Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
rollup-plugin-node-resolve
Advanced tools
The rollup-plugin-node-resolve package is a Rollup plugin that allows you to use the Node.js resolution algorithm to locate modules using the Node.js module resolution algorithm, which includes resolving modules from node_modules. This is particularly useful for bundling dependencies from npm.
Basic Usage
This basic setup demonstrates how to use the rollup-plugin-node-resolve to resolve modules from node_modules in a Rollup configuration.
const resolve = require('@rollup/plugin-node-resolve');
module.exports = {
input: 'src/index.js',
output: {
file: 'bundle.js',
format: 'cjs'
},
plugins: [resolve()]
};
Custom Extensions
This example shows how to configure the plugin to resolve additional file extensions such as .mjs, .json, and .node.
const resolve = require('@rollup/plugin-node-resolve');
module.exports = {
input: 'src/index.js',
output: {
file: 'bundle.js',
format: 'cjs'
},
plugins: [
resolve({
extensions: ['.mjs', '.js', '.json', '.node']
})
]
};
Using with CommonJS
This example demonstrates how to use rollup-plugin-node-resolve in conjunction with rollup-plugin-commonjs to bundle CommonJS modules.
const resolve = require('@rollup/plugin-node-resolve');
const commonjs = require('@rollup/plugin-commonjs');
module.exports = {
input: 'src/index.js',
output: {
file: 'bundle.js',
format: 'cjs'
},
plugins: [
resolve(),
commonjs()
]
};
The rollup-plugin-commonjs package allows Rollup to convert CommonJS modules to ES6, so they can be included in a Rollup bundle. It is often used together with rollup-plugin-node-resolve to handle npm packages that are written in CommonJS.
The rollup-plugin-alias package allows you to define and use custom module aliases in your Rollup configuration. This can be useful for simplifying import paths and managing dependencies more effectively.
The rollup-plugin-json package allows Rollup to import JSON files, converting them to ES6 modules. This is useful for including configuration files or other data in your bundle.
This plugin used to be called rollup-plugin-npm
Locate modules using the Node resolution algorithm, for using third party modules in node_modules
npm install --save-dev rollup-plugin-node-resolve
// rollup.config.js
import resolve from 'rollup-plugin-node-resolve';
export default {
input: 'main.js',
output: {
file: 'bundle.js',
format: 'iife',
name: 'MyModule'
},
plugins: [
resolve({
// the fields to scan in a package.json to determine the entry point
// if this list contains "browser", overrides specified in "pkg.browser"
// will be used
mainFields: ['module', 'main'], // Default: ['module', 'main']
// DEPRECATED: use "mainFields" instead
// use "module" field for ES6 module if possible
module: true, // Default: true
// DEPRECATED: use "mainFields" instead
// use "jsnext:main" if possible
// legacy field pointing to ES6 module in third-party libraries,
// deprecated in favor of "pkg.module":
// - see: https://github.com/rollup/rollup/wiki/pkg.module
jsnext: true, // Default: false
// DEPRECATED: use "mainFields" instead
// use "main" field or index.js, even if it's not an ES6 module
// (needs to be converted from CommonJS to ES6)
// – see https://github.com/rollup/rollup-plugin-commonjs
main: true, // Default: true
// some package.json files have a "browser" field which specifies
// alternative files to load for people bundling for the browser. If
// that's you, either use this option or add "browser" to the
// "mainfields" option, otherwise pkg.browser will be ignored
browser: true, // Default: false
// not all files you want to resolve are .js files
extensions: [ '.mjs', '.js', '.jsx', '.json' ], // Default: [ '.mjs', '.js', '.json', '.node' ]
// whether to prefer built-in modules (e.g. `fs`, `path`) or
// local ones with the same names
preferBuiltins: false, // Default: true
// Lock the module search in this path (like a chroot). Module defined
// outside this path will be marked as external
jail: '/my/jail/path', // Default: '/'
// Set to an array of strings and/or regexps to lock the module search
// to modules that match at least one entry. Modules not matching any
// entry will be marked as external
only: [ 'some_module', /^@some_scope\/.*$/ ], // Default: null
// If true, inspect resolved files to check that they are
// ES2015 modules
modulesOnly: true, // Default: false
// Force resolving for these modules to root's node_modules that helps
// to prevent bundling the same package multiple times if package is
// imported from dependencies.
dedupe: [ 'react', 'react-dom' ], // Default: []
// Any additional options that should be passed through
// to node-resolve
customResolveOptions: {
moduleDirectory: 'js_modules'
}
})
]
};
Since most packages in your node_modules folder are probably legacy CommonJS rather than JavaScript modules, you may need to use rollup-plugin-commonjs:
// rollup.config.js
import resolve from 'rollup-plugin-node-resolve';
import commonjs from 'rollup-plugin-commonjs';
export default {
input: 'main.js',
output: {
file: 'bundle.js',
format: 'iife'
},
name: 'MyModule',
plugins: [
resolve(),
commonjs()
]
};
fs
)This plugin won't resolve any builtins (e.g. fs
). If you need to resolve builtins you can install local modules and set preferBuiltins
to false
, or install a plugin like rollup-plugin-node-builtins which provides stubbed versions of these methods.
If you want to silence warnings about builtins, you can add the list of builtins to the externals
option; like so:
import resolve from 'rollup-plugin-node-resolve';
import builtins from 'builtin-modules'
export default ({
input: ...,
plugins: [resolve()],
externals: builtins,
output: ...
})
MIT
FAQs
Bundle third-party dependencies in node_modules
The npm package rollup-plugin-node-resolve receives a total of 119,239 weekly downloads. As such, rollup-plugin-node-resolve popularity was classified as popular.
We found that rollup-plugin-node-resolve demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.