rollup - npm Package Compare versions

Comparing version 4.0.0-1 to 4.0.0-2

package.json

 {
   "name": "rollup",
-  "version": "4.0.0-1",
+  "version": "4.0.0-2",
   "description": "Next-generation ES module bundler",
@@ -43,3 +43,3 @@ "main": "dist/rollup.js",
     "build:cjs": "rollup --config rollup.config.ts --configPlugin typescript --configTest",
-    "build:bootstrap": "shx mv dist dist-build && node dist-build/bin/rollup --config rollup.config.ts --configPlugin typescript && npm run build:copy-native && shx rm -rf dist-build",
+    "build:bootstrap": "shx mv dist dist-build && node dist-build/bin/rollup --config rollup.config.ts --configPlugin typescript && shx rm -rf dist-build",
     "build:docs": "vitepress build docs",
@@ -49,5 +49,5 @@ "preview:docs": "vitepress preview docs",
     "ci:lint": "concurrently -c red,green,blue 'npm:lint:js:nofix' 'npm:lint:markdown:nofix' 'npm:lint:rust:nofix'",
-    "ci:test": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && npm run test:all",
-    "ci:test:only": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && npm run test:only",
-    "ci:coverage": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && nyc --reporter lcovonly mocha",
+    "ci:test:only": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && npm run build:copy-native && npm run test:only",
+    "ci:test:all": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && npm run build:copy-native && concurrently --kill-others-on-fail -c green,blue,magenta 'npm:test:only' 'npm:test:typescript' 'npm:test:leak'",
+    "ci:coverage": "npm run build:cjs && npm run build:copy-native && npm run build:bootstrap && npm run build:copy-native && nyc --reporter lcovonly mocha",
     "lint": "concurrently -c red,green,blue 'npm:lint:js' 'npm:lint:markdown' 'npm:lint:rust'",
@@ -98,13 +98,13 @@ "lint:js": "eslint . --fix --cache",
     "fsevents": "~2.3.2",
-    "@rollup/rollup-darwin-arm64": "4.0.0-1",
-    "@rollup/rollup-android-arm64": "4.0.0-1",
-    "@rollup/rollup-win32-arm64-msvc": "4.0.0-1",
-    "@rollup/rollup-linux-arm64-gnu": "4.0.0-1",
-    "@rollup/rollup-android-arm-eabi": "4.0.0-1",
-    "@rollup/rollup-linux-arm-gnueabihf": "4.0.0-1",
-    "@rollup/rollup-win32-ia32-msvc": "4.0.0-1",
-    "@rollup/rollup-darwin-x64": "4.0.0-1",
-    "@rollup/rollup-win32-x64-msvc": "4.0.0-1",
-    "@rollup/rollup-linux-x64-gnu": "4.0.0-1",
-    "@rollup/rollup-linux-x64-musl": "4.0.0-1"
+    "@rollup/rollup-darwin-arm64": "4.0.0-2",
+    "@rollup/rollup-android-arm64": "4.0.0-2",
+    "@rollup/rollup-win32-arm64-msvc": "4.0.0-2",
+    "@rollup/rollup-linux-arm64-gnu": "4.0.0-2",
+    "@rollup/rollup-android-arm-eabi": "4.0.0-2",
+    "@rollup/rollup-linux-arm-gnueabihf": "4.0.0-2",
+    "@rollup/rollup-win32-ia32-msvc": "4.0.0-2",
+    "@rollup/rollup-darwin-x64": "4.0.0-2",
+    "@rollup/rollup-win32-x64-msvc": "4.0.0-2",
+    "@rollup/rollup-linux-x64-gnu": "4.0.0-2",
+    "@rollup/rollup-linux-x64-musl": "4.0.0-2"
   },
@@ -204,3 +204,3 @@ "devDependencies": {
   "engines": {
-    "node": ">=14.18.0",
+    "node": ">=18.0.0",
     "npm": ">=8.0.0"
@@ -207,0 +207,0 @@ },

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2586025

increased by4773.04%

Number of package files

24

increased by700%

Lines of code

64257

increased byInfinity%

Worsened metrics

Number of low supply chain risk alerts

19

increased by1800%

Number of medium supply chain risk alerts

5

increased by150%

No dependency changes