npmpackage.info

@rollup/pluginutils

🍣 The one-stop shop for official Rollup plugins

5.1.3

3,646

MIT

JavaScript

1,773,651,402

3.9

Installations

npm install @rollup/pluginutils

Score

56.3

Supply Chain

100

Quality

89.2

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

17

Total

735

Closed

173

Merged

545

Issues

Open

73

Total

998

Closed

925

Releases

Unable to fetch releases

Contributors

262

View all 262 contributors

Developer

rollup

Module System

BETA

CommonJS, ESM

Statistics

3,646 Stars

1,192 Commits

591 Forks

36 Watching

4 Branches

262 Contributors

Updated on 21 Nov 2024

Languages

JavaScript (75.24%)

TypeScript (24.75%)

Shell (0.01%)

Total Downloads

Cumulative downloads

Total Downloads

1,773,651,402

Last day

13%

3,446,417

Compared to previous day

Last week

6.1%

18,534,999

Compared to previous week

Last month

7.8%

75,482,293

Compared to previous month

Last year

37.9%

746,043,968

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Rollup Plugins

🍣 The one-stop shop for official Rollup plugins

This repository houses plugins that Rollup considers critical to every day use of Rollup, plugins which the organization has adopted maintenance of, and plugins that the project recommends to its users.

Plugins Found Here


alias	Define and resolve aliases for bundle dependencies
auto-install	Automatically install dependencies that are imported by a bundle
babel	Compile your files with Babel
beep	System beeps on errors and warnings
buble	Compile ES2015 with buble
commonjs	Convert CommonJS modules to ES6
data-uri	Import modules from Data URIs
dsv	Convert .csv and .tsv files into JavaScript modules with d3-dsv
dynamic-import-vars	Resolving dynamic imports that contain variables.
eslint	Verify entry point and all imported files with ESLint
esm-shim	Replace cjs syntax for esm output bundles
graphql	Convert .gql/.graphql files to ES6 modules
html	Create HTML files to serve Rollup bundles
image	Import JPG, PNG, GIF, SVG, and WebP files
inject	Scan modules for global variables and injects `import` statements where necessary
json	Convert .json files to ES6 modules
legacy	Add `export` declarations to legacy non-module scripts
multi-entry	Use multiple entry points for a bundle
node-resolve	Locate and bundle third-party dependencies in node_modules
replace	Replace strings in files while bundling
run	Run your bundles in Node once they're built
strip	Remove debugger statements and functions like assert.equal and console.log from your code
sucrase	Compile TypeScript, Flow, JSX, etc with Sucrase
swc	Transpile TypeScript/JavaScript with the speedy-web-compiler
terser	Generate a minified output bundle with terser
typescript	Integration between Rollup and Typescript
url	Import files as data-URIs or ES Modules
virtual	Load virtual modules from memory
wasm	Import WebAssembly code with Rollup
yaml	Convert YAML files to ES6 modules

Other Packages Found Here


pluginutils	A set of utility functions commonly used by Rollup plugins

Contributing

This repository is a monorepo which leverages pnpm for dependency management.

To begin, please install pnpm:

1$ npm install pnpm -g

Working with Plugin Packages

All plugin packages are kept in the /packages directory.

Adding dependencies:

1$ pnpm --filter ./packages/<name> add <package>

Where <package> is the name of the NPM package you wish to add for a plugin package, and <name> is the proper name of the plugin. e.g. @rollup/plugin-beep.

Publishing:

1$ pnpm publish <name> [flags]

Where <name> is the portion of the plugin package name following @rollup/plugin-. (e.g. beep)

The publish script performs the following actions:

Gathers commits from the last release tag
Determines the next appropriate version bump (major, minor, or patch)
Updates package.json
Generates a new ChangeLog entry
Updates CHANGELOG.md for the target plugin
Commits package.json and CHANGELOG.md, with a commit message is in the form chore(release): <name>-v<version>
Publishes to NPM
Tags the release in the form <name>-v<version> (e.g. beep-v0.1.0)
Pushes the commit and tag to Github

Flags

The following flags are available to modify the publish process:

--dry tells the script to perform a dry-run, skipping any file modifications, NPM, or Git Actions. Results from version determination and new ChangeLog additions are displayed.
--major, --minor, --patch can be used to force a particular type of semver bump.
--no-push will instruct the script not to push changes and tags to Git.
--no-tag will instruct the script not to tag the release.

Running Tests:

To run tests on all packages which have changes:

1$ pnpm test

To run tests on a specific package:

1$ pnpm --filter ./packages/<name> test

Linting:

To lint all packages which have changes:

1$ pnpm lint

To lint a specific package:

1$ pnpm --filter ./packages/<name> lint

Note: Scripts in the repository will run the root test and lint script on those packages which have changes. This is also how the CI pipelines function. To run either on a package outside of that pipeline, use pnpm <script> @rollup/plugin-<name>.

Adding Plugins

While we don't have an official procedure for adding third-party plugins to this repository, we are absolutely open to the idea. If you'd like to speak about your project being a part of this repo, please reach out to @RollupJS on Twitter.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

7

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Security-Policy

Determines if the project has published a security policy.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-windows.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/node-windows.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/pr-title.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/plugins/validate.yml/master?enable=pin
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.9

/10

Last Scanned on 2024-11-11

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @rollup/pluginutils

rollup-pluginutils

2.8.2

Functionality commonly needed by Rollup plugins

@naiable/rollup-config

0.2.1

Use rollup like tsup, but opinionated my way.

@jamesernator/rollup-pluginutils

2.3.2

Functionality commonly needed by Rollup plugins

@trusktr/rollup-pluginutils

2.0.1

Functionality commonly needed by Rollup plugins

@rollup/pluginutils

Installations

Score

Pull Requests

17

735

173

545

Issues

73

998

925

Releases

Unable to fetch releases

Contributors

Developer

rollup

Module System

CommonJS, ESM

Statistics

Languages

Total Downloads

1,773,651,402

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

Rollup Plugins

Plugins Found Here

Other Packages Found Here

Contributing

Working with Plugin Packages

Adding dependencies:

Publishing:

Flags

Running Tests:

Adding Plugins

Meta

10

10

10

7

4

0

0

0

0

0

0

0

3.9

/10

Other packages similar to @rollup/pluginutils