Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@favware/rollup-type-bundler
Advanced tools
A small CLI tool to bundle types with rollup
When you create a library in TypeScript, you will often be able to just publish it with your current toolset; however, once your library grows and grows, you might want to make it possible for people of your library to use TypeScript Module Augmentation to merge additional types into the types that you provide.
Unfortunately, this introduces a big issue in TypeScript. Even when re-exporting
all your interfaces/types/classes in a root index.d.ts
that you are
referencing in "types"
in your package.json
, TypeScript still won't properly
apply folder-nested module augmentation (i.e. a type that's in
your-package/dist/lib/structures/SomeClass.d.ts
) when augmenting like this:
declare module 'your-package' {}
Without this package, your users would have to augment the type like this:
declare module 'your-package/dist/lib/structures/SomeClass' {}
As you might guess, this is extremely bad developer experience because you cannot apply all module augmentations in 1 block. That's where this rollup module comes in - now, you can bundle types in a developer-friendly way and make life easier for everyone involved.
The library uses rollup with rollup-plugin-dts under the hood. It will execute a few steps:
--dist
flag or dist
in
config).
--no-clean
--build-script
(or buildScript
in config) to build your code
with your compiler. This defaults to build
.
--no-build
index.d.ts
(extension can
be customized through --output-typings-file-extension
) file, output to the
configured dist
directory..d.ts
and .d.ts.map
files from your configured
dist
directory as they are now superfluous. (This can be skipped by
providing --no-clean
, or alternatively files can be excluded from the clean
step by providing --exclude-from-clean
).Note: You can combine
--no-clean
and--no-build
by using--only-bundle
.
You can use the following command to install this package, or replace
npm install -D
with your package manager of choice.
npm install -D @favware/rollup-type-bundler
Or install it globally:
npm install -g @favware/rollup-type-bundler
Then call the script with rollup-type-bundler
or rtb
:
rollup-type-bundler --dist ./dist # Add any other flags or use --help
rtb --dist ./dist # Add any other flags or use --help
Alternatively you can call the CLI directly with npx
:
npx @favware/rollup-type-bundler --dist ./dist # Add any other flags or use --help
You can provide all options through CLI flags:
Usage: rollup-type-bundler [options]
Options:
-V, --version output the version number
-d, --dist <dist> The dist directory to target
-b, --build-script [buildScript] The build script to call after cleaning your dist directory
-nb, --no-build [noBuild] When enabled (default: false) the build step will not be called. Useful if you want to only bundle types and
handle building yourself.
-nc, --no-clean [noClean] When enabled (default: false) the clean step will not be called. Useful if you want to only bundle types and
handle cleaning yourself.
-ob, --only-bundle [onlyBundle] A shortcut to enabling both `--no-build` and `--no-clean`. This essentially makes it so rollup-type-bundler
only deals with bundling types and nothing else.
-t, --typings-file-extension [typingsFileExtension] The input file extension for your typings files. Useful if you want to set `.cts` or `.mts`. If you forego
adding a prefixing dot (`.`), it will be added for you.
-ot, --output-typings-file-extension [outputTypingsFileExtension] The output file extension for your typings files. Useful if you want to set `.cts` or `.mts`. If you forego
adding a prefixing dot (`.`), it will be added for you. Defaults to the value of "typingsFileExtension"
-v, --verbose Print verbose information
-e, --external [external...] Repeatable, each will be treated as a new entry. Library or libraries to treat as external in Rollup (see:
https://rollupjs.org/guide/en/#warning-treating-module-as-external-dependency)
-ec, --exclude-from-clean [excludeFromClean...] Repeatable, each will be treated as a new entry.
Files to be excluded from the clean step, useful if you want to process those files manually yourself later.
This is in particular useful if you have multiple entrypoints.
Note that a String#endsWith check is used to check if an entry in this array matches a path of a file to
delete. So you can either use the full relative path, or just the file name.
-h, --help display help for command
Or, you can set most of these options through a configuration file. This file
should be located at your current working directory (where you're calling this
package). It should be named .rollup-type-bundlerrc
, optionally suffixed with
.json
, .yaml
, or .yml
.
--dist
maps to dist
--build-script
maps to buildScript
--no-build
maps to noBuild
--no-clean
maps to noClean
--only-bundle
maps to onlyBundle
--typings-file-extension
maps to typingsFileExtension
--output-typings-file-extension
maps to outputTypingsFileExtension
--verbose
maps to verbose
--external
maps to external
--exclude-from-clean
maps to excludeFromClean
When using .rollup-type-bundlerrc
or .rollup-type-bundlerrc.json
as your
config file you can also use the JSON schema to get schema validation. To do so,
add the following to your config file:
{
"$schema": "https://raw.githubusercontent.com/favware/rollup-type-bundler/main/assets/rollup-type-bundler.schema.json"
}
Example JSON file:
{
"$schema": "https://raw.githubusercontent.com/favware/rollup-type-bundler/main/assets/rollup-type-bundler.schema.json",
"dist": "./dist",
"buildScript": "build",
"verbose": true,
"external": ["stream", "url"]
}
Example YAML file:
dist: './dist'
buildScript: build
verbose: true
external:
- stream
- url
This library has opinionated defaults for its options. These are as follows:
--dist
will default to ./dist
, using the current working directory as the
reference point for the relative path.--build-script
will default to build
.--no-build
will default to false
.--no-clean
will default to false
.--only-bundle
will default to false
.--typings-file-extension
will default to .ts
.--output-typings-file-extension
will default to the value of --typings-file-extension
.--verbose
will default to false
.--external
will default to []
.--exclude-from-clean
will default to []
.Favware projects are and always will be open source, even if we don't get donations. That being said, we know there are amazing people who may still want to donate just to show their appreciation. Thank you very much in advance!
We accept donations through Ko-fi, Paypal, Patreon, GitHub Sponsorships, and various cryptocurrencies. You can use the buttons below to donate through your method of choice.
Donate With | Address |
---|---|
Ko-fi | Click Here |
Patreon | Click Here |
PayPal | Click Here |
GitHub Sponsors | Click Here |
Bitcoin | 1E643TNif2MTh75rugepmXuq35Tck4TnE5 |
Ethereum | 0xF653F666903cd8739030D2721bF01095896F5D6E |
LiteCoin | LZHvBkaJqKJRa8N7Dyu41Jd1PDBAofCik6 |
Please make sure to read the Contributing Guide before making a pull request.
Thank you to all the people who already contributed to Sapphire!
FAQs
A small CLI tool to bundle types with rollup
The npm package @favware/rollup-type-bundler receives a total of 658 weekly downloads. As such, @favware/rollup-type-bundler popularity was classified as not popular.
We found that @favware/rollup-type-bundler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.