npmpackage.info

rollup

Next-generation ES module bundler

4.27.3

25,382

NOASSERTION

JavaScript

107.41 kB

2,541,545,674

6.1

Installations

npm install rollup

Score

Supply Chain

100

Quality

98.8

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

25

Total

2,336

Closed

291

Merged

2,020

Issues

Open

554

Total

3,336

Closed

2,782

Releases

500

v4.27.3

Published on 18 Nov 2024

v4.27.2

Published on 15 Nov 2024

v4.27.1

Published on 15 Nov 2024

v4.27.0

Published on 15 Nov 2024

v4.26.0

Published on 13 Nov 2024

v4.25.0

Published on 09 Nov 2024

View all 500 releases

Contributors

413

View all 413 contributors

Developer

rollup

Module System

BETA

CommonJS, ESM

Statistics

25,382 Stars

5,773 Commits

1,528 Forks

258 Watching

32 Branches

413 Contributors

Updated on 20 Nov 2024

Bundle Size

388.76 kB

Minified

107.41 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (76.61%)

TypeScript (19.56%)

Rust (3.74%)

HTML (0.09%)

Total Downloads

Cumulative downloads

Total Downloads

2,541,545,674

Last day

5.5%

5,440,512

Compared to previous day

Last week

5.4%

27,943,793

Compared to previous week

Last month

13.5%

114,125,903

Compared to previous month

Last year

63.9%

1,087,989,989

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Rollup

Overview

Rollup is a module bundler for JavaScript which compiles small pieces of code into something larger and more complex, such as a library or application. It uses the standardized ES module format for code, instead of previous idiosyncratic solutions such as CommonJS and AMD. ES modules let you freely and seamlessly combine the most useful individual functions from your favorite libraries. Rollup can optimize ES modules for faster native loading in modern browsers, or output a legacy module format allowing ES module workflows today.

Quick Start Guide

Install with npm install --global rollup. Rollup can be used either through a command line interface with an optional configuration file or else through its JavaScript API. Run rollup --help to see the available options and parameters. The starter project templates, rollup-starter-lib and rollup-starter-app, demonstrate common configuration options, and more detailed instructions are available throughout the user guide.

Commands

These commands assume the entry point to your application is named main.js, and that you'd like all imports compiled into a single file named bundle.js.

For browsers:

1# compile to a <script> containing a self-executing function
2rollup main.js --format iife --name "myBundle" --file bundle.js

For Node.js:

1# compile to a CommonJS module
2rollup main.js --format cjs --file bundle.js

For both browsers and Node.js:

1# UMD format requires a bundle name
2rollup main.js --format umd --name "myBundle" --file bundle.js

Why

Developing software is usually easier if you break your project into smaller separate pieces, since that often removes unexpected interactions and dramatically reduces the complexity of the problems you'll need to solve, and simply writing smaller projects in the first place isn't necessarily the answer. Unfortunately, JavaScript has not historically included this capability as a core feature in the language.

This finally changed with ES modules support in JavaScript, which provides a syntax for importing and exporting functions and data so they can be shared between separate scripts. Most browsers and Node.js support ES modules. However, Node.js releases before 12.17 support ES modules only behind the --experimental-modules flag, and older browsers like Internet Explorer do not support ES modules at all. Rollup allows you to write your code using ES modules, and run your application even in environments that do not support ES modules natively. For environments that support them, Rollup can output optimized ES modules; for environments that don't, Rollup can compile your code to other formats such as CommonJS modules, AMD modules, and IIFE-style scripts. This means that you get to write future-proof code, and you also get the tremendous benefits of...

Tree Shaking

In addition to enabling the use of ES modules, Rollup also statically analyzes and optimizes the code you are importing, and will exclude anything that isn't actually used. This allows you to build on top of existing tools and modules without adding extra dependencies or bloating the size of your project.

For example, with CommonJS, the entire tool or library must be imported.

1// import the entire utils object with CommonJS
2var utils = require('node:utils');
3var query = 'Rollup';
4// use the ajax method of the utils object
5utils.ajax('https://api.example.com?search=' + query).then(handleResponse);

But with ES modules, instead of importing the whole utils object, we can just import the one ajax function we need:

1// import the ajax function with an ES import statement
2import { ajax } from 'node:utils';
3
4var query = 'Rollup';
5// call the ajax function
6ajax('https://api.example.com?search=' + query).then(handleResponse);

Because Rollup includes the bare minimum, it results in lighter, faster, and less complicated libraries and applications. Since this approach is based on explicit import and export statements, it is vastly more effective than simply running an automated minifier to detect unused variables in the compiled output code.

Compatibility

Importing CommonJS

Rollup can import existing CommonJS modules through a plugin.

Publishing ES Modules

To make sure your ES modules are immediately usable by tools that work with CommonJS such as Node.js and webpack, you can use Rollup to compile to UMD or CommonJS format, and then point to that compiled version with the main property in your package.json file. If your package.json file also has a module field, ES-module-aware tools like Rollup and webpack will import the ES module version directly.

Contributors

This project exists thanks to all the people who contribute. [Contribute]. . If you want to contribute yourself, head over to the contribution guidelines.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Special Sponsor

TNG has been supporting the work of Lukas Taegert-Atkinson on Rollup since 2017.

License

MIT

Stable Version

The latest stable version of the package.

Stable Version

4.27.3

HIGH

6.4/10

Summary

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Affected Versions

< 2.79.2

Patched Versions

2.79.2

HIGH

6.4/10

Summary

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Affected Versions

>= 3.0.0, < 3.29.5

Patched Versions

3.29.5

HIGH

6.4/10

Summary

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Affected Versions

>= 4.0.0, < 4.22.4

Patched Versions

4.22.4

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

License

Determines if the project has defined a license.

8

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

3

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:491: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:502: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:510: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:240: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:441: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:455: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-tests.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/build-and-tests.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clean-cache.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/clean-cache.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/performance-report.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/performance-report.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/performance-report.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/performance-report.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/performance-report.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/performance-report.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repl-artefacts.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/rollup/rollup/repl-artefacts.yml/master?enable=pin
Info: 0 out of 38 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 18 third-party GitHubAction dependencies pinned
Info: 8 out of 8 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

SAST

Determines if the project uses static code analysis.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.1

/10

Last Scanned on 2024-11-11

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to rollup

@rollup/pluginutils

5.1.3

A set of utility functions commonly used by Rollup plugins

@rollup/plugin-commonjs

28.0.1

Convert CommonJS modules to ES2015

@rollup/plugin-node-resolve

15.3.0

Locate and bundle third-party dependencies in node_modules

@rollup/rollup-linux-x64-gnu

4.27.3

Native bindings for Rollup

rollup

Installations

Score

Pull Requests

25

2,336

291

2,020

Issues

554

3,336

2,782

Releases

Contributors

Developer

Module System

CommonJS, ESM

Statistics

Bundle Size

388.76 kB

107.41 kB

Languages

Total Downloads

2,541,545,674

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Optional Dependencies

Rollup

Overview

Quick Start Guide

Commands

Why

Tree Shaking

Compatibility

Importing CommonJS

Publishing ES Modules

Contributors

Backers

Sponsors

Special Sponsor

License

Stable Version

4.27.3

HIGH

10

10

10

10

10

9

8

3

2

0

0

0

0

6.1

/10

Other packages similar to rollup