Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
fast-sourcemap-upload
Advanced tools
上传SourceMap文件node脚本
fast-sourcemap-upload根据用户配置的文件目录,自动递归搜索配置目录下的source文件和.map文件,并根据文件名与oss仓库文件做比对,实现增量上传源文件与map文件
提示:避免在开发环境使用该插件,在生产环境再启用该插件
配置 | 字段类型 | 说明 | 是否必填 | 默认值 |
---|---|---|---|---|
app_key | string | 项目唯一标识 | 是 | 无默认值 |
product_code | string | product_code | 是 | 无默认值 |
app_code | string | app_code | 是 | 无默认值 |
upload_url | string | 待上传文件目录路径(绝对路径) | 是 | 无默认值 |
is_delete_source_map | boolean | 是否在上传完map文件后删除输出目录的.js.map和.css.map文件,默认值为true | 否 | true |
timeout | number | 单个文件上传超时时间,默认值300000,5分钟 | 否 | 300000 |
sts_url | string | STS上传权限获取接口 | 否 | 无默认值 |
force_update | boolean | 是否强制上传 | 否 | false |
npm i fast-sourcemap-upload -D
创建一个js文件 nodeUpload.js
const nodePlugin = require('fast-sourcemap-upload');
const path = require('path')
nodePlugin({
app_key: 'your app——key',
product_code: 'your product_code',
app_code: 'your app_code',
upload_url: path.resolve(__dirname, 'your dir_path'),
is_delete_source_map: true,
})
终端
node nodeUpload
上传时间不定,根据当前网络状况决定,oss仓库存在的文件不会上传(根据文件路径与名称区分,请开启文件名hash)。
前端构建工具请开启文件名hash模式,增量上传是根据文件路径与文件名进行区分的。
如果您的项目将css、less、scss文件打包入您的js文件时,请在相关loader中关闭您css、less、scss相关文件的sourcemap生成配置。以防止生成的map文件一并打包入您的js文件中,导致js文件大小超过预期。
例:
{
loader: 'style-loader',
options: {
sourceMap: false
}
}
例:
<--- Last few GCs --->
[70041:0x103800000] 112100 ms: Mark-sweep 1049.8 (1273.7) -> 1049.7 (1214.2) MB, 427.1 / 0.0 ms (average mu = 0.618, current mu = 0.000) last resort GC in old space requested
[70041:0x103800000] 112510 ms: Mark-sweep 1049.7 (1214.2) -> 1049.7 (1192.2) MB, 410.3 / 0.0 ms (average mu = 0.447, current mu = 0.000) last resort GC in old space requested
<--- JS stacktrace --->
==== JS stack trace =========================================
0: ExitFrame [pc: 0x36295d35be3d]
Security context: 0x0280a0d9e6e1 <JSObject>
1: byteLength(aka byteLength) [0x280057866f1] [buffer.js:531] [bytecode=0x280f3e290c1 offset=204](this=0x0280cf7826f1 <undefined>,string=0x028037c8a291 <Very long string[190258200]>,encoding=0x0280a0dbd819 <String[4]: utf8>)
2: arguments adaptor frame: 3->2
3: fromString(aka fromString) [0x2800579d2d9] [buffer.js:342] [bytecode=0x280f3e278e1 offs...
解决方案:
配置打包命令时,修改node进程占用内存的大小 --max-old-space-size
例:
package.json
"scripts": {
"build": " node --max-old-space-size=4096 ./scripts/build.js",
},
FAQs
fast track sourcemap upload
We found that fast-sourcemap-upload demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.