Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@rollup/plugin-swc
Advanced tools
🍣 A Rollup plugin to transpile TypeScript/JavaScript with the speedy-web-compiler (swc).
The plugin makes it possible to avoid the usage of @rollup/plugin-babel
and @rollup/plugin-typescript
.
It is also blazingly fast 🔥 (between 20 - 70 times faster than Babel depending on how many cpu cores are used).
This plugin requires an LTS Node version (v14.0.0+) and Rollup v3.0+.
Using npm:
npm install @rollup/plugin-swc --save-dev
Create a rollup.config.js
configuration file and import the plugin:
import swc from '@rollup/plugin-swc';
export default {
input: 'src/index.js',
output: {
dir: 'output',
format: 'cjs'
},
plugins: [swc()]
};
Then call rollup
either via the CLI or the API.
The plugin accepts an object as input parameter to modify the default behaviour.
swc
undefined
import type { Options as SWCOptions } from '@swc/core';
declare type Options = {
swc?: SWCOptions;
};
exclude
String
| Array[...String]
null
A picomatch pattern, or array of patterns, which specifies the files in the build the plugin should ignore. By default no files are ignored.
include
String
| Array[...String]
null
A picomatch pattern, or array of patterns, which specifies the files in the build the plugin should operate on. By default all files are targeted.
Alternative transpiler/transformer, which are also officially offered, are Babel and Sucrase. Both Babel and Sucrase are written in JavaScript, whereas the core of SWC is written in Rust. In addition, Sucrase transforms code to ES6+, whereas babel and SWC also support ES3 upwards.
FAQs
Transpile JavaScript/TypeScript code with swc.
The npm package @rollup/plugin-swc receives a total of 67,543 weekly downloads. As such, @rollup/plugin-swc popularity was classified as popular.
We found that @rollup/plugin-swc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.