
Research
Security News
Malicious npm Package Wipes Codebases with Remote Trigger
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
rollup-plugin-webpack-stats
Advanced tools
[](https://www.npmjs.com/package/rollup-plugin-webpack-stats) [](https://www.npmjs.com/package/rollup-plugin-webpack-stats)
Generate rollup stats JSON file with a bundle-stats webpack supported structure.
npm install --dev rollup-plugin-webpack-stats
or
yarn add --dev rollup-plugin-webpack-stats
or
pnpm add -D rollup-plugin-webpack-stats
// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default {
plugins: [
// add it as the last plugin
webpackStatsPlugin(),
],
};
// vite.config.js
import { defineConfig } from 'vite';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
plugins: [
// Output webpack-stats.json file
webpackStatsPlugin(),
],
}));
fileName
- the JSON filepath relative to the build folder or absolute(default: webpack-stats.json
)transform
- access and mutate the resulting stats after the conversion: (stats: WebpackStatsFilterd, sources: TransformSources, bundle: OutputBundle) => WebpackStatsFilterd
moduleOriginalSize
- extract module original size or rendered size (default: false
)write
- format and write the stats to disk(default: fs.write(filename, JSON.stringify(stats, null, 2))
)excludeAssets
- exclude matching assets: string | RegExp | ((filepath: string) => boolean) | Array<string | RegExp | ((filepath: string) => boolean)>
excludeModules
- exclude matching modules: string | RegExp | ((filepath: string) => boolean) | Array<string | RegExp | ((filepath: string) => boolean)>
// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
module.exports = {
plugins: [
// add it as the last plugin
webpackStatsPlugin({
filename: 'artifacts/stats.json',
}),
],
};
.map
files// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default {
plugins: [
// add it as the last plugin
webpackStatsPlugin({
excludeAssets: /\.map$/,
}),
],
};
// for the the modern and legacy outputs
import { defineConfig } from 'vite';
import legacy from '@vitejs/plugin-legacy';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
build: {
rollupOptions: {
output: {
plugins: [
// Output webpack-stats-modern.json file for the modern build
// Output webpack-stats-legacy.json file for the legacy build
// Stats are an output plugin, as plugin-legacy works by injecting
// an additional output, that duplicates the plugins configured here
webpackStatsPlugin((options) => {
const isLegacy = options.format === 'system';
return {
fileName: `webpack-stats${isLegacy ? '-legacy' : '-modern'}.json`,
};
}),
],
},
},
},
plugins: [
legacy({
/* Your legacy config here */
}),
],
}));
import { defineConfig } from 'vite';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
build: {
rollupOptions: {
output: {
plugins: [
webpackStatsPlugin({
transform: (stats) => {
// Find the target chunk entry
const mainChunkIndex = stats.chunks?.findIndex((chunk) => chunk.names?.includes("main"));
// When the tartget chunk is found, set the initial flag to true
if (typeof mainChunkIndex !== 'undefined' && stats?.chunks?.[mainChunkIndex]) {
stats.chunks[mainChunkIndex] = {
...stats.chunks[mainChunkIndex],
initial: true,
};
}
// return the modified stats object
return stats;
},
}),
],
},
},
},
}));
FAQs
[](https://www.npmjs.com/package/rollup-plugin-webpack-stats) [](https://www.npmjs.com/package/rollup-plugin-webpack-stats)
The npm package rollup-plugin-webpack-stats receives a total of 42,928 weekly downloads. As such, rollup-plugin-webpack-stats popularity was classified as popular.
We found that rollup-plugin-webpack-stats demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
Security News
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.