Skip to content

fix(VP-1133): subpath export added#559

Open
csAdityaPachauri wants to merge 1 commit intomainfrom
VP-1133/purge-flag
Open

fix(VP-1133): subpath export added#559
csAdityaPachauri wants to merge 1 commit intomainfrom
VP-1133/purge-flag

Conversation

@csAdityaPachauri
Copy link
Contributor

@csAdityaPachauri csAdityaPachauri commented Mar 11, 2026
edited
Loading

https://github.com/user-attachments/assets/a77c6b8e-3eca-4a12-8db8-500804b36d56
Thread

Issue Summary
Even when PURGE_PREVIEW_SDK=true, the full Live Preview SDK is still getting bundled and executed.

Why this is happening
In the current code:

const ContentstackLivePreview =
  (process?.env?.PURGE_PREVIEW_SDK === "true" || )
    ? LightLivePreviewHoC
    : ContentstackLivePreviewHOC;

export default ContentstackLivePreview;

Both LightLivePreviewHoC and ContentstackLivePreviewHOC are statically imported in the main entry.

Because of this, the bundler still includes:

ContentstackLivePreviewHOC (full SDK)
• Live Preview logic
• Edit button (#cslp-tooltip)
• Visual Builder code
effect() logic that injects the button

What DefinePlugin / env var actually does
PURGE_PREVIEW_SDK=true only changes which export is returned at runtime.
It does not stop the full SDK module graph from being bundled, because the import itself is static.

Result
LightLivePreviewHoC is indeed the exported default at runtime ✅
• But the full SDK is still loaded and executed as a side effect
• This is why the customer still sees #cslp-tooltip and Visual Builder code in the bundle and DOM.

Conclusion
Setting PURGE_PREVIEW_SDK=true alone does not remove the full SDK from the bundle.
It only switches the exported HOC; it does not prevent the full Live Preview code from being imported and executed.

@csAdityaPachauri csAdityaPachauri requested review from a team as code owners March 11, 2026 06:41
@github-actions
Copy link

github-actions bot commented Mar 11, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 2 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@github-actions
Copy link

github-actions bot commented Mar 11, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 71.63% 8019 / 11195
🔵 Statements 71.63% 8019 / 11195
🔵 Functions 74.7% 319 / 427
🔵 Branches 85.28% 1194 / 1400
File CoverageNo changed files found.
Generated in workflow #755 for commit c617f0d by the Vitest Coverage Report Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@csAdityaPachauri