{"id":22212,"library":"rollup-plugin-sbom","title":"rollup-plugin-sbom","description":"Rollup and Vite plugin to generate Software Bill of Materials (SBOM) for your application. Current stable version is 3.1.0, released March 2026. Supports CycloneDX and SPDX formats. Key differentiators: native Vite support, virtual module filtering, and configuration via rollup or vite config. Active development with next versions adding rolldown support. Requires Node >=20.19.0.","status":"active","version":"3.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/janbiasi/rollup-plugin-sbom","tags":["javascript","vite-plugin","rollup-plugin","sbom","cyclonedx","bill-of-materials","bom","software-bill-of-materials"],"install":[{"cmd":"npm install rollup-plugin-sbom","lang":"bash","label":"npm"},{"cmd":"yarn add rollup-plugin-sbom","lang":"bash","label":"yarn"},{"cmd":"pnpm add rollup-plugin-sbom","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Peer dependency for Vite integration","package":"vite","optional":true},{"reason":"Peer dependency for Rollup integration","package":"rollup","optional":true},{"reason":"Used for XML SBOM output format","package":"xmlbuilder2","optional":false}],"imports":[{"note":"ESM-only package; CommonJS require not supported.","wrong":"const rollupPluginSbom = require('rollup-plugin-sbom')","symbol":"rollupPluginSbom","correct":"import { rollupPluginSbom } from 'rollup-plugin-sbom'"},{"note":"Named export also works; default export is the same function.","wrong":"import { default as rollupPluginSbom } from 'rollup-plugin-sbom'","symbol":"default export","correct":"import rollupPluginSbom from 'rollup-plugin-sbom'"},{"note":"Exported from main entry; no separate subpath.","wrong":"import { vitePluginSbom } from 'rollup-plugin-sbom/vite'","symbol":"vitePluginSbom","correct":"import { vitePluginSbom } from 'rollup-plugin-sbom'"}],"quickstart":{"code":"import { rollupPluginSbom } from 'rollup-plugin-sbom';\nimport { defineConfig } from 'vite';\n\nexport default defineConfig({\n  plugins: [\n    rollupPluginSbom({\n      format: ['cyclonedx-json', 'spdx-json'],\n      outputDir: './sbom',\n      encoding: 'utf-8',\n      includeDev: false,\n      globals: {\n        componentName: 'my-app',\n        componentVersion: '1.0.0',\n        supplier: 'Example Corp'\n      }\n    })\n  ]\n});","lang":"typescript","description":"Configures rollup-plugin-sbom in a Vite project to generate CycloneDX JSON and SPDX JSON SBOMs."},"warnings":[{"fix":"Update to Node.js 20.19.0 or higher.","message":"Requires Node.js >=20.19.0","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Use import syntax instead of require().","message":"ESM-only; no CommonJS support","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Ensure custom virtual modules follow naming conventions.","message":"Virtual modules not following vite/rollup conventions are filtered out","severity":"gotcha","affected_versions":">=3.0.5"},{"fix":"Enable verbose logging to see which modules are missing info.","message":"Dependency information can be missing; plugin logs module info for debugging","severity":"gotcha","affected_versions":">=3.0.5"},{"fix":"Use 'format' and 'outputDir' options.","message":"Older options like 'sbomFormat' and 'sbomOutput' removed in v3","severity":"deprecated","affected_versions":">=3.0.0"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Use import syntax or dynamic import().","cause":"Using CommonJS require() on an ESM-only package.","error":"ERR_REQUIRE_ESM: require() of ES Module not supported"},{"fix":"Upgrade Node to 20.19.0 or later.","cause":"Node version too low.","error":"Error: The SBOM plugin requires Node.js version >=20.19.0. Current version: <...>"},{"fix":"Ensure import { rollupPluginSbom } from 'rollup-plugin-sbom'.","cause":"Incorrect import (maybe default vs named) or using old version without named export.","error":"TypeError: rollupPluginSbom is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}