Gathering detailed insights and metrics for bundle-stats-webpack-plugin
Gathering detailed insights and metrics for bundle-stats-webpack-plugin
Analyze bundle stats(bundle size, assets, modules, packages) and compare the results between different builds. Support for webpack, rspack, vite, rolldown and rollup.
Installations
npm install bundle-stats-webpack-pluginDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 14.0
Node Version
20.19.2
NPM Version
lerna/8.2.2/node@v20.19.2+x64 (linux)
Releases
124
Languages
5
TypeScript
JavaScript
CSS
HTML
Shell
TypeScript (62.55%)
JavaScript (27.95%)
CSS (9.21%)
HTML (0.15%)
Shell (0.15%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
637 Stars
6,222 Commits
19 Forks
2 Watchers
32 Branches
14 Contributors
Updated on Jul 15, 2025
Maintainers
3
Package Meta Information
Latest Version
4.21.0
Package Id
bundle-stats-webpack-plugin@4.21.0
Unpacked Size
20.09 kB
Size
6.32 kB
File Count
7
NPM Version
lerna/8.2.2/node@v20.19.2+x64 (linux)
Node Version
20.19.2
Published on
Jun 29, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
2
Demos: Bundle analysis comparison · Bundle analysis
BundleStats
Analyze bundle stats(bundle size, assets, modules, packages) and compare the results between different builds. Support for webpack, rspack, vite, rollup and rolldown.
- Bundle size and totals by file type(css, js, img, etc)
- Insights: duplicate packages, new packages
- Initial JS/CSS, Cache invalidation, and other bundle metrics
- Assets report (entrypoint, initial, types, changed, delta)
- Modules report (changed, delta, chunks, duplicate count and percentage)
- Packages report (count, duplicate, changed, delta)
:star: Side by side comparison for multiple builds
Related projects
:cyclone: relative-ci.com
Optimize your web app's performance with automated bundle stats analysis and monitoring.
- :crystal_ball: In-depth bundle stats analysis for every build
- :chart_with_upwards_trend: Monitor bundle stats changes and identify opportunities for optimizations
- :bell: Rule based automated review flow, or get notified via GitHub Pull Request comments, GitHub check reports and Slack messages
- :wrench: Support for webpack and beta support for Vite/Rollup
- :hammer: Support for all major CI services(CircleCI, GitHub Actions, Gitlab CI, Jenkins, Travis CI)
- :nut_and_bolt: Support for npm, yarn and pnpm; support for monorepos
- :two_hearts: Always free for Open Source
:first_quarter_moon: relative-ci/compare
Standalone web application to compare Webpack/Lighthouse/Browsertime stats.
:zap: bundle-stats-action
Github Action that generates bundle-stats reports.
Packages
bundle-stats
CLI to generate bundle stats report.
bundle-stats-webpack-plugin
Webpack plugin to generate bundle stats report for webpack/rspack.
gatsby-plugin-bundle-stats
Gatsby plugin for bundle-stats.
next-plugin-bundle-stats
Next.js plugin for bundle-stats.
rollup-plugin-bundle-stats
Rollup plugin to generate bundle stats report for vite/rolldown/rollup.
No vulnerabilities found.
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (29) are checked with a SAST tool
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
Found 0/3 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:11
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:12
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:6
- Warn: no topLevel permission defined: .github/workflows/issues-inactive.yml:1
- Warn: no topLevel permission defined: .github/workflows/relative-ci.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/codeql.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/dependabot-automerge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues-inactive.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/issues-inactive.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/relative-ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/relative-ci/bundle-stats/relative-ci.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:147
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:199
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:245
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:251
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:252
- Info: 0 out of 25 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 11 third-party GitHubAction dependencies pinned
- Info: 0 out of 5 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
4.8
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More