vite-plugin-generate-package-json

1.4.0 verified Mon Apr 27 auth: no javascript

Vite plugin that generates a package.json and package-lock.json containing only the packages your Vite bundle actually imports. Useful for creating accurate SBOMs and avoiding false positives in NPM audit/SCA scans caused by misclassified devDependencies. v1.4.0 supports Vite 4–8. Actively maintained with regular updates, written in TypeScript with bundled type definitions. Differentiator: Unlike generic SBOM tools, it only includes runtime dependencies actually bundled, reducing noise in security reports.

Common errors

error ERR_MODULE_NOT_FOUND: Cannot find package 'vite-plugin-generate-package-json' ↓

cause Missing dependency, incorrect import path, or ESM/CJS mismatch.

fix

Install with npm i -D vite-plugin-generate-package-json and ensure your project uses ESM (type: 'module' in package.json).

error TypeError: generatePackageJson is not a function ↓

cause Using default import instead of named import.

fix

Change import generatePackageJson from '...' to import { generatePackageJson } from '...'.

error Plugin 'vite-plugin-generate-package-json' requires Vite >=4.0.0 ↓

cause Outdated Vite version.

fix

Upgrade Vite to version 4, 5, 6, 7, or 8.

Warnings

breaking v1.3.0 dropped support for Vite 5 and earlier; requires Vite 6+. ↓

fix Upgrade to v1.4.0 which supports Vite 4–8, or stick with Vite 5 if using older plugin versions.

gotcha The plugin must be placed before other plugins in the Vite plugins array to correctly capture imports. ↓

fix Always add generatePackageJson() as the first plugin in the array.

deprecated The `outputDir` option is deprecated in favor of using Vite's `build.outDir` directly. ↓

fix Remove `outputDir` and rely on `build.outDir` in Vite config.

gotcha Only ESM modules are processed; CommonJS dependencies may not appear in the generated package.json. ↓

fix Ensure your project and all dependencies are ESM-compatible, or manually include missing packages.

Install

npm install vite-plugin-generate-package-json

yarn add vite-plugin-generate-package-json

pnpm add vite-plugin-generate-package-json

Imports

generatePackageJson

wrong

import generatePackageJson from 'vite-plugin-generate-package-json'

correct

import { generatePackageJson } from 'vite-plugin-generate-package-json'

Named export only. Plugin is ESM-only; CommonJS require() is not supported and will fail.

type GeneratePackageJsonOptions
```
import type { GeneratePackageJsonOptions } from 'vite-plugin-generate-package-json'
```
TypeScript users should use `import type` for the options interface. Not needed for JavaScript.

Plugin

wrong

import { Plugin } from 'vite-plugin-generate-package-json'

correct

import { type Plugin } from 'vite'

The plugin does not re-export Vite's Plugin type; import it from Vite itself.

Quickstart

Configures Vite to generate a minimal package.json and package-lock.json in the build output directory containing only the dependencies used by the bundle.

// vite.config.ts
import { defineConfig } from 'vite';
import { generatePackageJson } from 'vite-plugin-generate-package-json';

export default defineConfig({
  root: 'src',
  build: {
    outDir: 'build',
  },
  plugins: [
    generatePackageJson({
      outputDir: 'build',
    }),
  ],
});