Gathering detailed insights and metrics for vite-plugin-imagemin
Gathering detailed insights and metrics for vite-plugin-imagemin
A vite plugin for compressing image assets.
Installations
npm install vite-plugin-imageminDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
16.13.2
NPM Version
8.1.2
Score
61.3
Supply Chain
48
Quality
68.2
Maintenance
50
Vulnerability
95.6
License
Releases
7
Languages
4
TypeScript
Vue
Shell
HTML
TypeScript (88.22%)
Vue (5.7%)
Shell (3.66%)
HTML (2.41%)
Developer
anncwb
Download Statistics
Total Downloads
2,539,146
Last Day
613
Last Week
13,577
Last Month
57,532
Last Year
740,856
GitHub Statistics
MIT License
247 Stars
44 Commits
31 Forks
3 Watchers
1 Branches
5 Contributors
Updated on Jul 01, 2025
Bundle Size
1.21 MB
Minified
317.30 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.6.1
Package Id
vite-plugin-imagemin@0.6.1
Unpacked Size
19.97 kB
Size
4.41 kB
File Count
5
NPM Version
8.1.2
Node Version
16.13.2
Total Downloads
Cumulative downloads
Total Downloads
2,539,146
Last Day
-0.2%
613
Compared to previous day
Last Week
-1.1%
13,577
Compared to previous week
Last Month
-7%
57,532
Compared to previous month
Last Year
-9.6%
740,856
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
23
@types/imagemin@types/imagemin-gifsicle@types/imagemin-jpegtran@types/imagemin-mozjpeg@types/imagemin-optipng@types/imagemin-svgo@types/imagemin-webp@types/svgochalkdebugesbuildfs-extragifsicleimageminimagemin-gifsicleimagemin-jpegtranimagemin-mozjpegimagemin-optipngimagemin-pngquantimagemin-svgoimagemin-webpjpegtran-binpathe
Peer Dependencies
1
Dev Dependencies
5
vite-plugin-imagemin
English | 中文
A vite plugin for compressing image assets
Install (yarn or npm)
node version: >=12.0.0
vite version: >=2.0.0
yarn add vite-plugin-imagemin -D
or
npm i vite-plugin-imagemin -D
China installation note
Because imagemin is not easy to install in China. Several solutions are now available
- Use yarn to configure in package.json (recommended)
1"resolutions": { 2 "bin-wrapper": "npm:bin-wrapper-china" 3 }, 4
- Use npm, add the following configuration to the computer host file
1 2199.232.4.133 raw.githubusercontent.com
- Install with cnpm (not recommended)
Usage
- Configuration plugin in vite.config.ts
1import viteImagemin from 'vite-plugin-imagemin' 2 3export default () => { 4 return { 5 plugins: [ 6 viteImagemin({ 7 gifsicle: { 8 optimizationLevel: 7, 9 interlaced: false, 10 }, 11 optipng: { 12 optimizationLevel: 7, 13 }, 14 mozjpeg: { 15 quality: 20, 16 }, 17 pngquant: { 18 quality: [0.8, 0.9], 19 speed: 4, 20 }, 21 svgo: { 22 plugins: [ 23 { 24 name: 'removeViewBox', 25 }, 26 { 27 name: 'removeEmptyAttrs', 28 active: false, 29 }, 30 ], 31 }, 32 }), 33 ], 34 } 35}
Options
| params | type | default | default |
|---|---|---|---|
| verbose | boolean | true | Whether to output the compressed result in the console |
| filter | RegExp or (file: string) => boolean | - | Specify which resources are not compressed |
| disable | boolean | false | Whether to disable |
| svgo | object or false | - | See Options |
| gifsicle | object or false | - | See Options |
| mozjpeg | object or false | - | See Options |
| optipng | object or false | - | See Options |
| pngquant | object or false | - | See Options |
| webp | object or false | - | See Options |
Example
Run Example
1 2npm run dev:play 3npm run dev:build 4
Sample project
License
MIT
Inspiration
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/24 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-imagemin/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-imagemin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-imagemin/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-imagemin/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vbenjs/vite-plugin-imagemin/release.yml/main?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
- Warn: Project is vulnerable to: GHSA-mv48-hcvh-8jj8
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More