Gathering detailed insights and metrics for @rollup/plugin-terser
Gathering detailed insights and metrics for @rollup/plugin-terser
🍣 The one-stop shop for official Rollup plugins
Installations
npm install @rollup/plugin-terserDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>=14.0.0
Node Version
20.8.0
NPM Version
10.1.0
Releases
Unable to fetch releases
Languages
3
JavaScript
TypeScript
Shell
JavaScript (75.16%)
TypeScript (24.83%)
Shell (0.01%)
Developer
rollup
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
3,713 Stars
1,228 Commits
603 Forks
35 Watchers
5 Branches
270 Contributors
Updated on Jul 04, 2025
Maintainers
4
Package Meta Information
Latest Version
0.4.4
Package Id
@rollup/plugin-terser@0.4.4
Unpacked Size
28.03 kB
Size
5.53 kB
File Count
12
NPM Version
10.1.0
Node Version
20.8.0
Published on
Oct 05, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Peer Dependencies
1
Dev Dependencies
3
@rollup/plugin-terser
🍣 A Rollup plugin to generate a minified bundle with terser.
Requirements
This plugin requires an LTS Node version (v14.0.0+) and Rollup v2.0+.
Install
Using npm:
1npm install @rollup/plugin-terser --save-dev
Usage
Create a rollup.config.js configuration file and import the plugin:
1import terser from '@rollup/plugin-terser'; 2 3export default { 4 input: 'src/index.js', 5 output: { 6 dir: 'output', 7 format: 'cjs' 8 }, 9 plugins: [terser()] 10};
Then call rollup either via the CLI or the API.
Options
The plugin accepts a terser Options object as input parameter, to modify the default behaviour.
In addition to the terser options, it is also possible to provide the following options:
maxWorkers
Type: Number
Default: undefined
Instructs the plugin to use a specific amount of cpu threads.
1import terser from '@rollup/plugin-terser'; 2 3export default { 4 input: 'src/index.js', 5 output: { 6 dir: 'output', 7 format: 'cjs' 8 }, 9 plugins: [ 10 terser({ 11 maxWorkers: 4 12 }) 13 ] 14};
Meta
No vulnerabilities found.
Reason
12 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: packages/wasm/test/fixtures/complex.wasm:1
- Warn: binary detected: packages/wasm/test/fixtures/imports.wasm:1
- Warn: binary detected: packages/wasm/test/fixtures/sample.wasm:1
Reason
Found 14/30 approved changesets -- score normalized to 4
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node-windows.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-windows.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/pr-title.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 14 are checked with a SAST tool
Reason
20 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-vm32-9rqf-rh3r
- Warn: Project is vulnerable to: GHSA-8cc4-rfj6-fhg4
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3.9
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More