Version 28.0.6 of @rollup/plugin-commonjs introduces subtle but noteworthy changes compared to its predecessor, version 28.0.5. Both versions serve the core purpose of converting CommonJS modules into the ES2015 format for seamless integration with modern JavaScript module systems, crucial for tools like Rollup. The dependency lists remain largely consistent, encompassing utilities for file system interaction (fdir, commondir), pattern matching (picomatch), analysis of JavaScript code (is-reference, estree-walker), and string manipulation (magic-string). @rollup/pluginutils continues to play a vital supporting role.
The key update in 28.0.6 lies in the addition of @rollup/plugin-node-resolve and @rollup/plugin-json to the devDependencies. While seemingly minor, this inclusion suggests enhanced testing or development workflows involving these plugins. Developers leveraging Rollup with CommonJS modules, particularly those also working with Node.js-style module resolution or JSON files, might find that version 28.0.6 offers a smoother development experience due to potentially improved compatibility or testing scenarios during plugin development.
Both versions maintain identical peer dependencies, requiring Rollup versions 2.68.0, 3.x, or 4.x, ensuring broad compatibility with different Rollup setups. The slight decrease in unpacked size in 28.0.6 hints at potential code optimizations or refinements. This version was released on 2025-06-17, introducing these incremental improvements since 28.0.5's release on 2025-06-14. Developers should evaluate if the changes in devDependencies are worth the update if they are developing plugins for rollup.
The are not vulnerabilities for the version 28.0.6 of the package @rollup/plugin-commonjs