Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
source-map
Advanced tools
The source-map npm package provides utilities for generating and consuming source maps, which are files that map from the transformed source to the original source, enabling the browser to reconstruct the original source and present it in the developer tools. Source maps are commonly used to debug minified code or transpiled code (e.g., from TypeScript or Babel) in an easier-to-read format.
Generating a source map
This feature allows you to create a source map that maps the code from a minified file back to its original source files. The code sample represents a simple source map in JSON format.
{"version":3,"file":"min.js","names":["bar","baz","n"],"sources":["one.js","two.js"],"sourceRoot":"http://example.com/www/js/","mappings":"CAAC,IAAI,IAAM,SAAUA,GAClB,OAAOC,MAAM"}
Consuming a source map
This feature allows you to consume a source map and extract information from it, such as the original source files. The code sample demonstrates how to use SourceMapConsumer to read a source map.
const sourceMap = require('source-map');
const consumer = await new sourceMap.SourceMapConsumer('{"version":3,"sources":["foo.js"],"names":["bar"],"mappings":"AAAA","file":"foo.min.js"}');
console.log(consumer.sources); // ['foo.js']
Finding the original position for a generated position
This feature allows you to find the original source position corresponding to a line and column in the generated source. The code sample shows how to retrieve the original position using SourceMapConsumer.
const sourceMap = require('source-map');
const consumer = await new sourceMap.SourceMapConsumer('{"version":3,"sources":["foo.js"],"names":["bar"],"mappings":"AAAA","file":"foo.min.js"}');
const originalPosition = consumer.originalPositionFor({ line: 1, column: 10 });
console.log(originalPosition); // { source: 'foo.js', line: 1, column: 10, name: 'bar' }
Mapping the original source back to the generated code
This feature allows you to map positions in the original source to the corresponding positions in the generated code. The code sample demonstrates how to add a mapping to a SourceMapGenerator instance.
const sourceMap = require('source-map');
const generator = new sourceMap.SourceMapGenerator({ file: 'foo.min.js' });
generator.addMapping({
generated: { line: 1, column: 10 },
original: { line: 1, column: 10 },
source: 'foo.js'
});
const map = generator.toString();
console.log(map);
This package provides source map support for stack traces in node.js. It uses source maps to map error stack traces from generated code back to the original sources. It is similar to source-map but focuses more on integrating source map support into node.js environments.
sourcemap-codec is a library for encoding and decoding the mappings field of source maps. It is a lower-level utility compared to source-map and is used when you need to work directly with the mappings field, which is a VLQ-encoded string.
This is a library to generate and consume the source map format described here.
This library was written in the Asynchronous Module Definition format. It should work in the following environments:
Modern Browsers (either after the build, or with an AMD loader such as RequireJS)
Inside Firefox (as a JSM file, after the build)
With NodeJS versions 0.8.X and higher
Simply
$ npm install source-map
Or, if you'd like to hack on this library and have it installed via npm so you can try out your changes:
$ git clone https://fitzgen@github.com/mozilla/source-map.git
$ cd source-map
$ npm link .
Install Node and then run
$ git clone https://fitzgen@github.com/mozilla/source-map.git
$ cd source-map
$ npm link .
Next, run
$ node Makefile.dryice.js`
This should create the following files:
dist/source-map.js
- The unminified browser version.
dist/source-map.min.js
- The minified browser version.
dist/SourceMap.jsm
- The JavaScript Module for inclusion in Firefox
source.
Get a reference to the module:
// NodeJS
var sourceMap = require('source-map');
// Browser builds
var sourceMap = window.sourceMap;
// Inside Firefox
let sourceMap = {};
Components.utils.import('resource:///modules/devtools/SourceMap.jsm', sourceMap);
A SourceMapConsumer instance represents a parsed source map which we can query for information about the original file positions by giving it a file position in the generated source.
The only parameter is the raw source map (either as a string which can be
JSON.parse
'd, or an object). According to the spec, source maps have the
following attributes:
version
: Which version of the source map spec this map is following.
sources
: An array of URLs to the original source files.
names
: An array of identifiers which can be referrenced by individual
mappings.
sourceRoot
: Optional. The URL root from which all sources are relative.
sourcesContent
: Optional. An array of contents of the original source files.
mappings
: A string of base64 VLQs which contain the actual mappings.
file
: The generated filename this source map is associated with.
