Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
smartbundle
Advanced tools
SmartBundle
The Library Bundler That Respects Your Time
Getting Started • Features • Compatibility • Tool Integration • Advanced Usage • FAQ
Build your library for any JavaScript environment without the complexity
Getting Started
SmartBundle makes it easy to bundle your library for any JavaScript environment. Just create a minimal package.json (see below), install SmartBundle, and run the build command.
{
// Your package name
"name": "my-package",
// Package version
"version": "1.0.0",
// Must be true to avoid accidental publishing
"private": true,
// SmartBundle supports only ES modules
"type": "module",
// Entry point used by SmartBundle
"exports": "./src/index.js",
"scripts": {
// Run this to build your package
"build": "smartbundle"
}
}
Need more details? See our package.json guide for a full explanation of each field. If you plan to use TypeScript, check out our TS guide for tailored advice.
To build your package:
- Create the package.json as shown above
- Install SmartBundle:
npm install --save-dev smartbundle@latest
- Build your package:
npm run build
- Your built files (including an auto-generated package.json) will be in the ./dist folder
Features
- Zero Configuration - Point to your entry file and build
- Universal Output - ESM and CommonJS bundles generated automatically
- TypeScript Ready - Full TypeScript support with type definitions
- React Support - Automatic JSX transformations for modern and legacy modes
- Developer Friendly - Source maps included for better debugging
- Broad Compatibility - Works with Node.js, Webpack, Vite, Rollup, Bun, and more
Compatibility
Every bundled package is tested in real environments - from Node.js and Bun to Webpack and Metro - to ensure it just works.
Runtimes
| Runtime | Version | Supported | E2E Tests |
|---|---|---|---|
| Node.js | ^18.0.0 | ✔ | ✔ |
| ^20.0.0 | ✔ | ✔ | |
| ^22.0.0 | ✔ | ✔ | |
| ^23.0.0 | ✔ | ✔ | |
| Bun | ^1.0.0 | ✔ | ✔ |
| Deno | ^2.0.0 | ✔ | - |
Bundlers
| Bundler | Version | Supported | E2E Tests |
|---|---|---|---|
| Webpack | ^4.47.0 | ✔ | ✔ |
| ^5.95.0 | ✔ | ✔ | |
| Rspack | ^1.0.0 | ✔ | ✔ |
| Vite | ^5.0.0 | ✔ | - |
| Rollup | ^4.0.0 | ✔ | - |
| Parcel | ^2.0.0 | ✔ | - |
| Browserify | ^17.0.0 | ✔ | - |
| Esbuild | ^0.24.0 | ✔ | - |
| Metro | ^0.81.0 | ✔ | ✔ |
| Next.js/Turbopack | ^13.0.0 | ✔ | - |
TypeScript Module Resolution
| Strategy | Supported | E2E Tests |
|---|---|---|
| bundler | ✔ | ✔ |
| node10 | ✔ | ✔ |
| node16es | ✔ | ✔ |
| node16cjs | ✔ | ✔ |
We aim to support as many bundlers and runtimes as possible. If the bundled package doesn't work with your bundler, please let us know.
Tool Integration
SmartBundle automatically detects and integrates with your tools - just add what you need to your project.
TypeScript
Add typescript@^5.0.0 as a dev dependency and start creating .ts files. SmartBundle will handle the rest.
Babel
Add @babel/core@^7.0.0 as a dev dependency and create a Babel configuration file in your project root. SmartBundle will automatically apply your transformations.
React
Add react to your dependencies. SmartBundle automatically detects React and configures JSX transformations. Both modern and legacy modes are supported.
For detailed React configuration options, see our React guide.
Advanced Usage
SmartBundle enforces certain package.json conventions to ensure reliable builds. For detailed information about:
- Required and banned fields
- Configuration limitations
- Package.json best practices
See our package.json guide.
FAQ
SmartBundle have an issue
Please, look at the known fixable issues before creating your own one. Some bugs already have a solution but cannot be fixed without user action.
Why don't you minify the output?
Minification is typically needed only for production. During development, readable, unminified output helps with debugging.
Why do you require third-party tools for building?
We prioritize keeping the node_modules size manageable and avoid unnecessary dependencies. If your package does not require TypeScript, for instance, you don’t need to install those specific tools.
Community and Support
If you need assistance or wish to contribute, please check out our discussion forum and issue tracker.
FAQs
zero-config bundler for npm packages
The npm package smartbundle receives a total of 75 weekly downloads. As such, smartbundle popularity was classified as not popular.
We found that smartbundle demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Feb 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025