npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vite-devtools-svelte

v0.2.1

Published

Svelte DevTools plugin for Vite DevTools

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

baseballyamabaseballyama

Keywords

vitevite-pluginvite-devtoolssveltesveltekitdevtools

Readme

vite-devtools-svelte

Svelte DevTools plugin for Vite DevTools. Provides 15 specialized panels for debugging, profiling, and inspecting Svelte/SvelteKit applications — all integrated directly into the Vite DevTools UI.

Status: Early development. APIs may change.

Features

  • Component Inspector — View component hierarchy, props, state, and reactive values in real-time
  • Reactive Graph — Visualize $state, $derived, and $effect dependencies as an interactive DAG
  • Render Profiler — Track component render counts, render times, and identify bottlenecks
  • Route Viewer — Explore SvelteKit file-based routing structure with dynamic parameters
  • Load Profiler — Monitor SvelteKit load functions with waterfall visualization
  • State Timeline — Record and replay state changes across the application
  • API Playground — Test SvelteKit server endpoints (+server.ts) directly from DevTools
  • Error Dashboard — Centralized view of compiler warnings and runtime errors
  • Code Inspector — View compiled Svelte output with source mapping
  • Module Graph — Visualize module dependencies and detect circular imports
  • OG Preview — Preview Open Graph meta tags for SEO validation
  • Build Analysis — Analyze build chunks and bundle composition
  • FPS Monitor — Real-time frame rate monitoring with historical data
  • Asset Browser — Browse and preview static assets with metadata
  • Overview — Project summary with versions and dependency info

Screenshots

Overview

Components

Routes

Assets

Render Profiler

Reactive Graph

FPS Monitor

Load Profiler

State Timeline

API Playground

Errors & Warnings

Inspect Inspect Detail

Module Graph

OG Preview

Build Analysis

Requirements

  • Vite >= 8.0.0
  • Svelte 5 (runes mode)
  • SvelteKit (recommended, but not required for basic features)
  • @vitejs/devtools — the host UI this plugin's panels render inside

Installation

vite-devtools-svelte is a panel provider — it needs the @vitejs/devtools host plugin to render its UI. Install both:

npm install -D vite-devtools-svelte @vitejs/devtools

Setup

Register both plugins in your vite.config.ts. svelteDevtools() must come before sveltekit() so that its transforms run before the Svelte compiler.

// vite.config.ts
import { sveltekit } from '@sveltejs/kit/vite'
import { DevTools } from '@vitejs/devtools'
import { svelteDevtools } from 'vite-devtools-svelte'
import { defineConfig } from 'vite'

export default defineConfig({
  plugins: [
    svelteDevtools(), // must come before sveltekit()
    DevTools(),       // the @vitejs/devtools host — without it the panels have nowhere to render
    sveltekit(),
  ],
})

Then start your dev server as usual:

npm run dev

Open your app in the browser. The Vite DevTools drawer appears at the bottom edge of the page — click the floating handle to open it, then switch to the Svelte tab to see the panels provided by this plugin.

[!NOTE] If you only register svelteDevtools() without DevTools() from @vitejs/devtools, the dev server starts fine but no DevTools UI appears — there is no host for the panels to mount into.

Options

svelteDevtools({
  // Enable component lifecycle tracking (default: true)
  componentTracking: true,
})

How It Works

The plugin uses a virtual module architecture instead of fragile regex transforms:

  1. Runtime wrapper — Intercepts svelte/internal/client to track component lifecycle and reactive signals ($state, $derived, $effect)
  2. HMR channel — Streams runtime data (component tree, render profiles, reactive graph) from the browser to the dev server via WebSocket
  3. Static analyzers — Extract routes, component relations, assets, and project metadata from the filesystem
  4. Dual transport RPC — DevTools Kit RPC with HTTP fallback for compatibility

The plugin is development-only — it adds zero overhead to production builds.

Security model

The DevTools backend exposes a small set of dev-only HTTP endpoints (/__svelte-devtools/rpc, /__svelte-devtools/asset) to drive the panel UI. Some of those endpoints can read files from disk or open them in your editor, so we treat them as authenticated even though the dev server is normally only reachable from localhost.

  • Per-process random token. On every dev-server start the plugin generates a fresh UUID and injects it into the DevTools UI HTML as a <meta> tag. The HTTP fallback RPC and the asset middleware require that token in the x-svelte-devtools-token header, plus a same-origin Origin/Referer. Cross-origin requests, requests with the wrong token, and requests without Content-Type: application/json are rejected with 403 / 415. Bodies above 1 MB are rejected with 413.
  • Path sandbox. inspect-file, open-in-editor, and open-reactive-in-editor resolve their input through fs.realpath() and refuse anything outside the project root, so a hostile RPC caller cannot read /etc/passwd or your ~/.ssh/ files even if they get past the token check. Symlinks inside the project are followed normally.
  • SSRF defenses. Outbound fetches from send-api-request and the OG-preview RPC block 127.0.0.0/8 / 10.0.0.0/8 / 172.16.0.0/12 / 192.168.0.0/16 / 169.254.0.0/16 / IPv6 loopback / localhost / *.local / *.internal.
  • Dev-only by construction. Both the runtime virtual module and the svelte/internal/client wrapper are gated on config.command === 'serve' and never resolve during a production build, so none of this surface ships to end users.

If you bind your dev server to 0.0.0.0 (e.g. vite --host), the same-origin check still blocks LAN browsers from invoking RPC, but anyone on the LAN can still see the panel UI itself. Treat that as you would any unauthenticated dev tool: don't run it on networks you don't trust.

Contributing

Contributions are welcome! Please see the repository for development setup and to open issues or pull requests.

License

MIT © Yuichiro Yamashita