Gathering detailed insights and metrics for rollup-plugin-esbuild
Gathering detailed insights and metrics for rollup-plugin-esbuild
Use ESBuild with Rollup to transform ESNext and TypeScript code.
Installations
npm install rollup-plugin-esbuildDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>=14.18.0
Node Version
22.14.0
NPM Version
10.9.2
Score
67.7
Supply Chain
89.9
Quality
77.8
Maintenance
100
Vulnerability
98.6
License
Releases
63
Languages
3
TypeScript
JavaScript
Shell
TypeScript (95.87%)
JavaScript (3.79%)
Shell (0.33%)
Developer
egoist
Download Statistics
Total Downloads
27,287,450
Last Day
20,427
Last Week
362,472
Last Month
1,620,984
Last Year
13,480,359
GitHub Statistics
MIT License
638 Stars
285 Commits
40 Forks
8 Watchers
9 Branches
29 Contributors
Updated on Jul 04, 2025
Maintainers
1
Package Meta Information
Latest Version
6.2.1
Package Id
rollup-plugin-esbuild@6.2.1
Unpacked Size
26.19 kB
Size
6.58 kB
File Count
7
NPM Version
10.9.2
Node Version
22.14.0
Published on
Feb 27, 2025
Total Downloads
Cumulative downloads
Total Downloads
27,287,450
Last Day
-27.4%
20,427
Compared to previous day
Last Week
-11.3%
362,472
Compared to previous week
Last Month
-5.3%
1,620,984
Compared to previous month
Last Year
92.6%
13,480,359
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
💛 You can help the author become a full-time open-source maintainer by sponsoring him on GitHub.
rollup-plugin-esbuild
esbuild is by far one of the fastest TS/ESNext to ES6 compilers and minifier, this plugin replaces rollup-plugin-typescript2, @rollup/plugin-typescript and rollup-plugin-terser for you.
Install
1yarn add esbuild rollup-plugin-esbuild --dev
Usage
In rollup.config.js:
1import esbuild from 'rollup-plugin-esbuild' 2 3export default { 4 plugins: [ 5 esbuild({ 6 // All options are optional 7 include: /\.[jt]sx?$/, // default, inferred from `loaders` option 8 exclude: /node_modules/, // default 9 sourceMap: true, // default 10 minify: process.env.NODE_ENV === 'production', 11 target: 'es2017', // default, or 'es20XX', 'esnext' 12 jsx: 'transform', // default, or 'preserve' 13 jsxFactory: 'React.createElement', 14 jsxFragment: 'React.Fragment', 15 // Like @rollup/plugin-replace 16 define: { 17 __VERSION__: '"x.y.z"', 18 }, 19 tsconfig: 'tsconfig.json', // default 20 // Add extra loaders 21 loaders: { 22 // Add .json files support 23 // require @rollup/plugin-commonjs 24 '.json': 'json', 25 // Enable JSX in .js files too 26 '.js': 'jsx', 27 }, 28 }), 29 ], 30}
includeandexcludecan beString | RegExp | Array[...String|RegExp], when supplied it will override default values.- It uses
jsx,jsxDev,jsxFactory,jsxFragmentFactoryandtargetoptions from yourtsconfig.jsonas default values.
Declaration File
There are serveral ways to generate declaration file:
- Use
tscwithemitDeclarationOnly, the slowest way but you get type checking, it doesn't bundle the.d.tsfiles. - Use
rollup-plugin-dtswhich generates and bundle.d.ts, also does type checking. - Use
api-extractorby Microsoft, looks quite complex to me so I didn't try it, PR welcome to update this section.
Use with Vue JSX
Use this with rollup-plugin-vue-jsx:
1import vueJsx from 'rollup-plugin-vue-jsx-compat' 2import esbuild from 'rollup-plugin-esbuild' 3 4export default { 5 // ... 6 plugins: [ 7 vueJsx(), 8 esbuild({ 9 jsxFactory: 'vueJsxCompat', 10 }), 11 ], 12}
Standalone Minify Plugin
If you only want to use this plugin to minify your bundle:
1import { minify } from 'rollup-plugin-esbuild' 2 3export default { 4 plugins: [minify()], 5}
Optimizing Deps
You can use this plugin to pre-bundle dependencies using esbuild and inline them in the Rollup-generated bundle:
1esbuild({ 2 optimizeDeps: { 3 include: ['vue', 'vue-router'], 4 }, 5})
This eliminates the need of @rollup/plugin-node-modules and @rollup/plugin-commonjs.
Note that this is an experimental features, breaking changes might happen across minor version bump.
TODO: Maybe we can scan Rollup input files to get a list of deps to optimize automatically.
Sponsors
License
MIT © EGOIST (Kevin Titor)
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/nodejs.yml:10
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/egoist/rollup-plugin-esbuild/nodejs.yml/dev?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
Found 2/24 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'dev'
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More