Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
source-map
Advanced tools
The source-map npm package provides utilities for generating and consuming source maps, which are files that map from the transformed source to the original source, enabling the browser to reconstruct the original source and present it in the developer tools. Source maps are commonly used to debug minified code or transpiled code (e.g., from TypeScript or Babel) in an easier-to-read format.
Generating a source map
This feature allows you to create a source map that maps the code from a minified file back to its original source files. The code sample represents a simple source map in JSON format.
{"version":3,"file":"min.js","names":["bar","baz","n"],"sources":["one.js","two.js"],"sourceRoot":"http://example.com/www/js/","mappings":"CAAC,IAAI,IAAM,SAAUA,GAClB,OAAOC,MAAM"}
Consuming a source map
This feature allows you to consume a source map and extract information from it, such as the original source files. The code sample demonstrates how to use SourceMapConsumer to read a source map.
const sourceMap = require('source-map');
const consumer = await new sourceMap.SourceMapConsumer('{"version":3,"sources":["foo.js"],"names":["bar"],"mappings":"AAAA","file":"foo.min.js"}');
console.log(consumer.sources); // ['foo.js']
Finding the original position for a generated position
This feature allows you to find the original source position corresponding to a line and column in the generated source. The code sample shows how to retrieve the original position using SourceMapConsumer.
const sourceMap = require('source-map');
const consumer = await new sourceMap.SourceMapConsumer('{"version":3,"sources":["foo.js"],"names":["bar"],"mappings":"AAAA","file":"foo.min.js"}');
const originalPosition = consumer.originalPositionFor({ line: 1, column: 10 });
console.log(originalPosition); // { source: 'foo.js', line: 1, column: 10, name: 'bar' }
Mapping the original source back to the generated code
This feature allows you to map positions in the original source to the corresponding positions in the generated code. The code sample demonstrates how to add a mapping to a SourceMapGenerator instance.
const sourceMap = require('source-map');
const generator = new sourceMap.SourceMapGenerator({ file: 'foo.min.js' });
generator.addMapping({
generated: { line: 1, column: 10 },
original: { line: 1, column: 10 },
source: 'foo.js'
});
const map = generator.toString();
console.log(map);
This package provides source map support for stack traces in node.js. It uses source maps to map error stack traces from generated code back to the original sources. It is similar to source-map but focuses more on integrating source map support into node.js environments.
sourcemap-codec is a library for encoding and decoding the mappings field of source maps. It is a lower-level utility compared to source-map and is used when you need to work directly with the mappings field, which is a VLQ-encoded string.
This is a library to generate and consume the source map format described here.
$ npm install source-map
<script src="https://unpkg.com/source-map@0.7.0/dist/source-map.js"></script>
<script>
sourceMap.SourceMapConsumer.initialize({
"lib/mappings.wasm": "https://unpkg.com/source-map@0.7.0/lib/mappings.wasm"
});
</script>
const rawSourceMap = {
version: 3,
file: 'min.js',
names: ['bar', 'baz', 'n'],
sources: ['one.js', 'two.js'],
sourceRoot: 'http://example.com/www/js/',
mappings: 'CAAC,IAAI,IAAM,SAAUA,GAClB,OAAOC,IAAID;CCDb,IAAI,IAAM,SAAUE,GAClB,OAAOA'
};
const whatever = await SourceMapConsumer.with(rawSourceMap, null, consumer => {
console.log(consumer.sources);
// [ 'http://example.com/www/js/one.js',
// 'http://example.com/www/js/two.js' ]
console.log(consumer.originalPositionFor({
line: 2,
column: 28
}));
// { source: 'http://example.com/www/js/two.js',
// line: 2,
// column: 10,
// name: 'n' }
console.log(consumer.generatedPositionFor({
source: 'http://example.com/www/js/two.js',
line: 2,
column: 10
}));
// { line: 2, column: 28 }
consumer.eachMapping(function (m) {
// ...
});
return computeWhatever();
});
In depth guide: Compiling to JavaScript, and Debugging with Source Maps
function compile(ast) {
switch (ast.type) {
case 'BinaryExpression':
return new SourceNode(
ast.location.line,
ast.location.column,
ast.location.source,
[compile(ast.left), " + ", compile(ast.right)]
);
case 'Literal':
return new SourceNode(
ast.location.line,
ast.location.column,
ast.location.source,
String(ast.value)
);
// ...
