v11.3.2

Compare Source

• Fix spurrious UnhandledPromiseRejectionWarning that could occur when calling .copy() in some cases (#​1056, #​1058)

v0.25.10

Compare Source

v8.8.3: — Sealing Gasket

Compare Source

Continues #​1339 to prevent injections via Proxy input or custom toString() manipulations.

v8.8.2: — Leaking Valve

Compare Source

Fixes potential cmd injection via kill() method for Windows platform. #​1337 #​1339. Affects the versions range 8.7.1...8.8.1.

v5.64.0

Compare Source

• Fix formatting (9000681)
• Add env-cmd Support (#​1254) (21d6b51) - thanks @​joealden!
• Re-gen sponsorships chart (185c638)
• fix: handle only string modules in dependency resolution (#​1263) (a54021b) - thanks @​wattanx!
• fix: bun ci (#​1267) (3d1c3c5) - thanks @​Zamiell!
• Filter out invalid binaries (resolves #​1264) (6f30611)
• Work types for good ol' ts 5.0.4 (9913ee7)
• Add @​Datadog-OSS sponsor (a61d9fe)
• feat: GitHub actions reporter (#​1231) (0a23450) - thanks @​cylewaitforit!
• Add pos to unlisted deps issue type (5b54dae)
• Improve import specifier sanitizer (resolves #​1257) (087a98e)
• Cover more cases for symbol refs finder (resolves #​1273) (3d76e51)
• Fix package name of rslib enabler (#​1272) (432bdcc) - thanks @​nyarthan!
• Pass parsed CLI args to config-as-a-function (b0814c9)
• Ignore !-suffixed deps/bins only in production mode (resolves #​1253) (06d4df8)
• Update docs (0d8fd13)
• Auto-format (f54a7bd)
• Find accessed identifiers for dynamic imports (resolves #​1155, resolves #​1230) (ec0be7e)
• Update oxc-resolver and a few more (dev) deps (96c822a)
• Optimize getAccessedIdentifiers (8fb9501)
• fix: enable pnpm plugin on root config & lockfile (#​1275) (6e339ca) - thanks @​nyarthan!
• Remove ancient past sponsors (e9e6e91)
• Remove default binaries values in plugins (aac28c4)
• Remove default containingFilePath value in angular plugin (9208927)
• Add isRootOnly to pnpm plugin (fe99f59)
• Move/extend docs to write plugin (497bddb)
• feat: add time & unzip to ignored binaries (#​1276) (4f8d9df) - thanks @​nyarthan!
• Add Rstest Plugin (#​1277) (5b7d92f) - thanks @​nyarthan!
• Edit docs (847ccf1)
• feat: add plugin for bumpp (#​1278) (136a14b) - thanks @​nyarthan!
• Support input resolver from args in plugins (resolve #​1274) (19dd367)
• Edit docs (77d683e)

v0.92.0

🐛 Bug Fixes

• 2f9e16d napi/minifier, napi/transformer: Rename CommonJS file to .cjs (#​14047) (overlookmotel)

🚜 Refactor

• cc0019f napi: Move scripts into scripts directory (#​14048) (overlookmotel)

v0.91.0

💥 BREAKING CHANGES

• 6fcb0d0 minifier: [BREAKING] Receive supported engines instead of ecmascript versions (#​13933) (sapphi-red)

🐛 Bug Fixes

• 21bbf95 napi: Rebuild bindings file for NAPI packages (#​13889) (overlookmotel)

💼 Other

• fb347da crates: V0.91.0 (#​13961) (Boshen)

v0.90.0

🚀 Features

• b52389a node: Bump engines field to require Node.js 20.19.0+ for ESM support (#​13879) (Copilot)

🐛 Bug Fixes

• 9796ec1 napi: Fix binding files (Boshen)

v2.32.0

Compare Source

Features

• toTitleCase (#​1200) (9086669)

v7.1.7

Compare Source

Bug Fixes

• build: fix ssr environment emitAssets: true when sharedConfigBuild: true (#​20787) (4c4583c)
• client: use CSP nonce when rendering error overlay (#​20791) (9bc9d12)
• deps: update all non-major dependencies (#​20811) (9f2247c)
• glob: handle glob imports from folders starting with dot (#​20800) (105abe8)
• hmr: trigger prune event when import is removed from non hmr module (#​20768) (9f32b1d)
• hmr: wait for import.meta.hot.prune callbacks to complete before running other HMRs (#​20698) (98a3484)

v7.1.6

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​20773) (88af2ae)
• esbuild: inject esbuild helper functions with minified $ variables correctly (#​20761) (7e8e004)
• fallback terser to main thread when nameCache is provided (#​20750) (a679a64)
• types: strict env typings fail when skipLibCheck is false (#​20755) (cc54e29)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20675) (a67bb5f)
• deps: update rolldown-related dependencies (#​20772) (d785e72)

v16.2.0

Compare Source

Minor Changes

• #​1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made my tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

