vite - npm Package Compare versions

Comparing version 8.0.0-beta.18 to 8.0.0

dist/node/chunks/postcss-import.js

 import { i as __require, t as __commonJSMin } from "./chunk.js";
 import { t as require_lib } from "./lib.js";
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/format-import-prelude.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/format-import-prelude.js
 var require_format_import_prelude = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -18,3 +18,3 @@ module.exports = function formatImportPrelude(layer, media, supports) {
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/base64-encoded-import.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/base64-encoded-import.js
 var require_base64_encoded_import = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -32,3 +32,3 @@ const formatImportPrelude = require_format_import_prelude();
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/apply-conditions.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/apply-conditions.js
 var require_apply_conditions = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -108,3 +108,3 @@ const base64EncodedConditionalImport = require_base64_encoded_import();
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/apply-raws.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/apply-raws.js
 var require_apply_raws = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -123,3 +123,3 @@ module.exports = function applyRaws(bundle) {
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/apply-styles.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/apply-styles.js
 var require_apply_styles = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -144,3 +144,3 @@ module.exports = function applyStyles(bundle, styles) {
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/data-url.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/data-url.js
 var require_data_url = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -164,3 +164,3 @@ const anyDataURLRegexp = /^data:text\/css(?:;(base64|plain))?,/i;
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/parse-statements.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/parse-statements.js
 var require_parse_statements = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -290,3 +290,3 @@ const valueParser = require_lib();
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/process-content.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/process-content.js
 var require_process_content = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -325,3 +325,3 @@ const path$2 = __require("path");
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/lib/parse-styles.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/lib/parse-styles.js
 var require_parse_styles = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -429,3 +429,3 @@ const path$1 = __require("path");
 //#endregion
-//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.6/node_modules/postcss-import/index.js
+//#region ../../node_modules/.pnpm/postcss-import@16.1.1_postcss@8.5.8/node_modules/postcss-import/index.js
 var require_postcss_import = /* @__PURE__ */ __commonJSMin(((exports, module) => {
@@ -432,0 +432,0 @@ const path = __require("path");

package.json

 {
   "name": "vite",
-  "version": "8.0.0-beta.18",
+  "version": "8.0.0",
   "type": "module",
@@ -64,6 +64,6 @@ "license": "MIT",
     "@oxc-project/runtime": "0.115.0",
-    "lightningcss": "^1.31.1",
+    "lightningcss": "^1.32.0",
     "picomatch": "^4.0.3",
-    "postcss": "^8.5.6",
-    "rolldown": "1.0.0-rc.8",
+    "postcss": "^8.5.8",
+    "rolldown": "1.0.0-rc.9",
     "tinyglobby": "^0.2.15"
@@ -85,4 +85,4 @@ },
     "@types/pnpapi": "^0.0.5",
-    "@vitest/utils": "4.1.0-beta.5",
-    "@vitejs/devtools": "^0.0.0-alpha.32",
+    "@vitest/utils": "4.1.0-beta.6",
+    "@vitejs/devtools": "^0.0.0-alpha.33",
     "artichokie": "^0.4.2",
@@ -106,3 +106,3 @@ "baseline-browser-mapping": "^2.10.0",
     "magic-string": "^0.30.21",
-    "mlly": "^1.8.0",
+    "mlly": "^1.8.1",
     "mrmime": "^2.0.1",
@@ -109,0 +109,0 @@ "nanoid": "^5.1.6",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2178717

0.03%

Lines of code

56593

0.01%

Number of low quality alerts

1

-50%

Dependency changes

• + Added

  @rolldown/binding-android-arm64@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-darwin-arm64@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-freebsd-x64@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-arm64-gnu@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-arm64-musl@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-ppc64-gnu@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-s390x-gnu@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-x64-gnu@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-linux-x64-musl@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-openharmony-arm64@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-wasm32-wasi@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-win32-arm64-msvc@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/binding-win32-x64-msvc@1.0.0-rc.9
  (transitive)

• + Added

  @rolldown/pluginutils@1.0.0-rc.9
  (transitive)

• + Added

  rolldown@1.0.0-rc.9
  (transitive)

• - Removed

  @rolldown/binding-android-arm64@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-darwin-arm64@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-darwin-x64@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-freebsd-x64@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-arm64-gnu@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-arm64-musl@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-ppc64-gnu@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-s390x-gnu@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-x64-gnu@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-linux-x64-musl@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-openharmony-arm64@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-wasm32-wasi@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-win32-arm64-msvc@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/binding-win32-x64-msvc@1.0.0-rc.8
  (transitive)

• - Removed

  @rolldown/pluginutils@1.0.0-rc.8
  (transitive)

• - Removed

  rolldown@1.0.0-rc.8
  (transitive)

• - Removed

  vite@8.0.0
  (transitive)

• Updated

  lightningcss@^1.32.0

• Updated

  postcss@^8.5.8

• Updated

  rolldown@1.0.0-rc.9