Returns the original source, line, and column information for the generated source's line and column positions provided. The only argument is an object with the following properties:
line
: The line number in the generated source.
column
: The column number in the generated source.
and an object is returned with the following properties:
source
: The original source file, or null if this information is not
available.
line
: The line number in the original source, or null if this information is
not available.
column
: The column number in the original source, or null or null if this
information is not available.
name
: The original identifier, or null if this information is not available.
Returns the generated line and column information for the original source, line, and column positions provided. The only argument is an object with the following properties:
source
: The filename of the original source.
line
: The line number in the original source.
column
: The column number in the original source.
and an object is returned with the following properties:
line
: The line number in the generated source, or null.
column
: The column number in the generated source, or null.
Returns the original source content for the source provided. The only argument is the URL of the original source file.
Iterate over each mapping between an original source/line/column and a generated line/column in this source map.
callback
: The function that is called with each mapping. This function
should not mutate the mapping.
context
: Optional. If specified, this object will be the value of this
every time that callback
is called.
order
: Either SourceMapConsumer.GENERATED_ORDER
or
SourceMapConsumer.ORIGINAL_ORDER
. Specifies whether you want to iterate over
the mappings sorted by the generated file's line/column order or the
original's source/line/column order, respectively. Defaults to
SourceMapConsumer.GENERATED_ORDER
.
An instance of the SourceMapGenerator represents a source map which is being built incrementally.
To create a new one, you must pass an object with the following properties:
file
: The filename of the generated source that this source map is
associated with.
sourceRoot
: An optional root for all relative URLs in this source map.
Add a single mapping from original source line and column to the generated source's line and column for this source map being created. The mapping object should have the following properties:
generated
: An object with the generated line and column positions.
original
: An object with the original line and column positions.
source
: The original source file (relative to the sourceRoot).
name
: An optional original token name for this mapping.
Set the source content for an original source file.
sourceFile
the URL of the original source file.
sourceContent
the content of the source file.
Renders the source map being generated to a string.
SourceNodes provide a way to abstract over interpolating and/or concatenating snippets of generated JavaScript source code, while maintaining the line and column information associated between those snippets and the original source code. This is useful as the final intermediate representation a compiler might use before outputting the generated JS and source map.
line
: The original line number associated with this source node, or null if
it isn't associated with an original line.
column
: The original column number associated with this source node, or null
if it isn't associated with an original column.
source
: The original source's filename.
chunk
: Optional. Is immediately passed to SourceNode.prototype.add
, see
below.
name
: Optional. The original identifier.
Add a chunk of generated JS to this source node.
chunk
: A string snippet of generated JS code, another instance of
SourceNode
, or an array where each member is one of those things.Prepend a chunk of generated JS to this source node.
chunk
: A string snippet of generated JS code, another instance of
SourceNode
, or an array where each member is one of those things.Walk over the tree of JS snippets in this node and its children. The walking function is called once for each snippet of JS and is passed that snippet and the its original associated source's line/column location.
fn
: The traversal function.Like Array.prototype.join
except for SourceNodes. Inserts the separator
between each of this source node's children.
sep
: The separator.Call String.prototype.replace
on the very right-most source snippet. Useful
for trimming whitespace from the end of a source node, etc.
pattern
: The pattern to replace.
replacement
: The thing to replace the pattern with.
Return the string representation of this source node. Walks over the tree and concatenates all the various snippets together to one string.
Returns the string representation of this tree of source nodes, plus a SourceMapGenerator which contains all the mappings between the generated and original sources.
The arguments are the same as those to new SourceMapGenerator
.
Install NodeJS version 0.8.0 or greater, then run node test/run-tests.js
.
To add new tests, create a new file named test/test-<your new test name>.js
and export your test functions with names that start with "test", for example
exports["test doing the foo bar"] = function () {
...
};
The new test will be located automatically when you run the suite.
0.1.14
FAQs
Generates and consumes source maps
The npm package source-map receives a total of 119,358,346 weekly downloads. As such, source-map popularity was classified as popular.
We found that source-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.