Research
Security News
Malicious npm Package Wipes Codebases with Remote Trigger
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
By Kush Pandya - May 30, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
rollup-plugin-webpack-stats
Advanced tools
rollup-plugin-webpack-stats
[](https://www.npmjs.com/package/rollup-plugin-webpack-stats) [](https://www.npmjs.com/package/rollup-plugin-webpack-stats)
rollup-plugin-webpack-stats
Generate rollup stats JSON file with a bundle-stats webpack supported structure.
Install
npm install --dev rollup-plugin-webpack-stats
or
yarn add --dev rollup-plugin-webpack-stats
or
pnpm add -D rollup-plugin-webpack-stats
Configure
// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default {
plugins: [
// add it as the last plugin
webpackStatsPlugin(),
],
};
// vite.config.js
import { defineConfig } from 'vite';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
plugins: [
// Output webpack-stats.json file
webpackStatsPlugin(),
],
}));
Options
fileName- the JSON filepath relative to the build folder or absolute(default:webpack-stats.json)transform- access and mutate the resulting stats after the conversion:(stats: WebpackStatsFilterd, sources: TransformSources, bundle: OutputBundle) => WebpackStatsFilterdmoduleOriginalSize- extract module original size or rendered size (default:false)write- format and write the stats to disk(default:fs.write(filename, JSON.stringify(stats, null, 2)))- rollup stats options (rollup-plugin-stats)
excludeAssets- exclude matching assets:string | RegExp | ((filepath: string) => boolean) | Array<string | RegExp | ((filepath: string) => boolean)>excludeModules- exclude matching modules:string | RegExp | ((filepath: string) => boolean) | Array<string | RegExp | ((filepath: string) => boolean)>
Examples
Output to a custom filename
// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
module.exports = {
plugins: [
// add it as the last plugin
webpackStatsPlugin({
filename: 'artifacts/stats.json',
}),
],
};
Exclude .map files
// rollup.config.js
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default {
plugins: [
// add it as the last plugin
webpackStatsPlugin({
excludeAssets: /\.map$/,
}),
],
};
Vite.js - multiple stats files when using plugin-legacy
// for the the modern and legacy outputs
import { defineConfig } from 'vite';
import legacy from '@vitejs/plugin-legacy';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
build: {
rollupOptions: {
output: {
plugins: [
// Output webpack-stats-modern.json file for the modern build
// Output webpack-stats-legacy.json file for the legacy build
// Stats are an output plugin, as plugin-legacy works by injecting
// an additional output, that duplicates the plugins configured here
webpackStatsPlugin((options) => {
const isLegacy = options.format === 'system';
return {
fileName: `webpack-stats${isLegacy ? '-legacy' : '-modern'}.json`,
};
}),
],
},
},
},
plugins: [
legacy({
/* Your legacy config here */
}),
],
}));
Vite.js - update initial flag for chunks where the inital flag is incorrectly set to false
import { defineConfig } from 'vite';
import webpackStatsPlugin from 'rollup-plugin-webpack-stats';
export default defineConfig((env) => ({
build: {
rollupOptions: {
output: {
plugins: [
webpackStatsPlugin({
transform: (stats) => {
// Find the target chunk entry
const mainChunkIndex = stats.chunks?.findIndex((chunk) => chunk.names?.includes("main"));
// When the tartget chunk is found, set the initial flag to true
if (typeof mainChunkIndex !== 'undefined' && stats?.chunks?.[mainChunkIndex]) {
stats.chunks[mainChunkIndex] = {
...stats.chunks[mainChunkIndex],
initial: true,
};
}
// return the modified stats object
return stats;
},
}),
],
},
},
},
}));
Resources
- Vite - Using plugins
- Rollup - Using plugins
- RelativeCI - Vite configuration for better bundle monitoring
@relative-ci/agent examples
FAQs
[](https://www.npmjs.com/package/rollup-plugin-webpack-stats) [](https://www.npmjs.com/package/rollup-plugin-webpack-stats)
The npm package rollup-plugin-webpack-stats receives a total of 42,928 weekly downloads. As such, rollup-plugin-webpack-stats popularity was classified as popular.
We found that rollup-plugin-webpack-stats demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 23 Apr 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
By Kirill Boychenko - May 29, 2025
Security News
OpenJS Foundation Is Now a CNA for 40+ JavaScript Projects Under Its Umbrella
New CNA status enables OpenJS Foundation to assign CVEs for security vulnerabilities in projects like ESLint, Fastify, Electron, and others, while leaving disclosure responsibility with individual maintainers.
By Sarah Gooding - May 29, 2025