Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@rollup/stream
Advanced tools
🍣 Stream Rollup build results
This package exists to provide a streaming interface for Rollup builds. This is useful in situations where a build system is working with vinyl files, such as gulp.js
.
This plugin requires an LTS Node version (v8.0.0+) and Rollup v1.20.0+.
Using npm:
npm install @rollup/stream --save-dev
Assume a src/index.js
file exists and contains code like the following:
export default 'jingle bells, batman smells';
We can bundle src/index.js
using streams such like:
import rollupStream from '@rollup/stream';
const { log } = console;
const options = {
input: 'src/index.js',
output: { format: 'cjs' },
};
const stream = rollupStream(options);
let bundle = '';
stream.on('data', (data) => (bundle += data));
stream.on('end', () => log(bundle));
The preceding code will concatenate each chunk (or asset) and output the entire bundle's content when Rollup has completed bundling and the stream has ended.
All Rollup options are valid to pass as options to @rollup/stream
.
Using Gulp requires piping. Suppose one wanted to take the bundle content and run it through a minifier, such as terser
:
import rollupStream from '@rollup/stream';
import gulp from 'gulp';
import terser from 'gulp-terser';
import source from 'vinyl-source-stream';
gulp.task('rollup', () => {
const options = { input: 'src/index.js' };
return rollupStream(options)
.pipe(source('bundle.js'))
.pipe(terser({ keep_fnames: true, mangle: false }))
.pipe(gulp.dest('dist'));
});
Rollup can produce source maps by specifying the sourcemap
output option. For example; to use the generated sourcemaps with Gulp and @rollup/stream
:
import rollupStream from '@rollup/stream';
import buffer from 'vinyl-buffer';
import gulp from 'gulp';
import sourcemaps from 'gulp-sourcemaps';
import source from 'vinyl-source-stream';
gulp.task('rollup', () => {
const options = { input: 'src/index.js', output: { sourcemap: true } };
return rollupStream(options)
.pipe(source('bundle.js'))
.pipe(buffer())
.pipe(sourcemaps.init({ loadMaps: true }))
.pipe(sourcemaps.write('dist'))
.pipe(gulp.dest('dist'));
});
The ability to cache a build is already built into Rollup, so users of @rollup/stream
get that for free. Caching can be useful to reduce or optimize build times, and is often used when watching files that are part of a build. For example; to utilize caching with Gulp and @rollup/stream
:
import rollupStream from '@rollup/stream';
import buffer from 'vinyl-buffer';
import gulp from 'gulp';
import source from 'vinyl-source-stream';
// declare the cache variable outside of task scopes
let cache;
gulp.task('rollup', () => {
return rollupStream({
input: 'src/index.js',
// define the cache in Rollup options
cache,
})
.on('bundle', (bundle) => {
// update the cache after every new bundle is created
cache = bundle;
})
.pipe(source('bundle.js'))
.pipe(buffer())
.pipe(gulp.dest('dist'));
});
gulp.task('watch', (done) => {
gulp.watch('./src/**/*.js', gulp.series('rollup'));
// or, with Gulp v3
// gulp.watch('./src/**/*.js', ['rollup']);
done();
});
(Example based on the rollup-stream README)
FAQs
Stream Rollup build results
We found that @rollup/stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.