`npm run dev` serves entire project directory
See original GitHub issueDescribe the bug
When I run npm run dev
, the entire project directory is included and served as static assets. For instance, I can go to http://localhost:3000/README.md and get a prompt to download this file. (The regular static assets are routed and served correctly – this is something extra on top of that.)
To Reproduce
- Initialize a project with
npm init svelte@next
- Run
npm run dev
- Attempt to access any file relative to the project root through the server, e.g. http://localhost:3000/README.md
Expected behavior The project root is not served as static assets.
Information about your SvelteKit Installation:
Diagnostics
-
The output of
npx envinfo --system --npmPackages svelte,@sveltejs/kit,vite --binaries --browsers
System: OS: Linux 4.19 Ubuntu 20.04.2 LTS (Focal Fossa) CPU: (4) x64 Intel® Core™ i5-5200U CPU @ 2.20GHz Memory: 4.17 GB / 6.12 GB Container: Yes Shell: 5.0.17 - /bin/bash Binaries: Node: 14.7.0 - ~/.nvm/versions/node/v14.7.0/bin/node npm: 7.6.3 - ~/.nvm/versions/node/v14.7.0/bin/npm npmPackages: @sveltejs/kit: next => 1.0.0-next.71 svelte: ^3.29.0 => 3.37.0 vite: ^2.1.0 => 2.1.5 -
Your adapter (e.g. Node, static, Vercel, Begin, etc…) Node
Severity
Fairly severe – it makes it impossible to write routes that overlap with the project directory structure (e.g., a /data/[filename].json
route that corresponds to a data/
directory of JSON files in the project root that I add additional information to before serving). I discovered it because I was trying to set up a route with parameters that corresponded to a folder structure in my project directory, and spent a while thinking it had to be stale service workers or cache issues before realizing that the files from the project folder itself, rather than just static/
, were being served as static assets.
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (5 by maintainers)
Top GitHub Comments
What about leaving this open as I think you would also need to change some configuration here then? And also this should probably be fixed before a 1.0 release so nobody forgets about it?
This could also be a security issue