default:
throw new Error("Bad AST");
}
}
var ast = parse("40 + 2", "add.js");
console.log(compile(ast).toStringWithSourceMap({
file: 'add.js'
}));
// { code: '40 + 2',
// map: [object SourceMapGenerator] }
var map = new SourceMapGenerator({
file: "source-mapped.js"
});
map.addMapping({
generated: {
line: 10,
column: 35
},
source: "foo.js",
original: {
line: 33,
column: 2
},
name: "christopher"
});
console.log(map.toString());
// '{"version":3,"file":"source-mapped.js","sources":["foo.js"],"names":["christopher"],"mappings":";;;;;;;;;mCAgCEA"}'
Get a reference to the module:
// Node.js
var sourceMap = require('source-map');
// Browser builds
var sourceMap = window.sourceMap;
// Inside Firefox
const sourceMap = require("devtools/toolkit/sourcemap/source-map.js");
A SourceMapConsumer
instance represents a parsed source map which we can query
for information about the original file positions by giving it a file position
in the generated source.
When using SourceMapConsumer
outside of node.js, for example on the Web, it
needs to know from what URL to load lib/mappings.wasm
. You must inform it by
calling initialize
before constructing any SourceMapConsumer
s.
The options object has the following properties:
"lib/mappings.wasm"
: A String
containing the URL of the
lib/mappings.wasm
file.sourceMap.SourceMapConsumer.initialize({
"lib/mappings.wasm": "https://example.com/source-map/lib/mappings.wasm"
});
The only parameter is the raw source map (either as a string which can be
JSON.parse
'd, or an object). According to the spec, source maps have the
following attributes:
version
: Which version of the source map spec this map is following.
sources
: An array of URLs to the original source files.
names
: An array of identifiers which can be referenced by individual
mappings.
sourceRoot
: Optional. The URL root from which all sources are relative.
sourcesContent
: Optional. An array of contents of the original source files.
mappings
: A string of base64 VLQs which contain the actual mappings.
file
: Optional. The generated filename this source map is associated with.
The promise of the constructed souce map consumer is returned.
When the SourceMapConsumer
will no longer be used anymore, you must call its
destroy
method.
const consumer = await new sourceMap.SourceMapConsumer(rawSourceMapJsonData);
doStuffWith(consumer);
consumer.destroy();
Alternatively, you can use SourceMapConsumer.with
to avoid needing to remember
to call destroy
.
Construct a new SourceMapConsumer
from rawSourceMap
and sourceMapUrl
(see the SourceMapConsumer
constructor for details. Then, invoke the async function f(SourceMapConsumer) -> T
with the newly constructed consumer, wait
for f
to complete, call destroy
on the consumer, and return f
's return
value.
You must not use the consumer after f
completes!
By using with
, you do not have to remember to manually call destroy
on
the consumer, since it will be called automatically once f
completes.
const xSquared = await SourceMapConsumer.with(
myRawSourceMap,
null,
async function (consumer) {
// Use `consumer` inside here and don't worry about remembering
// to call `destroy`.
const x = await whatever(consumer);
return x * x;
}
);
// You may not use that `consumer` anymore out here; it has
// been destroyed. But you can use `xSquared`.
console.log(xSquared);
Free this source map consumer's associated wasm data that is manually-managed.
consumer.destroy();
Alternatively, you can use SourceMapConsumer.with
to avoid needing to remember
to call destroy
.
Compute the last column for each generated mapping. The last column is inclusive.
// Before:
consumer.allGeneratedPositionsFor({ line: 2, source: "foo.coffee" })
// [ { line: 2,
// column: 1 },
// { line: 2,
// column: 10 },
// { line: 2,
// column: 20 } ]
consumer.computeColumnSpans();
// After:
consumer.allGeneratedPositionsFor({ line: 2, source: "foo.coffee" })
// [ { line: 2,
// column: 1,
// lastColumn: 9 },
// { line: 2,
// column: 10,
// lastColumn: 19 },
// { line: 2,
// column: 20,
// lastColumn: Infinity } ]
Returns the original source, line, and column information for the generated source's line and column positions provided. The only argument is an object with the following properties:
line
: The line number in the generated source. Line numbers in
this library are 1-based (note that the underlying source map
specification uses 0-based line numbers -- this library handles the
translation).
column
: The column number in the generated source. Column numbers
in this library are 0-based.
bias
: Either SourceMapConsumer.GREATEST_LOWER_BOUND
or
SourceMapConsumer.LEAST_UPPER_BOUND
. Specifies whether to return the closest
element that is smaller than or greater than the one we are searching for,
respectively, if the exact element cannot be found. Defaults to
SourceMapConsumer.GREATEST_LOWER_BOUND
.
and an object is returned with the following properties:
source
: The original source file, or null if this information is not
available.
line
: The line number in the original source, or null if this information is
not available. The line number is 1-based.
column
: The column number in the original source, or null if this
information is not available. The column number is 0-based.
