
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
broccoli-rollup
Advanced tools
broccoli-rollup
A broccoli plugin that uses rollup.js on its input.
// Brocfile.js
import rollup from 'broccoli-rollup';
export default () =>
rollup('lib', {
// nodeModulesPath: string Defaults to process.cwd()
rollup: {
input: 'index.js',
output: {
file: 'bundle.js',
format: 'es',
},
},
});
// Brocfile.js
import rollup from 'broccoli-rollup';
export default () =>
rollup('lib', {
// nodeModulesPath: string Defaults to process.cwd()
rollup: {
input: 'index.js',
output: {
dir: 'chunks',
format: 'es',
},
},
});
// Brocfile.js
import rollup from 'broccoli-rollup';
export default () =>
rollup('lib', {
// nodeModulesPath: string Defaults to process.cwd()
rollup: {
input: 'index.js',
output: [
{
file: 'my-lib.amd.js',
format: 'amd',
},
{
file: 'my-lib.iife.js',
name: 'MyLib',
format: 'iife',
},
],
},
});
Broccoli is designed around immutable input and although rollup does expose enough
in the build output for us to write it to disk, this doesn't work with the onwrite
plugin hook
and requires a significant amount of code to get feature parity with rollup's
buildOutput.write(outputOptions)
.
We use the following build flow to achieve compatibility and feature parity with rollup's cli while still adhering to broccoli's immutable input constraints.
node.inputPaths[0]
to ${node.cachePath}/build
options.nodeModulesPath
to ${node.cachePath}/node_modules
${node.cachePath}/build
(rollup doesn't allow this to be passed in and plugins may also the use cwd)${node.cachePath}/build
to node.outputPath
for all files that are different from the input.If you have any plugins that require hard-coded paths into node_modules
,
please note that node_modules
is symlinked above the build path.
So instead of doing node_modules/x
you need to do ../node_modules/x
.
5.0.0
rollup
to 2.x. See https://github.com/rollup/rollup/blob/master/CHANGELOG.md#200FAQs
A broccoli plugin that uses rollup.js on its input
The npm package broccoli-rollup receives a total of 95,209 weekly downloads. As such, broccoli-rollup popularity was classified as popular.
We found that broccoli-rollup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.