Addon Docs: Add __STORYBOOK_UNSAFE_TOCBOT__ global

[yannbf]

Closes ##31449

What I did

Previously, Storybook was using an older version of tocbot (4.23.0) and the package was being bundled as its CJS version, which by side effect, ended up exposing tocbot on the window object. Now, Storybook uses a newer version which is now bundled as its ESM version and therefore that tocbot is not exposed anymore.

This PR introduces a way to re-acess the object via globalThis.__STORYBOOK_UNSAFE_TOCBOT__ (at your own risk) to allow usage the same way a before. This is an undocumented feature and shouldn't be used unless you know what you're doing, and it can change in between versions of Storybook.

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

• stories
• unit tests
• integration tests
• end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=<PR_NUMBER>

Greptile Summary

This PR introduces the __STORYBOOK_UNSAFE_TOCBOT__ global variable to restore access to the tocbot instance that was lost when Storybook upgraded from tocbot 4.23.0 to a newer version. The change addresses a breaking issue where users who relied on the accidentally exposed tocbot instance (previously available due to CJS bundling side effects) to refresh table of contents for dynamically loaded content lost this functionality when Storybook switched to ESM bundling.

The implementation adds a conditional assignment in preview.ts that exposes either tocbot.default or tocbot itself via globalThis.__STORYBOOK_UNSAFE_TOCBOT__, handling both CJS and ESM module formats. A corresponding TypeScript declaration is added to typings.d.ts to provide proper typing support. The "UNSAFE" naming convention clearly signals this is an undocumented escape hatch that may change between versions.

This change fits into Storybook's addon architecture by providing backward compatibility while explicitly marking the API as unstable through its naming convention, allowing users to migrate their code while maintaining functionality.

PR Description Notes:

• The issue link appears malformed (contains extra "https://" prefix)
• Manual testing section is incomplete with no specific testing steps provided
• No automated tests are marked as covering these changes

Confidence score: 4/5

• This is a safe compatibility fix that restores previously available functionality without breaking existing code
• The implementation properly handles both CJS and ESM module formats and includes appropriate TypeScript declarations
• The conditional check prevents overwriting existing values and the "UNSAFE" naming clearly communicates the API's instability
• Minor concerns about the lack of automated tests and incomplete manual testing documentation, but the changes are straightforward and low-risk

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 53e5d1d

Command	Status	Duration	Result
nx run-many -t build --parallel=3	✅ Succeeded	1m 22s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-08-01 14:17:28 UTC

[storybook-app-bot]

Package Benchmarks

^{Commit: 53e5d1d, ran on 1 August 2025 at 14:04:10 UTC}

The following packages have significant changes to their size or dependencies:

@storybook/addon-docs

	Before	After	Difference
Dependency count	12	12	0
Self size	2.42 MB	2.47 MB	🚨 +53 KB 🚨
Dependency size	8.93 MB	8.93 MB	0 B
Bundle Size Analyzer	Link	Link

[shilman]

Thank you @yannbf !!!

[ndelangen]

@yannbf please add a manual testing section so we can do QA

[yannbf]

Turns out this feature got removed.