Tsup version 2.0.2 introduces a notable enhancement by adding cac as a direct dependency, upgrading it to version 6.5.12. This suggests an improved command-line interface or argument parsing capabilities for developers utilizing Tsup. While seemingly minor, this addition likely streamlines the configuration process and empowers users with finer control over Tsup's build processes directly from the command line, enhancing overall developer experience.
In contrast, version 2.0.1 lists cac as a devDependency at version 6.5.10, implying its usage was primarily confined to development-related tasks like testing or scripting. The shift to a direct dependency signals a more integral role for cac in the core functionality of Tsup in version 2.0.2.
Aside from this key difference, both versions share a considerable overlap in their dependencies, including essential libraries like tslib, joycon, rollup, rollup-plugin-dts, and rollup-plugin-typescript2, reaffirming their shared foundation for efficiently bundling TypeScript libraries. The devDependencies also remain largely consistent, showcasing a stable development environment powered by tools like Jest, TypeScript, Prettier, and various Rollup plugins. Developers can expect a seamless transition between versions, with the primary advantage of 2.0.2 being enhanced CLI argument parsing through the updated cac dependency. Ultimately, Tsup remains a zero-config solution for TypeScript library bundling, with 2.0.2 offering potentially refined command-line interactions.
All the vulnerabilities related to the version 2.0.2 of the package
tsup DOM Clobbering vulnerability
A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components
