rollup-plugin-typescript2
★
★
★
★
★
3
reviews
Seamless integration between Rollup and TypeScript. Now with errors.
90
Security
42
Quality
10
Maintenance
50
Overall
v0.36.0
npm
JavaScript
Sep 27, 2023
by @ezolenko
No Known Issues
This package has a good security score with no known vulnerabilities.
829
GitHub Stars
3.0/5
Avg Rating
Community Reviews
CAUTION
Works well but requires careful setup and has maintenance concerns
Getting rollup-plugin-typescript2 working initially takes some trial and error. The plugin respects your tsconfig.json settings, which is good for consistency, but cryptic errors arise when configurations conflict between Rollup and TypeScript. The error messages around path resolution and declaration file generation can be frustratingly vague. You'll often find yourself comparing working configurations from GitHub repos rather than relying on documentation.
The plugin's caching mechanism speeds up rebuilds significantly, but can cause confusing issues when type definitions change. I've had to regularly clear the .rts2_cache folder when debugging strange type errors. The plugin does surface TypeScript errors during bundling, which is its main selling point over alternatives, though this sometimes results in double error reporting that clutters the console.
Community support is adequate but fragmented—many Stack Overflow answers are outdated given changes in both Rollup and TypeScript ecosystems. GitHub issues show the maintainer is responsive but the project hasn't seen major updates recently. For straightforward library bundling it works fine, but complex monorepo setups or custom path mappings require significant troubleshooting.
The plugin's caching mechanism speeds up rebuilds significantly, but can cause confusing issues when type definitions change. I've had to regularly clear the .rts2_cache folder when debugging strange type errors. The plugin does surface TypeScript errors during bundling, which is its main selling point over alternatives, though this sometimes results in double error reporting that clutters the console.
Community support is adequate but fragmented—many Stack Overflow answers are outdated given changes in both Rollup and TypeScript ecosystems. GitHub issues show the maintainer is responsive but the project hasn't seen major updates recently. For straightforward library bundling it works fine, but complex monorepo setups or custom path mappings require significant troubleshooting.
Properly surfaces TypeScript compilation errors during Rollup builds
Respects tsconfig.json settings without requiring duplication
Incremental compilation with caching significantly improves rebuild times
Handles declaration file generation alongside bundling
Cache-related bugs require manual deletion of .rts2_cache folder to resolve
Error messages for configuration mismatches are often unclear and hard to debug
Documentation lacks comprehensive examples for common edge cases like path aliases and monorepos
Best for: Simple to moderately complex TypeScript library projects with standard configurations needing bundled outputs with type declarations.
Avoid if: You're working with complex monorepo setups, need cutting-edge TypeScript features immediately, or prefer officially maintained tooling with guaranteed long-term support.
CAUTION
Functional but maintenance concerns and security surface area risks
This plugin does what it advertises - compiles TypeScript in Rollup builds with better error reporting than the original rollup-plugin-typescript. The caching mechanism can speed up incremental builds, though cache invalidation occasionally causes stale output issues that require manual cache clearing.
From a security perspective, the plugin introduces dependencies on multiple TypeScript compiler APIs and file system operations that expand your supply chain attack surface. The error messages can be verbose and occasionally expose full file paths in build logs, which may leak project structure information in CI/CD environments. The plugin doesn't validate tsconfig paths thoroughly, which can lead to unexpected file access patterns.
Maintenance has stalled since late 2023, and the dependency tree includes packages with known CVEs that haven't been addressed. For greenfield projects, @rollup/plugin-typescript is now the better-maintained official alternative with a smaller dependency footprint and active security updates.
From a security perspective, the plugin introduces dependencies on multiple TypeScript compiler APIs and file system operations that expand your supply chain attack surface. The error messages can be verbose and occasionally expose full file paths in build logs, which may leak project structure information in CI/CD environments. The plugin doesn't validate tsconfig paths thoroughly, which can lead to unexpected file access patterns.
Maintenance has stalled since late 2023, and the dependency tree includes packages with known CVEs that haven't been addressed. For greenfield projects, @rollup/plugin-typescript is now the better-maintained official alternative with a smaller dependency footprint and active security updates.
Detailed TypeScript compilation errors directly in Rollup output make debugging easier
Incremental compilation cache reduces build times in development
Respects tsconfig.json settings including custom paths and compiler options
Maintenance appears stalled with no updates since September 2023
Error output can expose full filesystem paths in CI/CD logs
Larger dependency tree than official @rollup/plugin-typescript increases supply chain risk
Cache directory handling requires manual intervention when corruption occurs
Best for: Legacy projects already using this plugin where migration cost outweighs benefits.
Avoid if: You're starting a new project or require active maintenance and minimal security surface area.
CAUTION
Functional but maintenance concerns and security opacity
In practice, this plugin does what it promises—compiles TypeScript through Rollup with better error reporting than the original plugin. The caching mechanism speeds up rebuilds noticeably, and the tsconfig resolution works as expected. However, from a security perspective, there are concerns worth noting.
The plugin hasn't seen updates since September 2023, which is worrying given the fast-moving nature of both TypeScript and the build tool ecosystem. While it doesn't directly handle user input or perform network operations, its role in the build pipeline means vulnerabilities in dependencies could affect your supply chain. The error messages are verbose but sometimes leak absolute file paths, which could expose internal directory structures in CI logs.
Dependency-wise, it pulls in TypeScript as a peer dependency, but the pinning strategy and version compatibility aren't always clear. I've encountered situations where TypeScript minor version bumps caused subtle issues that weren't immediately obvious. The plugin itself doesn't follow modern secure-by-default patterns—configuration is permissive and doesn't warn about potentially unsafe settings like preserving symlinks or custom transformer paths.
The plugin hasn't seen updates since September 2023, which is worrying given the fast-moving nature of both TypeScript and the build tool ecosystem. While it doesn't directly handle user input or perform network operations, its role in the build pipeline means vulnerabilities in dependencies could affect your supply chain. The error messages are verbose but sometimes leak absolute file paths, which could expose internal directory structures in CI logs.
Dependency-wise, it pulls in TypeScript as a peer dependency, but the pinning strategy and version compatibility aren't always clear. I've encountered situations where TypeScript minor version bumps caused subtle issues that weren't immediately obvious. The plugin itself doesn't follow modern secure-by-default patterns—configuration is permissive and doesn't warn about potentially unsafe settings like preserving symlinks or custom transformer paths.
Caching mechanism significantly improves incremental build times
Better TypeScript error reporting integrated into Rollup's output
Respects tsconfig.json settings including path mappings and composite projects
No updates since September 2023, raising maintenance and security patch concerns
Error messages can leak absolute filesystem paths in build logs
Dependency version compatibility issues arise with TypeScript updates without clear guidance
Best for: Legacy projects already using it where migration cost outweighs benefits and you can pin versions carefully.
Avoid if: You need actively maintained tooling or are starting a new project where modern alternatives like @rollup/plugin-typescript are better supported.
Write a Review
Sign in to write a review
Sign In
Dependencies
Used By