@rollup/plugin-commonjs is a vital tool for modern JavaScript development, converting CommonJS modules into the ES2015 format, which is essential for using older libraries within modern bundlers like Rollup. This allows developers to seamlessly integrate legacy codebases and npm packages relying on CommonJS syntax into their projects. The plugin supports features like named exports, which can optimize bundle sizes through tree shaking, and offers configurable options for handling edge cases and compatibility issues.
Comparing versions 28.0.2 and 28.0.3, the core functionality remains consistent, with both versions sharing the same dependencies for core tasks such as directory traversal (fdir), common directory identification (commondir), pattern matching (picomatch), reference detection (is-reference), string manipulation (magic-string), AST traversal (estree-walker), and Rollup plugin utilities (@rollup/pluginutils). The developer dependencies, including testing and support tools like rollup, source-map, typescript, and other plugins for specific file types, are also identical. Critically, both versions maintain the same peer dependency requirement on Rollup itself, namely version 2.68.0, 3.x or 4.x.
The primary difference between the two releases lies within the dist object where 28.0.3 has an unpackedSize of 263273 while 28.0.2 has 263150. This suggests that version 28.0.3 contains minor bug fixes, documentation updates, or very small code changes influencing the final package size. Also the release dates are very different - 28.0.2 being released in December 2024 and 28.0.3 in March 2025. Developers should upgrade to version 28.0.3 to ensure they are using the most up-to-date and potentially more stable iteration of the plugin.
The are not vulnerabilities for the version 28.0.3 of the package @rollup/plugin-commonjs
