Mixed — Mixed signals — read the receipts

• Used by 1 trusted project: vitejs/vite
• Last commit today
• 20 active contributors
• Other licensed
• CI configured
• Tests present
• ⚠ Concentrated ownership — top contributor handles 61% of recent commits
• ⚠ Non-standard license (Other) — review terms
• ⚠ Scorecard: dangerous CI workflow (0/10)

_{Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests, cross-checked against dependency CVEs from deps.dev and OpenSSF Scorecard}

Rollup is an ES module bundler that compiles small JavaScript/TypeScript pieces into optimized single files or library bundles, supporting both modern ESM and legacy formats (IIFE, CommonJS, UMD). It's written primarily in JavaScript/TypeScript with performance-critical Rust components, and serves as the de facto standard bundler for npm libraries and modern web applications. Monorepo structure: core bundler logic in src/ (JavaScript/TypeScript), browser-specific build in browser/src/ with polyfilled fs.ts and path.ts, Rust FFI bindings for performance-critical parsing/linking. CI/GitHub workflows in .github/, configuration templates and documentation at root level (ARCHITECTURE.md for detailed layout), test fixtures and integration tests distributed across the src tree.

LLM-derived; treat as a starting point, not verified fact.

Library authors bundling npm packages, framework maintainers (React, Vue, Svelte all use Rollup), and application developers who need tree-shaking and code-splitting for modern ESM workflows. Specifically: engineers shipping isomorphic code, plugin developers extending bundler functionality, and teams standardizing on ES modules across their build pipeline.

LLM-derived; treat as a starting point, not verified fact.

Highly mature and production-ready. The codebase shows 8.4M+ LOC of JavaScript, comprehensive CI/CD via GitHub Actions (build-and-tests.yml, performance-report.yml), extensive test coverage (.nycrc config present), and multiple stable release channels (CHANGELOG-0.md through CHANGELOG.md indicate v4+ releases). Last commit recency and active issue triage visible in workflow setup confirm ongoing maintenance.

Standard open source risks apply.

LLM-derived; treat as a starting point, not verified fact.

Active v4.x development cycle (version 4.62.2 visible in browser/package.json). Ongoing CI infrastructure maintenance (repl-artefacts.yml, clean-cache.yml workflows suggest REPL upkeep and performance monitoring). Bug fixes and feature work tracked via issue templates (bug.yaml, feature.yaml, modification.yaml) in .github/ISSUE_TEMPLATE/, with Dependabot dependency scanning enabled.

LLM-derived; treat as a starting point, not verified fact.

git clone https://github.com/rollup/rollup.git
cd rollup
npm install
npm test

For local development with the CLI: npm run build then node dist/rollup.js --help to verify the build.

Daily commands:

npm run build       # Build bundler from TypeScript to dist/
npm run dev         # Watch mode (inferred from .husky pre-commit setup)
npm test            # Run test suite
npm run lint        # ESLint via .lintstagedrc.js

• src/index.ts — Main entry point for Rollup bundler; defines the core rollup() function and public API
• src/rollup/index.ts — Central bundler orchestrator handling the build pipeline, module resolution, and code generation
• src/ast/nodes/Program.ts — AST node representing the root module; critical for tree-shaking and module transformation
• cli/run/index.ts — CLI command dispatcher; entry point for command-line interface and watch mode handling
• build-plugins — Custom Rollup plugins used in Rollup's own build; demonstrates plugin architecture and conventions
• ARCHITECTURE.md — High-level design documentation explaining bundler phases, AST transformation, and module resolution

• Graph (src/Graph.ts) (TypeScript, AST analysis) — Manages module dependency resolution and tree-shaking via binding analysis
  • Failure mode: Circular dependencies undetected; incorrect tree-shaking due to false bindings
• Module (src/Module.ts) (Custom AST parser, binding analysis) — Parses single ES module, extracts imports/exports, and builds identifier bindings
  • Failure mode: Parse errors; incorrect binding detection causing false positives in tree-shaking
• PluginDriver (src/utils/pluginDriver.ts) (Async hook system, plugin interface) — Orchestrates plugin hook execution and context injection throughout bundler phases
  • Failure mode: Hook ordering errors; plugin exceptions crashing entire build without recovery
• Bundler (src/Bundler.ts) (TypeScript, output generation) — Coordinates build phases and generates output in specified format
  • Failure mode: Format-specific bugs; incorrect chunk splitting or missing exports
• CLI (cli/run/index.ts) (Node.js fs, config loading) — Parses command-line arguments, loads config, and orchestrates build or watch mode
  • Failure mode: Config parsing failures; watch mode race conditions
• Browser Shims (browser/src/) (WASM, browser APIs) — Polyfills Node.js APIs (fs, path, process) for browser bundler execution
  • Failure mode: Missing API coverage; WASM initialization failures in REPL

