Rollup Config Validator

v1.0.0

Validate Rollup config files (rollup.config.js/mjs/ts) for output format conflicts, plugin ordering issues, deprecated options, and best practices. Use when...

⭐ 0· 91·0 current·0 all-time

by@charlie-morrison

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/rollup-config-validator.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Rollup Config Validator" (charlie-morrison/rollup-config-validator) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/rollup-config-validator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install rollup-config-validator

ClawHub CLI

Package manager switcher

npx clawhub@latest install rollup-config-validator

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the included Python validator: it validates Rollup config JSON for output, plugin ordering, deprecated plugins, treeshake, and best practices. No unrelated credentials, binaries, or install steps are requested.

Instruction Scope

SKILL.md instructs users to convert JavaScript Rollup configs to JSON using node -e "require('./rollup.config.js')...". That approach requires executing the project's rollup.config.js which may run arbitrary JavaScript (init code, side effects, build-time tasks). While necessary to obtain a config object from a JS file, it is a security risk when run against untrusted code. The Python validator itself reads files and analyzes JSON only.

✓

Install Mechanism

No install spec; this is an instruction + shipped Python script that relies on Python stdlib. Nothing is downloaded or extracted at install time.

✓

Credentials

No environment variables, credentials, or config paths are requested. The code shown reads only the supplied config file path and uses standard library APIs.

✓

Persistence & Privilege

Skill is not always-enabled, does not request elevated/system-wide persistence, and does not modify other skills. It runs as an on-demand local script.

Assessment

The tool appears to do what it says: a local Python script that validates Rollup config JSON. Before installing or running it: 1) Inspect the complete scripts/rollup_config_validator.py file yourself (the provided review input was truncated — ensure there are no hidden network calls, subprocess invocations, or obfuscated code). 2) Be cautious using the suggested node -e require(...) to produce JSON from rollup.config.js — that will execute the config file and any code it imports, which can run arbitrary side effects. Only run that step on code you trust or inside an isolated environment/container. 3) Run the validator on non-sensitive machines or in CI with limited permissions, and consider opening the Python file in a text editor to verify it only reads/parses the given file and prints results (no outbound network or credential access). If you want higher assurance, request the full script for review or run it in a sandboxed container first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mmx2pvdm0vj1m1885vyrj98581h3

91downloads

0stars

1versions

Updated 6d ago

v1.0.0

MIT-0

Rollup Config Validator

Validate Rollup config files (exported JSON or parsed config objects) for output format conflicts, external/bundle mismatches, plugin ordering issues, deprecated options, treeshake settings, and best practices. Supports text, JSON, and summary output formats with CI-friendly exit codes.

Commands

# Full validation (all 22+ rules)
python3 scripts/rollup_config_validator.py validate rollup.config.json

# Quick syntax-only check (structure rules only)
python3 scripts/rollup_config_validator.py check rollup.config.json

# Explain config in human-readable form
python3 scripts/rollup_config_validator.py explain rollup.config.json

# Suggest improvements
python3 scripts/rollup_config_validator.py suggest rollup.config.json

# JSON output (CI-friendly)
python3 scripts/rollup_config_validator.py validate rollup.config.json --format json

# Summary only (pass/fail + counts)
python3 scripts/rollup_config_validator.py validate rollup.config.json --format summary

# Strict mode (warnings become errors)
python3 scripts/rollup_config_validator.py validate rollup.config.json --strict

Input Format

Since Rollup configs are typically JavaScript, this tool validates JSON representations of Rollup config objects. Export your config as JSON or use a wrapper:

# Extract config as JSON from rollup.config.js
node -e "const c = require('./rollup.config.js'); console.log(JSON.stringify(c, null, 2))" > rollup.config.json
python3 scripts/rollup_config_validator.py validate rollup.config.json

Or validate directly from a JSON config file.

Rules (22+)

#	Category	Severity	Rule
S1	Structure	Error	File not found or unreadable
S2	Structure	Error	Empty config or no content
S3	Structure	Warning	Unknown top-level config keys
S4	Structure	Error	Invalid JSON syntax
S5	Structure	Error	Missing input entry point
O1	Output	Error	Missing output configuration
O2	Output	Warning	Missing output.format (defaults to 'es')
O3	Output	Warning	output.file and output.dir both specified
O4	Output	Warning	format: 'iife' or 'umd' without output.name
O5	Output	Warning	Multiple outputs with same format and no distinct file/dir
O6	Output	Warning	output.sourcemap: true without sourcemapExcludeSources consideration
E1	External	Warning	Bare module in external should match import pattern
E2	External	Warning	Regex pattern in external (fragile)
E3	External	Warning	Node built-in not in external (path, fs, etc.)
P1	Plugins	Warning	Plugin ordering: resolve before commonjs
P2	Plugins	Warning	commonjs plugin without @rollup/plugin-node-resolve
P3	Plugins	Warning	json plugin missing (importing .json files)
P4	Plugins	Warning	Deprecated plugin (rollup-plugin-* → @rollup/plugin-*)
T1	Treeshake	Warning	treeshake: false disables dead code elimination
T2	Treeshake	Warning	moduleSideEffects: false may break libraries
B1	Best Practices	Warning	Missing preserveEntrySignatures for library builds
B2	Best Practices	Warning	Large number of manual chunks without shared dependencies
B3	Best Practices	Warning	watch mode config without clearScreen setting

Output Formats

text (default): Human-readable with severity icons
json: Machine-parseable JSON array of findings
summary: Pass/fail with error/warning counts

Exit Codes

0: No errors (warnings only or clean)
1: One or more errors found
2: File not found or invalid input

Requirements

Python 3.8+
No external dependencies (pure stdlib)

Comments

Loading comments...