (Bad!).
If it never loaded, then no, probably not. But if the file does get loaded and you are using a node-only library, that will break the app.
@wtho, when you use qwik-city to route to a component that is using useServerMount$(), it does break with this message:
Code(22): Components using useServerMount() can only be mounted in the server, if you need your component to be mounted in the client, use "useMount$()" instead
You can see with this example: https://stackblitz.com/edit/qwik-starter-zye1es?file=src%2Froutes%2Findex.tsx,src%2Froutes%2Fflower%2Findex.tsx
@manucorporat
Is it bad if it never load anyway?
I've been thinking about this and I think it's still a bit of a security risk to expose backend code when you shouldn't need to. Specifically, business logic that's a trade secret. Or exposing what libraries your app uses in the backend to potential hackers trying to find vulnerabilities.
FYI I ran into the same issue but when running with the DEV server, I see this was fixed in the build so I ported a similar fix for the dev.