• User Config / CLI Args → Bundler Engine (src/rollup/index.ts) — Configuration object and normalized options passed to bundler initialization
• Bundler Engine → Graph (src/Graph.ts) — Entry points and output options used to recursively load and analyze modules
• Graph → Module (src/Module.ts) — Specifiers resolved to file paths; modules parsed and binding maps extracted
• Module AST + Bindings → Tree-Shake Analysis — Binding information used to mark used/unused exports and eliminate dead code
• Tree-Shaken Modules → Output Generator (src/Bundler.ts) — Filtered modules rendered into format-specific bundle (esm, umd, iife, cjs)
• Output Generator → File System / Browser Memory — Generated bundle written to disk or returned as string for browser execution

Add a New AST Node Type

1. Define the TypeScript class in src/ast/nodes/ extending Node base class (src/ast/nodes/index.ts)
2. Implement toString() method for code generation and any visit() hook handling (src/ast/nodes/[YourNodeType].ts)
3. Register binding analysis in src/ast/analyze.ts if identifier binding is needed (src/ast/analyze.ts)
4. Add parsing logic to the parser to create instances of your node type (src/Module.ts)

Add a New Plugin Hook

1. Define hook type in src/types/rollup/plugin.d.ts or related interface (src/rollup/index.ts)
2. Call await this.pluginDriver.hookParallel() or hookSeq() at appropriate build phase (src/rollup/index.ts)
3. Document the hook in docs/ with parameter and return value specifications (docs)

Add a New Output Format

1. Create output generator in src/ handling format-specific rendering (src/Bundler.ts)
2. Integrate into Bundler.generate() conditionally based on output.format option (src/Bundler.ts)
3. Add format-specific tests and update CLI help documentation (cli/help.md)

Add a Browser Shim for a Node.js Module

1. Create shim implementation in browser/src/ with minimal API surface (browser/src/[moduleName].ts)
2. Register alias mapping in build-plugins/replace-browser-modules.ts (build-plugins/replace-browser-modules.ts)
3. Export from browser/src/index.ts to make available in browser build (browser/src)

• TypeScript — Type safety for complex AST transformations and plugin system with ~600 files
• Custom AST Parser — Precise control over ES module semantics, binding analysis, and tree-shaking optimization
• Plugin Architecture (async hooks) — Extensibility for resolvers, transformers, and output formatters without forking
• WASM (optional) — Browser-compatible bundling via WebAssembly compilation path for REPL

• Single-threaded, graph-based bundling vs. parallel module processing

  • Why: Simplifies dependency ordering and caching; avoids race conditions in tree-shaking
  • Consequence: Slower on multi-core systems but more predictable and debuggable

• Custom AST over acorn/babel

  • Why: Exact control over bindings and dead-code analysis without third-party overhead
  • Consequence: Maintenance burden for parser; tight coupling to ES module semantics

• Browser build with Node.js shims vs. separate bundle

  • Why: Reuse same bundler logic in browser via shims for fs, path, process
  • Consequence: Added complexity in build-plugins but enables REPL and browser IDE integrations

• Does not handle CommonJS module transformation (requires plugins for cjs compatibility)
• Does not optimize bundle size beyond tree-shaking; minification delegated to external tools
• Does not provide source-map manipulation or advanced error recovery
• Does not support synchronous bundling; all operations are async

• Avg cyclomatic complexity: ~7.2 — Complex AST transformations, tree-shaking binding analysis, and plugin hook orchestration; heavy use of recursive module traversal
• Largest file: src/ast/nodes/Program.ts (2,800 lines)
• Estimated quality issues: ~12 — AST analysis logic tightly coupled with rendering; limited test coverage for edge cases in binding analysis; error messages lack source location precision

• Mutable Global State in Plugins (High) — src/utils/pluginDriver.ts, plugin hook contexts: Plugin hooks can mutate shared context; no isolation between concurrent plugin executions
• Loose Error Handling in AST Traversal (Medium) — src/ast/analyze.ts, src/Module.ts: Parse errors may not include precise source locations; difficult to debug binding analysis failures
• Implicit Module Ordering Assumptions (Medium) — src/Bundler.ts output generation: Module concatenation order relied upon for correct semantics; no explicit ordering guarantees
• Cache Invalidation Complexity (Medium) — cli/run/watchHooks.ts: Watch mode cache invalidation rules are scattered; difficult to ensure all deps are recomputed on change

