rollup-plugin-ts
A TypeScript Rollup plugin that bundles declarations, respects Browserslists, and enables seamless integration with transpilers such as babel and swc
46
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
wessberg
Keywords
rolluptypescriptdeclarationdeclarationsbundlingmergingtreeshakingpluginbabelbrowserslist
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@types/resolve | AI (phantom-deps): @types/resolve is a TypeScript type package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@types/mkdirp | AI (phantom-deps): @types/mkdirp is a TypeScript type package loaded by convention. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): localvoid removal is part of a legitimate ownership transfer to the package's documented lead developer wessberg. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): @types/node is a TypeScript type package loaded by convention, not directly imported. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): wessberg is the documented lead developer and repo owner; jounqin is a co-maintainer. Transfer from localvoid is consistent with the package's GitHub history and contributor list. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): @babel/runtime is a Babel helper package injected at runtime by @babel/plugin-transform-runtime, not directly imported in source. | ai | |
| dependencies | unvetted-dep:@wessberg/stringutil | AI (dependencies): @wessberg/stringutil is authored by the same publisher (wessberg); a long-standing stable dependency with no security concerns. | ai | |
| dependencies | unvetted-dep:crosspath | AI (dependencies): crosspath is a stable dependency authored by the same publisher (wessberg); present across many prior versions with no security concerns. | ai | |
| dependencies | unvetted-dep:compatfactory | AI (dependencies): compatfactory is a stable dependency authored by the same publisher (wessberg); present across many prior versions with no security concerns. | ai | |
| dependencies | unvetted-dep:ts-clone-node | AI (dependencies): ts-clone-node is a stable dependency authored by the same publisher (wessberg); present across many prior versions with no security concerns. | ai | |
| dependencies | unvetted-dep:browserslist-generator | AI (dependencies): browserslist-generator is a stable dependency authored by the same publisher (wessberg); present across many prior versions with no security concerns. | ai | |
| maintainer-change | maintainer-takeover | AI (maintainer-change): Not a hijack — wessberg is the documented author/lead developer of this package per package.json contributors field and GitHub repo ownership. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is explained by bundled dist files (709KB source maps, 342KB ESM bundle) from a complete rewrite of the plugin. No obfuscation or injected payloads detected. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change to 'wessberg' is legitimate — wessberg is the documented author of this package with an established npm track record. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency used as implicit TypeScript helper; not directly imported by design. Stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established package with 47 versions and clear GitHub repo; lack of provenance attestation is common and not a security risk here. | ai |
Versions (showing 46 of 46)
| Version | Deps | Published |
|---|---|---|
| 3.4.5 | 10 / 61 | |
| 3.4.4 | 10 / 61 | |
| 3.4.3 | 10 / 61 | |
| 3.4.2 | 10 / 61 | |
| 3.4.1 | 10 / 61 | |
| 3.4.0 | 10 / 61 | |
| 3.3.1 | 10 / 61 | |
| 3.3.0 | 10 / 61 | |
| 3.2.0 | 10 / 56 | |
| 3.1.1 | 10 / 56 | |
| 3.1.0 | 10 / 56 | |
| 3.0.2 | 10 / 53 | |
| 3.0.1 | 10 / 53 | |
| 3.0.0 | 10 / 53 | |
| 2.0.7 | 10 / 50 | |
| 2.0.6 | 10 / 50 | |
| 2.0.5 | 10 / 50 | |
| 2.0.4 | 10 / 50 | |
| 2.0.3 | 10 / 50 | |
| 2.0.2 | 10 / 49 | |
| 2.0.1 | 10 / 49 | |
| 2.0.0 | 10 / 49 | |
| 1.4.7 | 21 / 42 | |
| 1.4.6 | 21 / 42 | |
| 1.4.5 | 21 / 42 | |
| 1.4.4 | 21 / 42 | |
| 1.4.3 | 21 / 42 | |
| 1.4.2 | 21 / 42 | |
| 1.4.1 | 21 / 42 | |
| 1.4.0 | 21 / 41 | |
| 1.3.12 | 20 / 40 | |
| 1.3.10 | 20 / 39 | |
| 1.3.7 | 20 / 40 | |
| 1.3.0 | 20 / 39 | |
| 1.2.29 | 20 / 38 | |
| 1.2.28 | 20 / 38 | |
| 1.2.27 | 20 / 39 | |
| 1.2.24 | 20 / 37 | |
| 1.2.23 | 20 / 37 | |
| 1.2.22 | 20 / 37 | |
| 1.2.14 | 21 / 29 | |
| 1.2.12 | 20 / 27 | |
| 1.2.10 | 20 / 27 | |
| 1.2.8 | 20 / 26 | |
| 1.2.0 | 26 / 24 | |
| 0.1.0 | 1 / 5 |