• #​1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

• #​1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

• #​1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at debug-js/debug#1005. Because of this, the DEBUG environment variable is no longer supported — use the --debug to enable debugging

• #​1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged.

  Thanks to @​ItsNickBarry for the idea and initial implementation in #​1552.

• #​1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same.

Patch Changes

• #​1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4.

• #​1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example [email protected] was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range.

• #​1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently.

• #​1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at chalk/chalk#656.

  If you are having trouble with ANSI color codes when using lint-staged, you can try setting either FORCE_COLOR=true or NO_COLOR=true env variables.

v1.17.0

Compare Source

🚀 Features

• 3e117c6 linter/plugins: Add defineRule API (#​13945) (overlookmotel)
• a14aa79 npm/oxlint: Convert to ES modules (#​13876) (Boshen)
• b52389a node: Bump engines field to require Node.js 20.19.0+ for ESM support (#​13879) (Copilot)
• 53d04dd linter: Convert oxlint to NAPI app (#​13723) (overlookmotel)

🚜 Refactor

• bb040bc parser, linter: Replace .mjs files with .js (#​14045) (overlookmotel)
• 7e0d736 linter/plugins: Rename --experimental-js-plugins to --js-plugins (#​13860) (overlookmotel)

v1.16.0: oxlint v1.16.0

Compare Source

[1.16.0] - 2025-09-16

🚀 Features

• 97c8d06 linter: Add preserve-caught-error rule (#​13748) (孔辉)
• 8c19b18 linter/exhaustive-deps: Implement fixer for dep in global scope (#​13783) (camc314)
• 06bce8f linter/exhaustive-deps: Implement fixer for missing dep (#​13782) (camc314)
• a8675f4 linter: Add eslint/class-methods-use-this rule (#​12977) (Peter Cardenas)
• db33196 parser: Adds typescript rule for empty argument list (#​13730) (Karan Kiri)
• 2751193 linter: Add eslint/no-useless-computed-key rule (#​13428) (yefan)
• 9a205d1 regex-parser: Parse simple TemplateLiterals (#​13265) (Sysix)

🐛 Bug Fixes

• a2c91cd linter: Drop rules to allow mutable access to ctx_host in run_external_rules (#​13832) (camc314)
• 3af1e5d linter/no-unsafe-declaration-merging: Always mark first span as primary (#​13830) (camc314)
• 1c43c7c linter: Keep message when merging composite fixes (#​13827) (camc314)
• 26af302 linter/exhaustive-deps: Check stable value is on lhs of assignment expr (#​13815) (camc314)
• 4bc12d0 linter/exhaustive-deps: Remove impossible comparison with parent kind (#​13814) (camc314)
• 12baf5e linter/exhaustive-deps: Respect primary span when identifying disable directive location (#​13781) (camc314)
• fa7400a linter/no-undef: False positive with arguments in functions (#​13763) (camc314)
• 50e6e3c editor: Restrict servers paths for oxc.path.server (#​13740) (Sysix)
• b45077d editor: Strip leading slash for bin path on windows (#​13738) (Sysix)
• 8fa6227 editor: Don't allow oxc.path.server for untrusted workspaces (#​13734) (Sysix)
• 56da114 linter/react/jsx-handler-names: Do not detect the function name within the inline-function's body block (#​13456) (Takuji Shimokawa)
• b2bc5b4 linter/react-perf/jsx-no-new-object-as-prop: Skip as/satisfies exprs (#​13718) (camc314)
• ab51394 raw_transfer: Disable layout assertions on some 32-bit platforms (#​13716) (overlookmotel)
• 09428f6 linter/plugins: Remove outdated comment (#​13691) (overlookmotel)
• a294721 linter/plugins: Exit early if JS plugins enabled on unsupported platforms (#​13689) (overlookmotel)
• 68a2280 linter/plugins: More graceful exit for --experimental-js-plugins CLI option (#​13688) (overlookmotel)

