🍣 The one-stop shop for official Rollup plugins
Installations
npm install @rollup/plugin-babelReleases
Unable to fetch releases
Developer
rollup
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
>=14.0.0
Typescript Support
Yes
Node Version
20.8.0
NPM Version
10.1.0
Statistics
3,648 Stars
1,192 Commits
590 Forks
36 Watching
4 Branches
262 Contributors
Updated on 27 Nov 2024
Bundle Size
296.85 kB
Minified
57.66 kB
Minified + Gzipped
Languages
JavaScript (75.24%)
TypeScript (24.75%)
Shell (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
546,625,365
Last day
-4.8%
796,949
Compared to previous day
Last week
1.2%
4,312,712
Compared to previous week
Last month
12.6%
17,932,203
Compared to previous month
Last year
6.2%
202,659,954
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Peer Dependencies
3
Rollup Plugins
🍣 The one-stop shop for official Rollup plugins
This repository houses plugins that Rollup considers critical to every day use of Rollup, plugins which the organization has adopted maintenance of, and plugins that the project recommends to its users.
Plugins Found Here
| alias | Define and resolve aliases for bundle dependencies |
| auto-install | Automatically install dependencies that are imported by a bundle |
| babel | Compile your files with Babel |
| beep | System beeps on errors and warnings |
| buble | Compile ES2015 with buble |
| commonjs | Convert CommonJS modules to ES6 |
| data-uri | Import modules from Data URIs |
| dsv | Convert .csv and .tsv files into JavaScript modules with d3-dsv |
| dynamic-import-vars | Resolving dynamic imports that contain variables. |
| eslint | Verify entry point and all imported files with ESLint |
| esm-shim | Replace cjs syntax for esm output bundles |
| graphql | Convert .gql/.graphql files to ES6 modules |
| html | Create HTML files to serve Rollup bundles |
| image | Import JPG, PNG, GIF, SVG, and WebP files |
| inject | Scan modules for global variables and injects import statements where necessary |
| json | Convert .json files to ES6 modules |
| legacy | Add export declarations to legacy non-module scripts |
| multi-entry | Use multiple entry points for a bundle |
| node-resolve | Locate and bundle third-party dependencies in node_modules |
| replace | Replace strings in files while bundling |
| run | Run your bundles in Node once they're built |
| strip | Remove debugger statements and functions like assert.equal and console.log from your code |
| sucrase | Compile TypeScript, Flow, JSX, etc with Sucrase |
| swc | Transpile TypeScript/JavaScript with the speedy-web-compiler |
| terser | Generate a minified output bundle with terser |
| typescript | Integration between Rollup and Typescript |
| url | Import files as data-URIs or ES Modules |
| virtual | Load virtual modules from memory |
| wasm | Import WebAssembly code with Rollup |
| yaml | Convert YAML files to ES6 modules |
Other Packages Found Here
| pluginutils | A set of utility functions commonly used by Rollup plugins |
Contributing
This repository is a monorepo which leverages pnpm for dependency management.
To begin, please install pnpm:
1$ npm install pnpm -g
Working with Plugin Packages
All plugin packages are kept in the /packages directory.
Adding dependencies:
1$ pnpm --filter ./packages/<name> add <package>
Where <package> is the name of the NPM package you wish to add for a plugin package, and <name> is the proper name of the plugin. e.g. @rollup/plugin-beep.
Publishing:
1$ pnpm publish <name> [flags]
Where <name> is the portion of the plugin package name following @rollup/plugin-. (e.g. beep)
The publish script performs the following actions:
- Gathers commits from the last release tag
- Determines the next appropriate version bump (major, minor, or patch)
- Updates
package.json - Generates a new ChangeLog entry
- Updates
CHANGELOG.mdfor the target plugin - Commits
package.jsonandCHANGELOG.md, with a commit message is in the formchore(release): <name>-v<version> - Publishes to NPM
- Tags the release in the form
<name>-v<version>(e.g.beep-v0.1.0) - Pushes the commit and tag to Github
Flags
The following flags are available to modify the publish process:
--drytells the script to perform a dry-run, skipping any file modifications, NPM, or Git Actions. Results from version determination and new ChangeLog additions are displayed.--major,--minor,--patchcan be used to force a particular type of semver bump.--no-pushwill instruct the script not to push changes and tags to Git.--no-tagwill instruct the script not to tag the release.
Running Tests:
To run tests on all packages which have changes:
1$ pnpm test
To run tests on a specific package:
1$ pnpm --filter ./packages/<name> test
Linting:
To lint all packages which have changes:
1$ pnpm lint
To lint a specific package:
1$ pnpm --filter ./packages/<name> lint
Note: Scripts in the repository will run the root test and lint script on those packages which have changes. This is also how the CI pipelines function. To run either on a package outside of that pipeline, use pnpm <script> @rollup/plugin-<name>.
Adding Plugins
While we don't have an official procedure for adding third-party plugins to this repository, we are absolutely open to the idea. If you'd like to speak about your project being a part of this repo, please reach out to @RollupJS on Twitter.
Meta
No vulnerabilities found.
Reason
30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: packages/wasm/test/fixtures/complex.wasm:1
- Warn: binary detected: packages/wasm/test/fixtures/imports.wasm:1
- Warn: binary detected: packages/wasm/test/fixtures/sample.wasm:1
Reason
Found 13/30 approved changesets -- score normalized to 4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node-windows.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/pr-title.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 14 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @rollup/plugin-babel
babelrc-rollup
Builds a babel configuration for rollup-plugin-babel by reading .babelrc.
@sentry/babel-plugin-component-annotate
A Babel plugin that annotates frontend components with additional data to enrich the experience in Sentry
@rollup/plugin-typescript
Seamless integration between Rollup and TypeScript.
@pectin/babelrc
Locate and prepare custom babel config for rollup-plugin-babel