New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

rollup-plugin-node-keep-module

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

rollup-plugin-node-keep-module

nodejs应用使用rollup打包的时候,不是所有的代码都可以正常打包成一个bundle,比如有循环引用的代码。 因此可以把有问题的包单独定义出来,则build的时候不会把包代码打包进去,同时会在output.dir里面生成一个package.json, 来包含这些包。

latest
Source
npmnpm
Version
1.0.1
Version published
Weekly downloads
2
-33.33%
Maintainers
1
Weekly downloads
 
Created
Source

rollup-plugin-node-keep-module

nodejs应用使用rollup打包的时候,不是所有的代码都可以正常打包成一个bundle,比如有循环引用的代码。 因此可以把有问题的包单独定义出来,则build的时候不会把包代码打包进去,同时会在output.dir里面生成一个package.json, 来包含这些包。

使用docker进行部署的时候,可以只安装该package.json里面定义的包(一般比较少),可以极大减少镜像的大小。

使用方式

import resolve from '@rollup/plugin-node-resolve' import commonjs from '@rollup/plugin-commonjs' import json from '@rollup/plugin-json' import keep from 'rollup-plugin-node-keep-module' export default { input: ['src/server.js'], output: { dir: 'dist', format: 'cjs', exports: 'auto', }, plugins: [json(), resolve({ preferBuiltins: true, }), commonjs(), keep({ modules: ['winston', 'winston-daily-rotate-file'], })], }

FAQs

Package last updated on 19 Feb 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Node.js Drops Bug Bounty Rewards After Funding Dries Up

Security News

Node.js Drops Bug Bounty Rewards After Funding Dries Up

Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.

By Sarah Gooding  -  Apr 02, 2026