{"id":18862788,"url":"https://github.com/eik-lib/rollup-plugin","last_synced_at":"2026-06-12T02:01:57.020Z","repository":{"id":37104020,"uuid":"276756270","full_name":"eik-lib/rollup-plugin","owner":"eik-lib","description":"Rollup plugin to do build-time import mapping using Eik","archived":false,"fork":false,"pushed_at":"2026-06-08T06:53:56.000Z","size":1028,"stargazers_count":2,"open_issues_count":4,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-06-08T08:23:26.291Z","etag":null,"topics":["eik","eik-import-mapping","rollup","rollup-plugin"],"latest_commit_sha":null,"homepage":"https://eik.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eik-lib.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-02T22:25:05.000Z","updated_at":"2026-06-08T06:50:27.000Z","dependencies_parsed_at":"2026-05-25T08:03:19.531Z","dependency_job_id":null,"html_url":"https://github.com/eik-lib/rollup-plugin","commit_stats":{"total_commits":200,"total_committers":9,"mean_commits":22.22222222222222,"dds":0.685,"last_synced_commit":"b6b32645e017ad998b846e0d2046223f042a17ee"},"previous_names":["eik-lib/rollup-plugin-import-map"],"tags_count":122,"template":false,"template_full_name":null,"purl":"pkg:github/eik-lib/rollup-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eik-lib%2Frollup-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eik-lib%2Frollup-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eik-lib%2Frollup-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eik-lib%2Frollup-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eik-lib","download_url":"https://codeload.github.com/eik-lib/rollup-plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eik-lib%2Frollup-plugin/sbom","scorecard":{"id":112944,"data":{"date":"2025-08-11","repo":{"name":"github.com/eik-lib/rollup-plugin","commit":"455999e5ae51e9c8e5fb2e11832dde521753de67"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Maintained","score":10,"reason":"24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/publish.yml:4","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/eik-lib/rollup-plugin/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/eik-lib/rollup-plugin/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/eik-lib/rollup-plugin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/eik-lib/rollup-plugin/test.yml/main?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v5.0.9 not signed: https://api.github.com/repos/eik-lib/rollup-plugin/releases/237256846","Warn: release artifact v5.0.8 not signed: https://api.github.com/repos/eik-lib/rollup-plugin/releases/235531617","Warn: release artifact v5.0.7 not signed: https://api.github.com/repos/eik-lib/rollup-plugin/releases/233804304","Warn: release artifact v5.0.6 not signed: https://api.github.com/repos/eik-lib/rollup-plugin/releases/228759287","Warn: release artifact v5.0.5 not signed: https://api.github.com/repos/eik-lib/rollup-plugin/releases/228674455","Warn: release artifact v5.0.9 does not have provenance: https://api.github.com/repos/eik-lib/rollup-plugin/releases/237256846","Warn: release artifact v5.0.8 does not have provenance: https://api.github.com/repos/eik-lib/rollup-plugin/releases/235531617","Warn: release artifact v5.0.7 does not have provenance: https://api.github.com/repos/eik-lib/rollup-plugin/releases/233804304","Warn: release artifact v5.0.6 does not have provenance: https://api.github.com/repos/eik-lib/rollup-plugin/releases/228759287","Warn: release artifact v5.0.5 does not have provenance: https://api.github.com/repos/eik-lib/rollup-plugin/releases/228674455"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:18"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":7,"reason":"SAST tool is not run on all commits -- score normalized to 7","details":["Warn: 13 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T15:37:00.178Z","repository_id":37104020,"created_at":"2025-08-15T15:37:00.178Z","updated_at":"2025-08-15T15:37:00.178Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34225351,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["eik","eik-import-mapping","rollup","rollup-plugin"],"created_at":"2024-11-08T04:35:44.478Z","updated_at":"2026-06-12T02:01:56.993Z","avatar_url":"https://github.com/eik-lib.