rollup - npm Package Compare versions

Comparing version 3.29.5 to 3.30.0

dist/es/getLogFilter.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/es/rollup.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/getLogFilter.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/loadConfigFile.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/rollup.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/shared/fsevents-importer.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/shared/loadConfigFile.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/shared/watch-cli.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/shared/watch-proxy.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

dist/shared/watch.js

 /*
   @license
-	Rollup.js v3.29.4
-	Sat, 21 Sep 2024 06:29:06 GMT - commit 2ef77c00ec2635d42697cff2c0567ccc8db34fb4
+	Rollup.js v3.30.0
+	Sun, 22 Feb 2026 06:50:42 GMT - commit 967740910dc90f3c928c91642f2b80c1ed40d60b
 
@@ -6,0 +6,0 @@ https://github.com/rollup/rollup

package.json

 {
   "name": "rollup",
-  "version": "3.29.5",
+  "version": "3.30.0",
   "description": "Next-generation ES module bundler",
@@ -5,0 +5,0 @@ "main": "dist/rollup.js",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2523386

0.11%

Lines of code

62161

0.09%

Worsened metrics

Number of low supply chain risk alerts

424

0.24%

No dependency changes