Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →

Book a Demo Install Sign in

Book a Demo Install Sign in

rollup

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

rollup - npm Package Compare versions

Comparing version

to

+2

-2

dist/es/rollup.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/loadConfigFile.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/rollup.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/shared/fsevents-importer.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/shared/loadConfigFile.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/shared/watch-cli.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/shared/watch-proxy.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+2

-2

dist/shared/watch.js

		/*
		@license
		Rollup.js v3.20.6
		Tue, 18 Apr 2023 11:34:41 GMT - commit 911700bc0bc90e5b1b8db01ea77fe3040a05480d
		Rollup.js v3.20.7
		Fri, 21 Apr 2023 04:31:37 GMT - commit 2820962446b40b7dfab9bdd936be1e230d8b944c

		@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

+1

-1

package.json

		{
		"name": "rollup",
		"version": "3.20.6",
		"version": "3.20.7",
		"description": "Next-generation ES module bundler",
		@@ -5,0 +5,0 @@ "main": "dist/rollup.js",

dist/bin/rollup

Sorry, the diff of this file is too big to display

dist/es/shared/node-entry.js

Sorry, the diff of this file is too big to display

dist/es/shared/watch.js

Sorry, the diff of this file is too big to display

dist/shared/index.js

Sorry, the diff of this file is too big to display

dist/shared/rollup.js

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package