• src/Graph.ts buildGraph() (I/O Bottleneck) — Module resolution and loading serialized per import; cannot parallelize resolution across dependency tree
• src/ast/analyze.ts (Computation Bottleneck) — Full AST traversal for each module binding analysis; no caching of identifier scope maps across builds
• src/Bundler.ts generate() (Rendering Bottleneck) — Code rendering concatenated sequentially; no chunking parallelization in multi-chunk builds
• cli/run/index.ts watch mode (Watch Mode Bottleneck) — Full graph rebuild on any file change; incremental module updates not implemented

1. Pre-commit hooks (.husky/pre-commit) enforce linting via .lintstagedrc.js — commits fail if code is not formatted; run npm run lint --fix first. 2) Workspace-aware: rollup exports both ESM (dist/es/) and CJS (dist/) — test both formats if modifying exports. 3) Rust FFI for perf-sensitive code paths — changes to native binding calls require Rust toolchain + wasm-pack setup (check .tool-versions for pinned versions). 4) Browser build uses polyfilled fs/path (browser/src/fs.ts, browser/src/path.ts) — file I/O semantics differ from Node.js. 5) Tests require specific Node version from .tool-versions or .nvmrc — version mismatches cause cryptic failures.

• Tree-shaking (Dead Code Elimination) — Core Rollup feature that statically analyzes unused exports and removes them; requires understanding ESM static analysis and side-effect tracking (see src/ast/Variable.ts).
• Code Splitting and Chunk Strategy — Rollup splits bundles into multiple chunks for lazy loading; understanding chunk boundaries, entry points, and shared dependencies is critical for contributing to src/Bundle.ts and src/Chunk.ts.
• Module Resolution and Conditional Exports — Rollup's resolver (src/utils/resolveId.ts) must handle Node.js package.json exports field, subpath patterns, and ESM-first resolution; essential for plugin and core debugging.
• AST Walking and Scope Analysis — Rollup performs static analysis on Acorn/estree ASTs (src/ast/) to track variable bindings, identify side effects, and determine reachability; foundational for tree-shaking and transformation.
• Plugin Hook System and Lifecycle — Extensibility via plugins (resolveId, load, transform, generateBundle, etc.); src/utils/PluginDriver.ts orchestrates hook execution; critical for understanding how plugins integrate.
• Rollup's Chunk Format Outputs (IIFE, CJS, UMD, ESM) — Rollup generates code in multiple formats; understanding format-specific wrapping (IIFE for browsers, CJS for Node) is necessary for debugging output issues.
• WASM and Rust FFI for Performance — Performance-critical code (parsing, linking) uses Rust via WASM or native bindings; understanding the bridge is essential for perf contributions and debugging native code failures.

• evanw/esbuild — Alternative ES module bundler written in Go, much faster but less configurable; direct competitor for performance-critical builds.
• webpack/webpack — Legacy bundler standard; Rollup specifically targets simpler, faster bundling vs Webpack's flexibility; many projects migrate from Webpack → Rollup for libraries.
• vitejs/vite — Modern dev server and build tool that uses Rollup as its production bundler; primary downstream consumer and integration test suite.
• swc-project/swc — Rust-based JavaScript compiler and bundler; shares Rollup's philosophy of Rust for performance but offers different plugin API; used alongside Rollup in some toolchains.
• rollup/plugins — Official plugin monorepo (rollup/plugins) — essential reference for plugin API, includes @rollup/plugin-node-resolve, @rollup/plugin-commonjs, and others that extend Rollup's core.

• Add tree-shaking tests for complex module patterns (circular deps, re-exports) — src/tests/ lacks coverage for edge cases in src/ast/Variable.ts side-effect tracking.: Critical for bundler correctness; visible gaps in test matrix for CommonJS-to-ESM interop.
• Document plugin hook ordering and timing in ARCHITECTURE.md — currently only CONTRIBUTING.md mentions the lifecycle; add a table with hook execution order (resolveId → load → transform → generateBundle) and examples.: Plugin authors frequently ask; inline documentation gaps cause misunderstandings.
• Expand browser/ polyfill compatibility tests — browser/src/fs.ts and path.ts are minimal stubs; add tests for path.resolve(), path.join(), and fs.readFile() edge cases across browsers.: Browser bundling is a growing use case; gaps block adoption in web-based IDEs and REPL tools.
• Add error message improvements for unresolved imports — src/utils/resolveId.ts throws generic 'failed to resolve' without suggestions; add 'did you mean' logic for typos.: UX improvement that reduces support burden; similar tools (esbuild, webpack) do this.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub