subtle wadi
How can I trust and ensure that server privates didn’t leak into client?
I tried using .server extension, placing functions in a /server directory, etc. they all are still bundled into the client.
I don’t know any to just use “serverOnly” on functions but feel assured that a global const doesn’t leak.
Is there documentation on how a server function can bundle this?
My problem is that a silly dev will see something outside a server function scope and import that into a client and can expose things.
I really hoped for an extension, server folder, or both, that enforced this.
For now I’m using oRPC to have more safety but I’d rather skip the network hop.
zinc crag