Gathering detailed insights and metrics for rollup-plugin-esbuild
Gathering detailed insights and metrics for rollup-plugin-esbuild
Use ESBuild with Rollup to transform ESNext and TypeScript code.
Installations
npm install rollup-plugin-esbuildReleases
61
Contributors
29
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4){kind=avatar}
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
egoist
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=14.18.0
Typescript Support
Yes
Node Version
20.10.0
NPM Version
10.2.3
Statistics
631 Stars
278 Commits
41 Forks
8 Watching
10 Branches
29 Contributors
Updated on 25 Nov 2024
Languages
TypeScript (95.89%)
JavaScript (3.78%)
Shell (0.33%)
Total Downloads
Cumulative downloads
Total Downloads
18,539,148
Last day
7.9%
43,903
Compared to previous day
Last week
2.4%
222,253
Compared to previous week
Last month
11.9%
936,033
Compared to previous month
Last year
45%
8,572,733
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Versions
💛 You can help the author become a full-time open-source maintainer by sponsoring him on GitHub.
rollup-plugin-esbuild
esbuild is by far one of the fastest TS/ESNext to ES6 compilers and minifier, this plugin replaces rollup-plugin-typescript2, @rollup/plugin-typescript and rollup-plugin-terser for you.
Install
1yarn add esbuild rollup-plugin-esbuild --dev
Usage
In rollup.config.js:
1import esbuild from 'rollup-plugin-esbuild' 2 3export default { 4 plugins: [ 5 esbuild({ 6 // All options are optional 7 include: /\.[jt]sx?$/, // default, inferred from `loaders` option 8 exclude: /node_modules/, // default 9 sourceMap: true, // default 10 minify: process.env.NODE_ENV === 'production', 11 target: 'es2017', // default, or 'es20XX', 'esnext' 12 jsx: 'transform', // default, or 'preserve' 13 jsxFactory: 'React.createElement', 14 jsxFragment: 'React.Fragment', 15 // Like @rollup/plugin-replace 16 define: { 17 __VERSION__: '"x.y.z"', 18 }, 19 tsconfig: 'tsconfig.json', // default 20 // Add extra loaders 21 loaders: { 22 // Add .json files support 23 // require @rollup/plugin-commonjs 24 '.json': 'json', 25 // Enable JSX in .js files too 26 '.js': 'jsx', 27 }, 28 }), 29 ], 30}
includeandexcludecan beString | RegExp | Array[...String|RegExp], when supplied it will override default values.- It uses
jsx,jsxDev,jsxFactory,jsxFragmentFactoryandtargetoptions from yourtsconfig.jsonas default values.
Declaration File
There are serveral ways to generate declaration file:
- Use
tscwithemitDeclarationOnly, the slowest way but you get type checking, it doesn't bundle the.d.tsfiles. - Use
rollup-plugin-dtswhich generates and bundle.d.ts, also does type checking. - Use
api-extractorby Microsoft, looks quite complex to me so I didn't try it, PR welcome to update this section.
Use with Vue JSX
Use this with rollup-plugin-vue-jsx:
1import vueJsx from 'rollup-plugin-vue-jsx-compat' 2import esbuild from 'rollup-plugin-esbuild' 3 4export default { 5 // ... 6 plugins: [ 7 vueJsx(), 8 esbuild({ 9 jsxFactory: 'vueJsxCompat', 10 }), 11 ], 12}
Standalone Minify Plugin
If you only want to use this plugin to minify your bundle:
1import { minify } from 'rollup-plugin-esbuild' 2 3export default { 4 plugins: [minify()], 5}
Optimizing Deps
You can use this plugin to pre-bundle dependencies using esbuild and inline them in the Rollup-generated bundle:
1esbuild({ 2 optimizeDeps: { 3 include: ['vue', 'vue-router'], 4 }, 5})
This eliminates the need of @rollup/plugin-node-modules and @rollup/plugin-commonjs.
Note that this is an experimental features, breaking changes might happen across minor version bump.
TODO: Maybe we can scan Rollup input files to get a list of deps to optimize automatically.
Sponsors
License
MIT © EGOIST (Kevin Titor)
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/nodejs.yml:10
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
Found 6/25 approved changesets -- score normalized to 2
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'dev'
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More