Installations
npm install mkdistDeveloper
unjs
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
367 Stars
308 Commits
25 Forks
7 Watching
5 Branches
30 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (91.86%)
JavaScript (5.89%)
Vue (1.96%)
SCSS (0.2%)
CSS (0.09%)
Total Downloads
Cumulative downloads
Total Downloads
6,655,087
Last day
-12.4%
19,566
Compared to previous day
Last week
6.3%
119,325
Compared to previous week
Last month
12%
490,150
Compared to previous month
Last year
119.6%
4,220,919
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
13
Peer Dependencies
3
mkdist
Lightweight file-to-file transformer
✅ Copies all assets
✅ Supports Vue Single File Components
✅ Fast and minimal transform by esbuild
✅ .d.ts generation for .ts, .js and .vue files
✅ Support postcss (autoprefixer, cssnano and postcss-nested enabled out of the box!)
❓ Why?
Bundling libraries isn't always the best choice:
- We lose original file structure
- We lose modern syntax by transpiling in bundle
- We lose critical-css by extracting css to a global dist (vue)
- Dependencies will be always imported from bundle even if not used (a second bundling step might fix this but it usually won't happen in development and for dependencies with side-effects)
While there are tools like tsc and @babel/cli, they mostly focus on transpiling rather than keeping source level quality. Also they lack support for handling custom extensions like .vue and copying assets.
🚀 Usage
1npx mkdist [rootDir] [--src=src] [--dist=dist] [--pattern=glob [--pattern=more-glob]] [--format=cjs|esm] [-d|--declaration] [--ext=mjs|js|ts]
License
No vulnerabilities found.
Reason
23 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/unjs/mkdist/autofix.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/unjs/mkdist/autofix.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/unjs/mkdist/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/unjs/mkdist/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/unjs/mkdist/ci.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 third-party GitHubAction dependencies pinned
Reason
Found 4/28 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix.yml:9
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Score
4.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More