feat(docs): add search functionality to documentation

[iamomm-hack]

Add Search Bar to Freighter Docs

Problem

The documentation currently lacks a search feature, making it difficult for users to quickly find relevant information.

Solution

• Integrated local search using @easyops-cn/docusaurus-search-local
• Added search bar to the navbar
• Enabled keyword-based search across documentation pages

Features

• Instant search results
• Highlighted search terms
• No external API required

Notes

• Changes are limited to the docs workspace only

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		High CVE: npm @isaacs/brace-expansion has Uncontrolled Resource Consumption CVE: GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption (HIGH) Affected versions: < 5.0.1 Patched version: 5.0.1 From: ? → npm/shadcn@3.8.4 → npm/glob@12.0.0 → npm/@isaacs/brace-expansion@5.0.0 ℹ Read more on: This package | This alert | What is a CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@isaacs/brace-expansion@5.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		High CVE: Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig CVE: GHSA-43fc-jf86-j433 Axios is Vulnerable to Denial of Service via proto Key in mergeConfig (HIGH) Affected versions: >= 1.0.0 < 1.13.5; < 0.30.3 Patched version: 1.13.5 From: ? → npm/soroswap-router-sdk@1.4.6 → npm/@stellar/typescript-wallet-sdk-km@1.9.0 → npm/axios@1.13.2 ℹ Read more on: This package | This alert | What is a CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axios@1.13.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm lunr-languages is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@easyops-cn/docusaurus-search-local@0.55.1 → npm/lunr-languages@1.14.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lunr-languages@1.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm lunr-languages is 95.0% likely obfuscated Confidence: 0.95 Location: Package overview From: ? → npm/@easyops-cn/docusaurus-search-local@0.55.1 → npm/lunr-languages@1.14.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lunr-languages@1.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm lunr-languages under MIT AND MPL-1.1 Location: Package overview From: ? → npm/@easyops-cn/docusaurus-search-local@0.55.1 → npm/lunr-languages@1.14.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lunr-languages@1.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[Copilot]

Pull request overview

Adds local, client-side search to the Freighter documentation site (Docusaurus) so users can quickly find relevant pages without relying on an external search API.

Changes:

• Added @easyops-cn/docusaurus-search-local to the docs workspace dependencies.
• Added a navbar search item and configured the local search plugin in docusaurus.config.js.
• Updated lockfile and the root packageManager metadata as part of the dependency change.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 4 comments.

File	Description
docs/package.json	Adds the local search plugin dependency to the docs workspace.
docs/docusaurus.config.js	Adds navbar search UI and configures the local search plugin.
package.json	Updates the Yarn packageManager field to include a hash.
yarn.lock	Captures the new dependency graph introduced by the search plugin.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Adding @easyops-cn/docusaurus-search-local introduces a second set of @docusaurus/* packages at 3.10.0 in yarn.lock while the docs site is pinned to 3.6.3. Running multiple Docusaurus minor versions side-by-side can cause plugin/runtime incompatibilities and also bloats the install. Consider aligning versions by either upgrading docs to 3.10.0 or adding a Yarn resolution to force @docusaurus/* (and react-router deps if needed) to the same version used by docs.

[Copilot]

All other docs dependencies are pinned to exact versions, but this new dependency uses a caret range. To keep installs deterministic and avoid unexpected lockfile churn, pin @easyops-cn/docusaurus-search-local to an exact version (and manage updates intentionally).

Suggested change

	"@stellar/freighter-api": "latest",
	"@stellar/freighter-api": "4.1.0",

[Copilot]

The comment "SEARCH PLUGIN (FINAL)" isn’t descriptive of behavior and will likely become stale. Prefer either removing it or replacing it with a short, durable description (e.g., "Local doc search") without workflow/status wording like "FINAL".

Suggested change

	// SEARCH PLUGIN (FINAL)
	// Local doc search plugin

[Copilot]

PR description says changes are limited to the docs workspace, but this updates the root-level packageManager field. If this hash change is intentional (e.g., standardizing the Yarn binary via Corepack), it would help to note it in the PR description; otherwise consider reverting to keep the scope strictly docs-only.

[iamomm-hack]

Cleaned up the PR to limit changes strictly to the docs workspace and removed unrelated root-level changes.

[iamomm-hack]

Thanks for the review!

I’ve limited the changes strictly to the docs workspace and cleaned up unrelated root-level changes.

Regarding the dependency warnings, I used @easyops-cn/docusaurus-search-local as a common approach for adding local search in Docusaurus. Happy to switch to an alternative if preferred.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​easyops-cn/​docusaurus-search-local@​0.55.1

View full report

[iamomm-hack]

Rebased on latest master and refreshed the lockfile to resolve merge conflicts. Checks should rerun now.