Version Details and Security Vulnerabilities

Tsup version 2.0.0 introduces notable changes compared to its predecessor, version 1.5.1, presenting developers with enhanced capabilities for streamlining TypeScript library bundling. While both versions aim for config-free Rollup integration, key differences lie in their core dependencies and development tools, impacting performance and developer experience.

A significant shift is the replacement of rollup-plugin-esbuild in v1.5.1 with rollup-plugin-typescript2 in v2.0.0 for TypeScript compilation. This change suggests a potential alteration in the default compilation strategy, which may affect build times and compatibility. Furthermore, v2.0.0 introduces tslib as a direct dependency, indicating a possible focus on streamlined runtime code injection. In contrast, v1.5.1 has rollup-plugin-esbuild in dependencies and tsup in dev dependencies, which make the bundle faster during development.

The development dependencies also showcase distinct upgrades. Version 2.0.0 utilizes more recent versions of jest, ts-jest, typescript, @types/node and @types/fs-extra, reflecting an effort to stay current with the evolving ecosystem. Conversely, v1.5.1 relies on older versions. This refresh may provide developers leveraging the latest features of these tools an advantage when integrating tsup into their workflow. The update of more recent versions means less vulnerabilities and more support. The update also shows that now the lib use the rollup plugin to work with typscript instead of esbuild. In terms of file size, v2.0.0 shows a negligible increase in unpacked size which can be a result of new features and optimization. Developers should evaluate these changes, considering their project's specific requirements for compilation, testing, and overall dependency management.