Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025
@jspm/import-map
Advanced tools
Import Map Utility
Generic ImportMap class utility for the manipulation and resolution of import maps, used by JSPM.
Getting Started
Installation
Node.js:
npm install @jspm/import-map
Usage
@jspm/import-map only ships as an ES module.
example.mjs
import { ImportMap } from '@jspm/import-map';
const mapUrl = import.meta.url;
const map = new ImportMap({
mapUrl, // optional
map: {
imports: {
react: 'https://cdn.com/react.js'
},
scopes: {
'https://site.com/': {
react: 'https://cdn.com/react2.js'
}
},
integrity: {
'https://cdn.com/react.js': 'sha384-...'
}
}
});
// Use the map resolver
map.resolve('react') === 'https://cdn.com/react.js';
map.resolve('react', 'https://site.com/') === 'https://cdn.com/react2.js';
// Supports normal URL resolution behaving a browser-compatible ES module resolver
map.resolve('./hello.js', 'https://site.com/') === 'https://site.com/hello.js';
// Mutate the map
map.set('react', './custom-react.js');
map.resolve('react') === new URL('./custom-react.js', mapUrl).href;
// Mutate the map inside a custom scope
map.set('react', './custom-react2.js', 'https://another.com/');
map.resolve('react', 'https://another.com/') === new URL('./custom-react2.js', mapUrl).href;
// Get the map JSON
console.log(JSON.stringify(map.toJSON(), null, 2));
// {
// "imports": {
// "react": "./custom-react.js"
// },
// "scopes": {
// "https://site.com/": {
// "react": "https://cdn.com/react2.js"
// },
// "https://another.com/": {
// "react": "./custom-react2.js"
// }
// },
// "integrity": {
// "https://cdn.com/react.js": "sha384-..."
// }
// }
// Rebase the map
map.rebase('./map/');
console.log(JSON.stringify(map.toJSON(), null, 2));
// {
// "imports": {
// "react": "../custom-react.js"
// },
// "scopes": {
// "https://site.com/": {
// "react": "https://cdn.com/react2.js"
// },
// "https://another.com/": {
// "react": "../custom-react2.js"
// }
// },
// "integrity": {
// "https://cdn.com/react.js": "sha384-..."
// }
// }
// Flatten the import map (removes unnecessary scope redundancy)
map.set('react', '../custom-react.js', 'https://site.com/');
map.flatten();
console.log(JSON.stringify(map.toJSON(), null, 2));
// {
// "imports": {
// "react": "../custom-react.js"
// },
// "scopes": {
// "https://another.com/": {
// "react": "../custom-react2.js"
// }
// },
// "integrity": {
// "https://cdn.com/react.js": "sha384-..."
// }
// }
// Replace URLs in the map
map.replace('https://cdn.com/', 'https://cdn-mirror.com/');
map.replace('https://another.com/', 'https://another-site.com/');
console.log(JSON.stringify(map.toJSON(), null, 2));
// {
// "imports": {
// "react": "../custom-react.js"
// },
// "scopes": {
// "https://another-site.com/": {
// "react": "../custom-react2.js"
// }
// },
// "integrity": {
// "https://another.com/react.js": "sha384-..."
// }
// }
// Combine subpaths in the map
// This is only supported for scopes and not top-level imports,
// to avoid losing dependency information from imports.
// (all non-returning methods support chaining)
console.log(new ImportMap({
map: {
scopes: {
"/": {
"pkg/a.js": "/pkg/a.js",
"pkg/b.js": "/pkg/b.js"
}
}
}
}).combineSubpaths().toJSON());
// {
// "imports": {},
// "scopes": {
// "/": {
// "pkg/": "/pkg/"
// }
// }
// }
API
See src/map.ts.
Support is also provided for conditional maps supporting a way to manage generic maps for multiple environment targets, before serializing or resolving for exact environment targets.
License
MIT
Keywords
FAQs
Package Import Map Utility
The npm package @jspm/import-map receives a total of 10,060 weekly downloads. As such, @jspm/import-map popularity was classified as popular.
We found that @jspm/import-map demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 24 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg - Sep 10, 2025
Security News
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
By Sarah Gooding - Sep 10, 2025