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# @eik/rollup-plugin\n\nPlugin to rewrite bare imports to URLs as defined in import maps\n\nRollup [Eik](https://eik.dev/) plugin to support the use of import maps to map \"bare\" import specifiers in ES modules.\n\n## Installation\n\n```bash\nnpm install @eik/rollup-plugin\n```\n\n## Usage\n\n```js\nimport plugin from \"@eik/rollup-plugin\";\n\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [plugin()],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\n## Description\n\nThis plugin transforms \"bare\" import specifiers to absolute URL specifiers in\nES modules. The module refered to by the \"bare\" import specifier will be\ntreated as external and its source will not be included in the bundle but\nrefered to by URL.\n\nThe plugin will attempt to read import map URLs from `eik.json` if present.\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [plugin()],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\nThe path to the location of an `eik.json` file can be specified with the `path` option.\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [plugin({ path: \"/path/to/eik-json-folder\" })],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\nThe plugin can also be told which URLs to load import maps from directly using the `urls` option.\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [plugin({ urls: `http://myserver/import-map` })],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\nAdditionally, individual mappings can be specified using the `maps` option.\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [\n\t\tplugin({\n\t\t\tmaps: [\n\t\t\t\t{\n\t\t\t\t\timports: {\n\t\t\t\t\t\t\"lit-element\": \"https://cdn.eik.dev/lit-element/v2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t}),\n\t],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\nIf several of these options are used, `maps` takes precedence over `urls` which takes precedence over values loaded from an `eik.json` file.\n\nie. in the following example\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\tplugins: [\n\t\tplugin({\n\t\t\tpath: \"/path/to/eik-json-folder\",\n\t\t\turls: [\"http://myserver/import-map\"],\n\t\t\tmaps: [\n\t\t\t\t{\n\t\t\t\t\timports: {\n\t\t\t\t\t\t\"lit-element\": \"https://cdn.eik.dev/lit-element/v2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t}),\n\t],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\nAny import map URLs in `eik.json` will be loaded first, then merged with (and overridden if necessary by) the result of fetching from `http://myserver/import-map` before finally being merged with (and overriden if necessary by) specific mappings defined in `maps`. (In this case `lit-element`)\n\n### Plugin result\n\nBundles will have bare imports mapped to absolute URLs.\n\nIe. Something like this...\n\n```js\nimport { LitElement, html, css } from \"lit-element\";\n```\n\nWill be mapped to something like this...\n\n```js\nimport { LitElement, html, css } from \"https://cdn.eik.dev/lit-element/v2\";\n```\n\n## Options\n\nThis plugin takes an [import map](https://github.com/WICG/import-maps) as options:\n\n| option | default        | type     | required | details                                 |\n| ------ | -------------- | -------- | -------- | --------------------------------------- |\n| path   | `cwd/eik.json` | `string` | `false`  | Path to eik.json file.                  |\n| urls   | `[]`           | `array`  | `false`  | Array of import map URLs to fetch from. |\n| maps   | `[]`           | `array`  | `false`  | Array of import map as objects.         |\n\n## Note on the rollup external option\n\nAny mappings defined by any of the means described above must not occur in the Rollup `external` option.\nIf so, this module will throw.\n\nIn other words, this will not work:\n\n```js\nexport default {\n\tinput: \"source/main.js\",\n\texternal: [\"lit-element\"],\n\tplugins: [\n\t\tplugin({\n\t\t\tmaps: [\n\t\t\t\t{\n\t\t\t\t\timports: {\n\t\t\t\t\t\t\"lit-element\": \"https://cdn.eik.dev/lit-element/v2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t}),\n\t],\n\toutput: {\n\t\tfile: \"build.js\",\n\t\tformat: \"esm\",\n\t},\n};\n```\n\n## License\n\nCopyright (c) 2021 Finn.no\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feik-lib%2Frollup-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feik-lib%2Frollup-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feik-lib%2Frollup-plugin/lists"}