View bundlesize on Snyk Open Source Advisor

Package Health Score

77 / 100

security
Security review needed
popularity
Popular
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
0.18.2	\|	03/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.18.1	\|	01/2021	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.17.2	\|	05/2019		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.16.0	\|	01/2018		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.15.3	\|	10/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Popular

Weekly Downloads (45,578)

GitHub Stars: 4.45K
Forks: 175
Contributors: 60

Direct Usage Popularity

The npm package bundlesize receives a total of 45,578 downloads a week. As such, we scored bundlesize popularity level to be Popular.

Based on project statistics from the GitHub repository for the npm package bundlesize, we found that it has been starred 4,445 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 60
Funding: Yes

With more than 10 contributors for the bundlesize repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like bundlesize is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 58
Open PR: 21
Last Release: 1 month ago
Last Commit: 1 month ago

Further analysis of the maintenance status of bundlesize based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that bundlesize demonstrates a positive version release cadence with at least one new version released in the past 3 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 7 years
Dependencies: 10 Direct
Versions: 52
Install Size: 23.5 kB
Dist-tags: 2
# of Files: 16
Maintainers: 1
TS Typings: No

bundlesize has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Keep your bundle size in check

Setup

npm install bundlesize --save-dev

# or

yarn add bundlesize --dev

Usage

Add it to your scripts in package.json

"scripts": {
  "test": "bundlesize"
}

Or you can use it with npx from NPM 5.2+.

npx bundlesize

Configuration

bundlesize accepts an array of files to check.

[
  {
    "path": "./build/vendor.js",
    "maxSize": "30 kB"
  },
  {
    "path": "./build/chunk-*.js",
    "maxSize": "10 kB"
  }
]

You can keep this array either in

package.json

{
  "name": "your cool library",
  "version": "1.1.2",
  "bundlesize": [
    {
      "path": "./build/vendor.js",
      "maxSize": "3 kB"
    }
  ]
}

or in a separate file

bundlesize.config.json

Format:

{
  "files": [
    {
      "path": "./dist.js",
      "maxSize": "3 kB"
    }
  ]
}

You can give a different file by using the --config flag:

bundlesize --config configs/bundlesize.json

Customisation

Fuzzy matching

If the names of your build files are not predictable, you can use the glob pattern to specify files.

This is common if you append a hash to the name or use a tool like create-react-app/nextjs.
```
{
  "files": [
    {
      "path": "build/**/main-*.js",
      "maxSize": "5 kB"
    },
    {
      "path": "build/**/*.chunk.js",
      "maxSize": "50 kB"
    }
  ]
}
```
It will match multiple files if necessary and create a new row for each file.

Compression options

By default, bundlesize gzips your build files before comparing.

If you are using brotli instead of gzip, you can specify that with each file:

{
  "files": [
    {
      "path": "./build/vendor.js",
      "maxSize": "5 kB",
      "compression": "brotli"
    }
  ]
}

If you do not use any compression before sending your files to the client, you can switch compression off:

{
  "files": [
    {
      "path": "./build/vendor.js",
      "maxSize": "5 kB",
      "compression": "none"
    }
  ]
}

Build status for GitHub

If your repository is hosted on GitHub, you can set bundlesize up to create a "check" on every pull request.

build status

Currently works with Travis CI, CircleCI, Wercker, and Drone.

Authorize bundlesize for status access, copy the token provided.
Add this token as BUNDLESIZE_GITHUB_TOKEN as environment parameter in your CIs project settings.

Using a different CI?

You will need to supply an additional 5 environment variables.

CI_REPO_OWNER given the repo https://github.com/myusername/myrepo would be myusername
CI_REPO_NAME given the repo https://github.com/myusername/myrepo would be myrepo
CI_COMMIT_MESSAGE the commit message
CI_COMMIT_SHA the SHA of the CI commit, in Jenkins you would use ${env.GIT_COMMIT}
CI=true usually set automatically in CI environments

(Ask me for help if you're stuck)

Usage with CLI

bundlesize can also be used without creating a configuration file. We do not recommend this approach and it might be deprecated in a future version.

bundlesize -f "dist/*.js" -s 20kB

For more granular configuration, we recommend configuring it in the package.json (documented above).

Like it?

⭐ this repo

How to contribute?

CONTRIBUTING.md

Featured on Totally tooling tips and Chrome Dev Summit!!

who uses bundlesize?

TODO

Work with other CI tools
- AppVeyor (#234)
Automate setup (setting env_var)

similar projects

BuildSize - GitHub App, no manual configuration required
travis-weigh-in - Uses Python rather than Node.js
size-limit - Uses webpack, builds your files for you.

Contributors

This project exists thanks to all the people who contribute. [Contribute].

license

bundlesize dependencies

axios brotli-size bytes ci-env commander cosmiconfig github-build glob gzip-size prettycli

bundlesize development dependencies

ava babel-cli babel-core babel-plugin-syntax-async-functions babel-plugin-transform-flow-strip-types babel-plugin-transform-regenerator babel-plugin-transform-typescript babel-preset-es2015 babel-preset-stage-3 babel-traverse execa husky lint-staged prettier

FAQs

What is bundlesize?

Keep your library size in check. Visit Snyk Advisor to see a full health score report for bundlesize, including popularity, security, maintenance & community analysis.

Is bundlesize popular?

The npm package bundlesize receives a total of 45,578 weekly downloads. As such, bundlesize popularity was classified as a popular. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is bundlesize well maintained?

We found that bundlesize demonstrated a healthy version release cadence and project activity. It has a community of 60 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is bundlesize safe to use?

While scanning the latest version of bundlesize, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 26 April-2024, at 18:41 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP