Security News
OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
rollup-plugin-node-resolve
Advanced tools
Weekly downloads
Readme
This plugin used to be called rollup-plugin-npm
Locate modules using the Node resolution algorithm, for using third party modules in node_modules
npm install --save-dev rollup-plugin-node-resolve
// rollup.config.js
import resolve from 'rollup-plugin-node-resolve';
export default {
input: 'main.js',
output: {
file: 'bundle.js',
format: 'iife',
name: 'MyModule'
},
plugins: [
resolve({
// the fields to scan in a package.json to determine the entry point
// if this list contains "browser", overrides specified in "pkg.browser"
// will be used
mainFields: ['module', 'main'], // Default: ['module', 'main']
// DEPRECATED: use "mainFields" instead
// use "module" field for ES6 module if possible
module: true, // Default: true
// DEPRECATED: use "mainFields" instead
// use "jsnext:main" if possible
// legacy field pointing to ES6 module in third-party libraries,
// deprecated in favor of "pkg.module":
// - see: https://github.com/rollup/rollup/wiki/pkg.module
jsnext: true, // Default: false
// DEPRECATED: use "mainFields" instead
// use "main" field or index.js, even if it's not an ES6 module
// (needs to be converted from CommonJS to ES6)
// – see https://github.com/rollup/rollup-plugin-commonjs
main: true, // Default: true
// some package.json files have a "browser" field which specifies
// alternative files to load for people bundling for the browser. If
// that's you, either use this option or add "browser" to the
// "mainfields" option, otherwise pkg.browser will be ignored
browser: true, // Default: false
// not all files you want to resolve are .js files
extensions: [ '.mjs', '.js', '.jsx', '.json' ], // Default: [ '.mjs', '.js', '.json', '.node' ]
// whether to prefer built-in modules (e.g. `fs`, `path`) or
// local ones with the same names
preferBuiltins: false, // Default: true
// Lock the module search in this path (like a chroot). Module defined
// outside this path will be marked as external
jail: '/my/jail/path', // Default: '/'
// Set to an array of strings and/or regexps to lock the module search
// to modules that match at least one entry. Modules not matching any
// entry will be marked as external
only: [ 'some_module', /^@some_scope\/.*$/ ], // Default: null
// If true, inspect resolved files to check that they are
// ES2015 modules
modulesOnly: true, // Default: false
// Force resolving for these modules to root's node_modules that helps
// to prevent bundling the same package multiple times if package is
// imported from dependencies.
dedupe: [ 'react', 'react-dom' ], // Default: []
// Any additional options that should be passed through
// to node-resolve
customResolveOptions: {
moduleDirectory: 'js_modules'
}
})
]
};
Since most packages in your node_modules folder are probably legacy CommonJS rather than JavaScript modules, you may need to use rollup-plugin-commonjs:
// rollup.config.js
import resolve from 'rollup-plugin-node-resolve';
import commonjs from 'rollup-plugin-commonjs';
export default {
input: 'main.js',
output: {
file: 'bundle.js',
format: 'iife'
},
name: 'MyModule',
plugins: [
resolve(),
commonjs()
]
};
fs
)This plugin won't resolve any builtins (e.g. fs
). If you need to resolve builtins you can install local modules and set preferBuiltins
to false
, or install a plugin like rollup-plugin-node-builtins which provides stubbed versions of these methods.
If you want to silence warnings about builtins, you can add the list of builtins to the externals
option; like so:
import resolve from 'rollup-plugin-node-resolve';
import builtins from 'builtin-modules'
export default ({
input: ...,
plugins: [resolve()],
externals: builtins,
output: ...
})
MIT
FAQs
Bundle third-party dependencies in node_modules
The npm package rollup-plugin-node-resolve receives a total of 246,349 weekly downloads. As such, rollup-plugin-node-resolve popularity was classified as popular.
We found that rollup-plugin-node-resolve demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
Company News
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
Security News
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.