@rollup/plugin-terser
Generate minified bundle
2
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
shellscaperich_harrisguybedfordlukastaegert
Keywords
rolluppluginterserminifynpmmodules
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:smob | AI (dependencies): smob is a small object-merging utility authored by the same author as this plugin (Peter Placzek), used within the rollup ecosystem. Its use here is consistent and low-risk. | ai | |
| dependencies | unvetted-peer-dep:rollup | AI (dependencies): rollup is the canonical bundler this plugin is designed for; it is a well-known, widely-used package. Flagging it as unvetted peer dep is a stable false positive for this package. | ai |
v0.4.4
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.