🚜 Refactor

• 395d40d linter: Derive inmpls for PartialEq, Eq over manual ones (#​13828) (camc314)
• 8e4cd8f linter/func-names: Use run_once over looping over all nodes (#​13798) (camc314)
• 7f4e2fe eslint/func-names: Clean up implementation and improve documentation (#​13601) (Antoine Zanardi)
• 137896a language_server: Split options for linting and formatting (#​13627) (Sysix)
• 7346099 linter: Move oxlint application code into separate module (#​13745) (overlookmotel)
• 6dd4107 linter: Remove #[cfg(test)] attributes from tester module (#​13714) (overlookmotel)
• c40c6ef linter/plugins: Directory for JS plugins-related code (#​13701) (overlookmotel)
• a0022c1 linter/plugins: Improve error messages for JS plugins (#​13699) (overlookmotel)
• 1fd993f napi/oxlint: Rename napi/oxlint2 to napi/oxlint (#​13682) (overlookmotel)

⚡ Performance

• 90c8286 linter: Detect node types from let..else statements (#​13690) (camchenry)
• 08c05df semantic: Make CFG construction a compile-time feature (#​13678) (Boshen)

🎨 Styling

• 99a7638 linter: Add comments + re-organise imports (#​13715) (overlookmotel)

🧪 Testing

• 18a1145 linter: Add debug assertions for skipping rules (#​13724) (camc314)
• cb080de linter/no-unused-vars: Add test for non ASCII chars in JSX components (#​13820) (camc314)
• b6eba27 linter/no-undef: Add more test cases for arguments (#​13764) (camc314)
• fb2d087 linter: Set CWD for tests (#​13722) (overlookmotel)

💼 Other

• b99de17 oxlint: V1.16.0 (#​13833) (Boshen)

v10.17.1

Compare Source

Patch Changes

• When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #​9974.
• Fix state.json creation path when executing pnpm patch in a workspace project #​9733.
• When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #​9987.

v10.17.0

Compare Source

Minor Changes

• The minimumReleaseAgeExclude setting now supports patterns. For instance:

  minimumReleaseAge: 1440
  minimumReleaseAgeExclude:
    - "@​eslint/*"

  Related PR: #​9984.

Patch Changes

• Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #​9978.
• When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #​9979.

v0.0.7

Compare Source

v4.52.2

Compare Source

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#​6109)

Pull Requests

• #​6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

v4.52.1

Compare Source

2025-09-23

Bug Fixes

• Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#​6121)

Pull Requests

• #​6121: Simplify top-level await deadlock prevention (@​lukastaegert)

v4.52.0

Compare Source

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#​6087)
• Add support for x86_64-pc-windows-gnu platform (#​6110)

Pull Requests

• #​6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #​6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #​6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

Compare Source

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#​6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#​6115)

Pull Requests

• #​6108: feat: support ROLLUP_FILE_URL_OBJ for URL object instead of string (@​guybedford, @​lukastaegert)
• #​6112: Disable Cargo cache for Android (@​lukastaegert)
• #​6113: fix(deps): update rust crate swc_compiler_base to v35 (@​renovate[bot])
• #​6114: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6115: Disable local_dynamic_tls for OpenHarmony (@​hqzing)
• #​6116: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6117: chore(deps): lock file maintenance (@​renovate[bot])

v4.50.2

Compare Source

2025-09-15

Bug Fixes

• Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#​6100)

Pull Requests

• #​6100: Tree-shake un-included elements in array pattern (@​TrickyPi)
• #​6102: chore(deps): update actions/setup-node action to v5 (@​renovate[bot])
• #​6103: chore(deps): update dependency eslint-plugin-unicorn to v61 (@​renovate[bot])
• #​6104: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #​6105: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​6107: Improve CI stability (@​lukastaegert)

v0.25.10

Compare Source

• Fix a panic in a minification edge case (#​4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#​4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @​supports (color: blue) { color: blue }
  }
  
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
    color: red;
  }
  body :is() {
    color: green;
  }
  @​supports (color: blue) {
     {
      color: blue;
    }
  }
  
  /* New output (with --supported:nesting=false) */
  ::placeholder {
    color: red;
  }
  body :is() {
    color: green;
  }
  @​supports (color: blue) {
    ::placeholder {
      color: blue;
    }
  }