fix(nextjs): Populate __SENTRY_SERVER_MODULES__ in Turbopack#19231
fix(nextjs): Populate __SENTRY_SERVER_MODULES__ in Turbopack#19231RulaKhaled merged 6 commits intodevelopfrom
Conversation
Codecov Results 📊Generated by Codecov Action |
RulaKhaled
requested review from
chargome and
logaretm
and removed request for
logaretm
node-overhead report 🧳Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
packages/nextjs/src/config/turbopack/generateValueInjectionRules.ts
Outdated
Show resolved
Hide resolved
logaretm
left a comment
logaretm
left a comment
There was a problem hiding this comment.
Nice find and fix! Just a minor nitpick
packages/nextjs/src/config/util.ts
Outdated
| /** | ||
| * Extract modules from project directory's package.json | ||
| */ | ||
| export function _getModules(projectDir: string): Record<string, string> { |
There was a problem hiding this comment.
very l: nice extracting it but can we rename it to getPackageModules since it's no longer a private function.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| } | ||
| // Inject server modules (matching webpack's __SENTRY_SERVER_MODULES__ behavior) | ||
| // Use process.cwd() to get the project directory at build time | ||
| serverValues.__SENTRY_SERVER_MODULES__ = getPackageModules(process.cwd()); |
There was a problem hiding this comment.
Wrong package.json chosen in monorepos
Medium Severity
generateValueInjectionRules uses getPackageModules(process.cwd()) to populate __SENTRY_SERVER_MODULES__, which can read the wrong package.json when next runs from a different working directory (common in monorepos/workspaces). This can inject an unrelated dependency map, breaking module auto-detection or producing misleading module availability.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| } | ||
| // Inject server modules (matching webpack's __SENTRY_SERVER_MODULES__ behavior) | ||
| // Use process.cwd() to get the project directory at build time | ||
| serverValues.__SENTRY_SERVER_MODULES__ = getPackageModules(process.cwd()); |
There was a problem hiding this comment.
Turbopack value injection incompatible with bare identifier access
High Severity
The __SENTRY_SERVER_MODULES__ value is injected onto globalThis by the valueInjectionLoader, but the consumer code in modules.ts accesses it as a bare identifier rather than via globalThis. In ES modules with strict mode, properties on globalThis aren't accessible as bare identifiers, causing the typeof check to evaluate as 'undefined' and fall back to an empty object. This breaks module detection for Turbopack builds, defeating the entire purpose of this PR.
2 participants
Turbopack was missing
__SENTRY_SERVER_MODULES__injection, causing modulesIntegration to return empty in Next.js v16. This broke auto detection for integrations that check module availability.Changes matche webpack's existing behavior by reading package.json at build time and injecting dependencies into the bundle.
closes: #19147