reshaped to fit ghost-theme

[surajkatyayan]

Summary

• Removed the tingle.js dependency and replaced the modal implementation with a custom CSS overlay + iframe approach, matching the layout from react-timely-plugin's TimelyModal.tsx
• Added responsive breakpoints: centered modal on desktop (>=960px), contained modal on tablet (768-959px), and bottom-sheet on mobile (<768px)
• Added embed_type, embed_domain, and embed_path query params so the iframe handles its own close button via postMessage
• Switched from npm/package-lock.json to Yarn with nodeLinker: node-modules, and added an esbuild IIFE build script (build:iife)
• Bumped version to 1.0.3

Test plan

• Open Timely modal on desktop (>=960px) and verify it's centered with correct dimensions
• Open on tablet viewport (768-959px) and verify constrained layout
• Open on mobile (<768px) and verify bottom-sheet behavior
• Verify page scroll is locked when modal is open
• Verify close via postMessage from iframe works correctly
• Run yarn build:iife and verify dist/vanilla-timely.iife.js is generated

[Copilot]

Pull request overview

This PR replaces the existing Tingle.js-based modal with a custom CSS overlay + iframe approach to better match the ghost-theme / react-timely-plugin layout, and updates packaging to support Yarn + an esbuild IIFE build.

Changes:

• Replaced tingle.js modal implementation with a custom overlay + responsive iframe modal and postMessage-based close.
• Updated README usage docs (bundler + script-tag/IIFE) and added responsive layout notes.
• Migrated from npm lockfile to Yarn (Berry, node-modules linker) and added an esbuild build:iife script; bumped version to 1.0.3.

Reviewed changes

Copilot reviewed 4 out of 7 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
index.js	Implements the new overlay/iframe modal, responsive CSS, and postMessage close handling.
README.md	Updates API/usage documentation and adds IIFE/script-tag usage instructions.
package.json	Removes runtime dependency, adds build:iife script, bumps version, adds esbuild devDependency.
package-lock.json	Removes npm lockfile as part of Yarn migration.
yarn.lock	Adds Yarn lockfile for the new dependency set (esbuild).
.yarnrc.yml	Configures Yarn nodeLinker: node-modules.
.gitignore	Ignores dist/ and Yarn install state.

Comments suppressed due to low confidence (1)

index.js:108

• closeMethods is still part of the exported openTimely() signature but is no longer used anywhere in the implementation. This is now an API/documentation mismatch (README describes only 3 params) and can confuse callers; either remove closeMethods from the signature (major version bump) or reintroduce behavior that uses it.

export function openTimely(
  eventName,
  params = {},
  closeMethods = [],
  env = "prod"
) {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

document.body.appendChild(timelyOverlay) runs at module load time and will throw if this script is loaded before <body> exists (e.g., included in <head>). Consider lazily creating/appending the overlay inside openTimely() (or gating behind DOMContentLoaded) to avoid hard dependency on document.body being available during import.

[Copilot]

eventName is interpolated directly into the URL path without encoding. If it contains characters like /, ?, #, or quotes, the resulting src can be malformed and (because it's later inserted into HTML) can become an injection vector. Build the URL with encodeURIComponent(eventName) (or the URL API) before setting the iframe src.

Suggested change

	const timelyUrlStaging = `https://test-timely.joinditto.in/event/${eventName}/book`;
	const timelyUrlProd = `https://timely.joinditto.in/event/${eventName}/book`;
	const encodedEventName = encodeURIComponent(eventName);
	const timelyUrlStaging = `https://test-timely.joinditto.in/event/${encodedEventName}/book`;
	const timelyUrlProd = `https://timely.joinditto.in/event/${encodedEventName}/book`;

[Copilot]

The iframe is created via timelyOverlay.innerHTML with a src built from runtime values. Even with encodeURIComponent for query params, HTML injection is still possible via the unencoded eventName path, and using innerHTML is unnecessarily risky. Prefer creating the iframe with document.createElement('iframe') and setting iframe.src/className/id directly.

[Copilot]

The message handler accepts { from: "timely", action: "confirm-close" } from any origin/source, so any script on the host page can close the modal by posting that payload. Validate event.origin (prod/test Timely domains) and ideally also event.source === document.getElementById('timely-iframe')?.contentWindow before acting on the message.

[Copilot]

closeTimely() hides the overlay but leaves the iframe running in the DOM. This can keep network activity/timers alive and retain memory even after closing. Consider clearing/removing the iframe node on close (e.g., emptying timelyOverlay or removing/recreating the overlay) so closing actually tears down the embedded page.

Suggested change

	window.removeEventListener("message", timelyMessageListener);
	window.removeEventListener("message", timelyMessageListener);
	// Clear iframe content so the embedded page is fully torn down
	timelyOverlay.innerHTML = "";

[Copilot]

README states openTimely takes 3 parameters (eventName, params, env), but the actual exported function signature still includes a 3rd closeMethods parameter before env. Update the docs to match the current API, or adjust the API to match the documented 3-parameter form.

[Copilot]

build:iife generates dist/vanilla-timely.iife.js, but nothing ensures it’s built before publishing to npm. Since the README documents script-tag usage from dist/, consider adding a prepack/prepublishOnly script (or publishing dist via the files field) so consumers reliably get the IIFE artifact.

[arifraveendran]

lgtm

[arifraveendran]

can remove this comment