		@@ -939,3 +939,5 @@ let SOURCEMAPPING_URL = "sourceMa";
		}
		let isHookRegistered = !1;
		function createImportMetaResolver() {
		if (isHookRegistered) return importMetaResolveWithCustomHook;
		let module;
		@@ -948,3 +950,3 @@ try {
		if (module) {
		if (module.registerHooks) return module.registerHooks({ resolve: customizationHookResolve }), importMetaResolveWithCustomHook;
		if (module.registerHooks) return module.registerHooks({ resolve: customizationHookResolve }), isHookRegistered = !0, importMetaResolveWithCustomHook;
		if (module.register) {
		@@ -958,3 +960,3 @@ try {
		}
		return importMetaResolveWithCustomHook;
		return isHookRegistered = !0, importMetaResolveWithCustomHook;
		}
		@@ -961,0 +963,0 @@ }

+4

-4

package.json

		{
		"name": "vite",
		"version": "8.0.0-beta.11",
		"version": "8.0.0-beta.12",
		"type": "module",
		@@ -75,3 +75,3 @@ "license": "MIT",
		"devDependencies": {
		"@babel/parser": "^7.28.6",
		"@babel/parser": "^7.29.0",
		"@jridgewell/remapping": "^2.3.5",
		@@ -89,3 +89,3 @@ "@jridgewell/trace-mapping": "^0.3.31",
		"artichokie": "^0.4.2",
		"baseline-browser-mapping": "^2.9.18",
		"baseline-browser-mapping": "^2.9.19",
		"cac": "^6.7.14",
		@@ -122,3 +122,3 @@ "chokidar": "^3.6.0",
		"resolve.exports": "^2.0.3",
		"rolldown-plugin-dts": "^0.21.6",
		"rolldown-plugin-dts": "^0.21.8",
		"rollup": "^4.43.0",
		@@ -125,0 +125,0 @@ "rollup-plugin-license": "^3.6.0",

+9

-0

types/metadata.d.ts

		@@ -0,1 +1,6 @@
		export interface AssetMetadata {
		importedAssets: Set<string>
		importedCss: Set<string>
		}

		export interface ChunkMetadata {
		@@ -28,2 +33,6 @@ importedAssets: Set<string>
		declare module 'rolldown' {
		export interface OutputAsset {
		viteMetadata?: AssetMetadata
		}

		export interface RenderedChunk {
		@@ -30,0 +39,0 @@ viteMetadata?: ChunkMetadata

dist/node/chunks/node.js

Sorry, the diff of this file is too big to display

dist/node/index.d.ts

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

vite - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics