![Introducing Enhanced Alert Actions and Triage Functionality](https://cdn.sanity.io/images/cgdhsj6q/production/fe71306d515f85de6139b46745ea7180362324f0-2530x946.png?w=800&fit=max&auto=format)
Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
sorcery
Advanced tools
Changelog
0.3.0
Readme
Sourcemaps are great - if you have a JavaScript file, and you minify it, your minifier can generate a map that lets you debug as though you were looking at the original uncompressed code.
But if you have more than one transformation - say you want to transpile your JavaScript, concatenate several files into one, and minify the result - it gets a little trickier. Each intermediate step needs to be able to both ingest a sourcemap and generate one, all the time pointing back to the original source.
Most compilers don't do that. (UglifyJS is an honourable exception.) So when you fire up devtools, instead of looking at the original source you find yourself looking at the final intermediate step in the chain of transformations.
Sorcery aims to fix that. Given an file at the end of a transformation chain (e.g., your minified JavaScript), it will follow the entire chain back to the original source, and generate a new sourcemap that describes the whole process. How? Magic.
This is a work-in-progress - suitable for playing around with, but don't rely on it to debug air traffic control software or medical equipment. Other than that, it can't do much harm.
Install sorcery locally:
npm install sorcery
var sorcery = require( 'sorcery' );
sorcery.load( 'some/generated/code.min.js' ).then( function ( chain ) {
// generate a flattened sourcemap
var map = chain.apply(); // { version: 3, file: 'code.min.js', ... }
// get a JSON representation of the sourcemap
map.toString(); // '{"version":3,"file":"code.min.js",...}'
// get a data URI representation
map.toUrl(); // 'data:application/json;charset=utf-8;base64,eyJ2ZXJ...'
// write to a new file - this will create `output.js` and
// `output.js.map`, and will preserve relative paths. It
// returns a Promise
chain.write( 'output.js' );
// write to a new file but use an absolute path for the
// sourceMappingURL
chain.write( 'output.js', { absolutePath: true });
// write to a new file, but append the flattened sourcemap as a data URI
chain.write( 'output.js', { inline: true });
// overwrite the existing file
chain.write();
chain.write({ inline: true });
// find the origin of line x, column y. Returns an object with
// `source`, `line`, `column` and (if applicable) `name` properties.
// Note - for consistency with other tools, line numbers are always
// one-based, column numbers are always zero-based. It's daft, I know.
var loc = chain.trace( x, y );
});
// You can also use sorcery synchronously:
var chain = sorcery.loadSync( 'some/generated/code.min.js' );
var map = chain.apply();
var loc = chain.trace( x, y );
First, install sorcery globally:
npm install -g sorcery
Usage:
sorcery [options]
Options:
-h, --help Show help message
-v, --version Show version
-i, --input <file> Input file
-o, --output <file> Output file (if absent, will overwrite input)
-d, --datauri Append map as a data URI, rather than separate file
-x, --excludeContent Don't populate the sourcesContent array
Examples:
# overwrite sourcemap in place (will write map to
# some/generated/code.min.js.map, and update
# sourceMappingURL comment if necessary
sorcery -i some/generated/code.min.js
# append flattened sourcemap as an inline data URI
# (will delete existing .map file, if applicable)
sorcery -i -d some/generated/code.min.js
# write to a new file (will create newfile.js and
# newfile.js.map)
sorcery -i some/generated/code.min.js -o newfile.js
MIT
FAQs
Resolve a chain of sourcemaps back to the original source
The npm package sorcery receives a total of 305,726 weekly downloads. As such, sorcery popularity was classified as popular.
We found that sorcery demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.