Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@parcel/source-map
Advanced tools
A source map library purpose-build for the Parcel bundler with a focus on fast combining and manipulating of source-maps.
@parcel/source-map is a library for working with source maps, which are files that map from the transformed source code back to the original source code. This is useful for debugging and understanding the transformations applied to the code.
Creating a Source Map
This feature allows you to create a new source map and add mappings to it using VLQ (Variable Length Quantity) encoding.
const { SourceMap } = require('@parcel/source-map');
const map = new SourceMap();
map.addVLQMap({
version: 3,
file: 'out.js',
sources: ['foo.js', 'bar.js'],
names: ['src', 'maps', 'are', 'fun'],
mappings: 'AA,AB;;ABCDE;' // VLQ encoded mappings
});
console.log(map.toBuffer());
Adding a Mapping
This feature allows you to add individual mappings to the source map, specifying the generated and original positions, the source file, and an optional name.
const { SourceMap } = require('@parcel/source-map');
const map = new SourceMap();
map.addMapping({
generated: { line: 1, column: 5 },
original: { line: 2, column: 10 },
source: 'source.js',
name: 'myFunction'
});
console.log(map.toBuffer());
Loading an Existing Source Map
This feature allows you to load an existing source map into the SourceMap object, enabling further manipulation or inspection.
const { SourceMap } = require('@parcel/source-map');
const existingMap = {
version: 3,
file: 'out.js',
sources: ['foo.js', 'bar.js'],
names: ['src', 'maps', 'are', 'fun'],
mappings: 'AA,AB;;ABCDE;'
};
const map = new SourceMap();
map.addVLQMap(existingMap);
console.log(map.toBuffer());
Generating Source Map Buffer
This feature allows you to generate a buffer representation of the source map, which can be written to a file or used in other ways.
const { SourceMap } = require('@parcel/source-map');
const map = new SourceMap();
map.addMapping({
generated: { line: 1, column: 5 },
original: { line: 2, column: 10 },
source: 'source.js',
name: 'myFunction'
});
const buffer = map.toBuffer();
console.log(buffer);
The 'source-map' package is a library for generating and consuming source maps. It provides similar functionalities to @parcel/source-map, such as creating source maps, adding mappings, and loading existing maps. However, 'source-map' is more widely used and has a larger community.
The 'source-map-support' package provides source map support for stack traces in Node.js. While it does not offer the same level of manipulation capabilities as @parcel/source-map, it is useful for debugging purposes by providing better error stack traces.
The 'convert-source-map' package allows you to convert source maps from/to different formats and embed/extract them from code. It complements @parcel/source-map by providing additional utilities for working with source maps in various formats.
A source map library purpose-build for the Parcel bundler with a focus on fast combining and manipulating of source-maps.
To learn more about how sourcemaps are formatted and how they work, you can have a look at the SourceMap Specification.
If you want to use this library in your project or are looking to write a Parcel plugin with sourcemap support this should explain how you could get started.
For more information we have added doctypes to each function of the SourceMap class so you can have an in depth look at what everything does.
You can create a sourcemap from another sourcemap or by creating it one mapping at a time.
To create a sourcemap from an existing sourcemap you have to ensure it is a JS Object first by asking for the object version from whichever transpiler you're running or by parsing the serialised map using JSON.parse
or any other JSON parser.
After this you can call the function addVLQMap(map, lineOffset, columnOffset)
this function takes in the parameters map
, lineOffset
and columnOffset
. The map argument corresponds to the sourcemap object. The line and column offset are optional parameters used for offsetting the generated line and column. (this can be used when post-processing or wrapping the code linked to the sourcemap, in Parcel this is used when combining maps).
Example:
import SourceMap from '@parcel/source-map';
const RAW_SOURCEMAP = {
version: 3,
file: "helloworld.js",
sources: ["helloworld.coffee"],
names: [],
mappings: "AAAA;AAAA,EAAA,OAAO,CAAC,GAAR,CAAY,aAAZ,CAAA,CAAA;AAAA",
};
let sourcemap = new SourceMap();
sourcemap.addVLQMap(RAW_SOURCEMAP);
// This function removes the underlying references in the native code
sourcemap.delete();
If you want to use this library to create a sourcemap from scratch you can, for this you can call the addIndexedMapping(mapping, lineOffset, columnOffset)
function.
Example:
import SourceMap from '@parcel/source-map';
let sourcemap = new SourceMap();
// Add a single mapping
sourcemap.addIndexedMapping({
generated: {
// line index starts at 1
line: 1,
// column index starts at 0
column: 4
},
original: {
// line index starts at 1
line: 1,
// column index starts at 0
column: 4
},
source: 'index.js',
// Name is optional
name: 'A'
});
// This function removes the underlying references in the native code
sourcemap.delete();
For caching sourcemaps we have a toBuffer()
function which returns a buffer that can be saved on disk for later use and combining sourcemaps very quickly.
You can add a cached map to a SourceMap instance using the addBuffer(buffer, lineOffset)
function, where you can also offset the generated line and column.
Parcel is a performance conscious bundler, and therefore we like to optimise Parcel's performance as much as possible.
Our original source-map implementation used mozilla's source-map and a bunch of javascript and had issues with memory usage and serialization times (we were keeping all mappings in memory using JS objects and write/read it using JSON for caching).
This implementation has been written from scratch in Rust minimizing the memory usage, by utilizing indexes for sources and names and optimizing serialization times by using Buffers instead of JSON for caching.
Without these libraries this library wouldn't be as good as it is today. We've inspired and optimized our code using ideas and patterns used inside these libraries as well as used it to figure out how sourcemaps should be handled properly.
All contributions to this library are welcome as is with any part of Parcel's vast collection of libraries and tools.
To be able to build and work on this project you need to have the following tools installed:
For development purposes you might want to build or rebuild the project, for this you need to build the N-API module and JS Code.
To do this run the following commands: (for more information about this you can have a look in ./package.json
and ./Makefile
)
yarn transpile && yarn build:node
Before you're able to tag a release ensure to have cargo-release installed cargo install cargo-release
, we use it to tag the cargo files with a release tag.
yarn tag-release <version>
FAQs
A source map library purpose-build for the Parcel bundler with a focus on fast combining and manipulating of source-maps.
The npm package @parcel/source-map receives a total of 245,523 weekly downloads. As such, @parcel/source-map popularity was classified as popular.
We found that @parcel/source-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.