Gathering detailed insights and metrics for rollup
Gathering detailed insights and metrics for rollup
Gathering detailed insights and metrics for rollup
Gathering detailed insights and metrics for rollup
Next-generation ES module bundler
npm install rollup
Typescript
Module System
Min. Node Version
Node Version
NPM Version
65
Supply Chain
100
Quality
98.8
Maintenance
100
Vulnerability
99.6
License
Updated on 05 Dec 2024
JavaScript (76.6%)
TypeScript (19.57%)
Rust (3.74%)
HTML (0.09%)
Cumulative downloads
Total Downloads
Last day
5.2%
Compared to previous day
Last week
-10.6%
Compared to previous week
Last month
12.8%
Compared to previous month
Last year
63.6%
Compared to previous year
1
83
19
Rollup is a module bundler for JavaScript which compiles small pieces of code into something larger and more complex, such as a library or application. It uses the standardized ES module format for code, instead of previous idiosyncratic solutions such as CommonJS and AMD. ES modules let you freely and seamlessly combine the most useful individual functions from your favorite libraries. Rollup can optimize ES modules for faster native loading in modern browsers, or output a legacy module format allowing ES module workflows today.
Install with npm install --global rollup
. Rollup can be used either through a command line interface with an optional configuration file or else through its JavaScript API. Run rollup --help
to see the available options and parameters. The starter project templates, rollup-starter-lib and rollup-starter-app, demonstrate common configuration options, and more detailed instructions are available throughout the user guide.
These commands assume the entry point to your application is named main.js, and that you'd like all imports compiled into a single file named bundle.js.
For browsers:
1# compile to a <script> containing a self-executing function 2rollup main.js --format iife --name "myBundle" --file bundle.js
For Node.js:
1# compile to a CommonJS module 2rollup main.js --format cjs --file bundle.js
For both browsers and Node.js:
1# UMD format requires a bundle name 2rollup main.js --format umd --name "myBundle" --file bundle.js
Developing software is usually easier if you break your project into smaller separate pieces, since that often removes unexpected interactions and dramatically reduces the complexity of the problems you'll need to solve, and simply writing smaller projects in the first place isn't necessarily the answer. Unfortunately, JavaScript has not historically included this capability as a core feature in the language.
This finally changed with ES modules support in JavaScript, which provides a syntax for importing and exporting functions and data so they can be shared between separate scripts. Most browsers and Node.js support ES modules. However, Node.js releases before 12.17 support ES modules only behind the --experimental-modules
flag, and older browsers like Internet Explorer do not support ES modules at all. Rollup allows you to write your code using ES modules, and run your application even in environments that do not support ES modules natively. For environments that support them, Rollup can output optimized ES modules; for environments that don't, Rollup can compile your code to other formats such as CommonJS modules, AMD modules, and IIFE-style scripts. This means that you get to write future-proof code, and you also get the tremendous benefits of...
In addition to enabling the use of ES modules, Rollup also statically analyzes and optimizes the code you are importing, and will exclude anything that isn't actually used. This allows you to build on top of existing tools and modules without adding extra dependencies or bloating the size of your project.
For example, with CommonJS, the entire tool or library must be imported.
1// import the entire utils object with CommonJS 2var utils = require('node:utils'); 3var query = 'Rollup'; 4// use the ajax method of the utils object 5utils.ajax('https://api.example.com?search=' + query).then(handleResponse);
But with ES modules, instead of importing the whole utils
object, we can just import the one ajax
function we need:
1// import the ajax function with an ES import statement 2import { ajax } from 'node:utils'; 3 4var query = 'Rollup'; 5// call the ajax function 6ajax('https://api.example.com?search=' + query).then(handleResponse);
Because Rollup includes the bare minimum, it results in lighter, faster, and less complicated libraries and applications. Since this approach is based on explicit import
and export
statements, it is vastly more effective than simply running an automated minifier to detect unused variables in the compiled output code.
Rollup can import existing CommonJS modules through a plugin.
To make sure your ES modules are immediately usable by tools that work with CommonJS such as Node.js and webpack, you can use Rollup to compile to UMD or CommonJS format, and then point to that compiled version with the main
property in your package.json
file. If your package.json
file also has a module
field, ES-module-aware tools like Rollup and webpack will import the ES module version directly.
This project exists thanks to all the people who contribute. [Contribute]. . If you want to contribute yourself, head over to the contribution guidelines.
Thank you to all our backers! 🙏 [Become a backer]
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
TNG has been supporting the work of Lukas Taegert-Atkinson on Rollup since 2017.
Stable Version
3
6.4/10
Summary
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Affected Versions
< 2.79.2
Patched Versions
2.79.2
6.4/10
Summary
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Affected Versions
>= 3.0.0, < 3.29.5
Patched Versions
3.29.5
6.4/10
Summary
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Affected Versions
>= 4.0.0, < 4.22.4
Patched Versions
4.22.4
Reason
30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
branch protection is not maximal on development and all release branches
Details
Reason
Found 7/24 approved changesets -- score normalized to 2
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More