@codecov/rollup-plugin
Advanced tools
A Rollup plugin that provides bundle analysis support for Codecov.
[!NOTE] The plugin does not support code coverage, see our docs to set up coverage today!
Using npm:
npm install @codecov/rollup-plugin --save-dev
Using yarn:
yarn add @codecov/rollup-plugin --dev
Using pnpm:
pnpm add @codecov/rollup-plugin --save-dev
This configuration will automatically upload the bundle analysis to Codecov for public repositories. When an internal PR is created it will use the Codecov token set in your secrets, and if running from a forked PR, it will use the tokenless setting automatically. For setups not using GitHub Actions see the following example. For private repositories see the following example.
// rollup.config.js
import { defineConfig } from "rollup";
import { codecovRollupPlugin } from "@codecov/rollup-plugin";
export default defineConfig({
plugins: [
// Put the Codecov rollup plugin after all other plugins
codecovRollupPlugin({
enableBundleAnalysis: true,
bundleName: "example-rollup-bundle",
uploadToken: process.env.CODECOV_TOKEN,
gitService: "github",
}),
],
});
This setup is for public repositories that are not using GitHub Actions, this configuration will automatically upload the bundle analysis to Codecov. You will need to configure the it similar to the GitHub Actions example, however you will need to provide a branch override, and ensure that it will pass the correct branch name, and with forks including the fork-owner i.e. fork-owner:branch.
// rollup.config.js
import { defineConfig } from "rollup";
import { codecovRollupPlugin } from "@codecov/rollup-plugin";
export default defineConfig({
plugins: [
// Put the Codecov rollup plugin after all other plugins
codecovRollupPlugin({
enableBundleAnalysis: true,
bundleName: "example-rollup-bundle",
uploadToken: process.env.CODECOV_TOKEN,
gitService: "github",
uploadOverrides: {
branch: "<branch value>",
},
}),
],
});
This is the required way to use the plugin for private repositories. This configuration will automatically upload the bundle analysis to Codecov.
// rollup.config.js
import { defineConfig } from "rollup";
import { codecovRollupPlugin } from "@codecov/rollup-plugin";
export default defineConfig({
plugins: [
// Put the Codecov rollup plugin after all other plugins
codecovRollupPlugin({
enableBundleAnalysis: true,
bundleName: "example-rollup-bundle",
uploadToken: process.env.CODECOV_TOKEN,
}),
],
});
For users with OpenID Connect (OIDC) enabled, setting the uploadToken is not necessary. You can use OIDC with the oidc configuration as following.
// rollup.config.js
import { defineConfig } from "rollup";
import { codecovRollupPlugin } from "@codecov/rollup-plugin";
export default defineConfig({
plugins: [
// Put the Codecov rollup plugin after all other plugins
codecovRollupPlugin({
enableBundleAnalysis: true,
bundleName: "example-rollup-bundle",
oidc: {
useGitHubOIDC: true,
},
}),
],
});
FAQs
Official Codecov Rollup plugin
We found that @codecov/rollup-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.