name
: The original identifier, or null if this information is not available.
consumer.originalPositionFor({ line: 2, column: 10 })
// { source: 'foo.coffee',
// line: 2,
// column: 2,
// name: null }
consumer.originalPositionFor({ line: 99999999999999999, column: 999999999999999 })
// { source: null,
// line: null,
// column: null,
// name: null }
Returns the generated line and column information for the original source, line, and column positions provided. The only argument is an object with the following properties:
source
: The filename of the original source.
line
: The line number in the original source. The line number is
1-based.
column
: The column number in the original source. The column
number is 0-based.
and an object is returned with the following properties:
line
: The line number in the generated source, or null. The line
number is 1-based.
column
: The column number in the generated source, or null. The
column number is 0-based.
consumer.generatedPositionFor({ source: "example.js", line: 2, column: 10 })
// { line: 1,
// column: 56 }
Returns all generated line and column information for the original source, line, and column provided. If no column is provided, returns all mappings corresponding to a either the line we are searching for or the next closest line that has any mappings. Otherwise, returns all mappings corresponding to the given line and either the column we are searching for or the next closest column that has any offsets.
The only argument is an object with the following properties:
source
: The filename of the original source.
line
: The line number in the original source. The line number is
1-based.
column
: Optional. The column number in the original source. The
column number is 0-based.
and an array of objects is returned, each with the following properties:
line
: The line number in the generated source, or null. The line
number is 1-based.
column
: The column number in the generated source, or null. The
column number is 0-based.
consumer.allGeneratedpositionsfor({ line: 2, source: "foo.coffee" })
// [ { line: 2,
// column: 1 },
// { line: 2,
// column: 10 },
// { line: 2,
// column: 20 } ]
Return true if we have the embedded source content for every source listed in the source map, false otherwise.
In other words, if this method returns true
, then
consumer.sourceContentFor(s)
will succeed for every source s
in
consumer.sources
.
// ...
if (consumer.hasContentsOfAllSources()) {
consumerReadyCallback(consumer);
} else {
fetchSources(consumer, consumerReadyCallback);
}
// ...
Returns the original source content for the source provided. The only argument is the URL of the original source file.
If the source content for the given source is not found, then an error is
thrown. Optionally, pass true
as the second param to have null
returned
instead.
consumer.sources
// [ "my-cool-lib.clj" ]
consumer.sourceContentFor("my-cool-lib.clj")
// "..."
consumer.sourceContentFor("this is not in the source map");
// Error: "this is not in the source map" is not in the source map
consumer.sourceContentFor("this is not in the source map", true);
// null
Iterate over each mapping between an original source/line/column and a generated line/column in this source map.
callback
: The function that is called with each mapping. Mappings have the
form { source, generatedLine, generatedColumn, originalLine, originalColumn, name }
context
: Optional. If specified, this object will be the value of this
every time that callback
is called.
order
: Either SourceMapConsumer.GENERATED_ORDER
or
SourceMapConsumer.ORIGINAL_ORDER
. Specifies whether you want to iterate over
the mappings sorted by the generated file's line/column order or the
original's source/line/column order, respectively. Defaults to
SourceMapConsumer.GENERATED_ORDER
.
consumer.eachMapping(function (m) { console.log(m); })
// ...
// { source: 'illmatic.js',
// generatedLine: 1,
// generatedColumn: 0,
// originalLine: 1,
// originalColumn: 0,
// name: null }
// { source: 'illmatic.js',
// generatedLine: 2,
// generatedColumn: 0,
// originalLine: 2,
// originalColumn: 0,
// name: null }
// ...
An instance of the SourceMapGenerator represents a source map which is being built incrementally.
You may pass an object with the following properties:
file
: The filename of the generated source that this source map is
associated with.
sourceRoot
: A root for all relative URLs in this source map.
skipValidation
: Optional. When true
, disables validation of mappings as
they are added. This can improve performance but should be used with
discretion, as a last resort. Even then, one should avoid using this flag when
running tests, if possible.
var generator = new sourceMap.SourceMapGenerator({
file: "my-generated-javascript-file.js",
sourceRoot: "http://example.com/app/js/"
});
Creates a new SourceMapGenerator
from an existing SourceMapConsumer
instance.
sourceMapConsumer
The SourceMap.var generator = sourceMap.SourceMapGenerator.fromSourceMap(consumer);
Add a single mapping from original source line and column to the generated source's line and column for this source map being created. The mapping object should have the following properties:
generated
: An object with the generated line and column positions.
original
: An object with the original line and column positions.
source
: The original source file (relative to the sourceRoot).
name
: An optional original token name for this mapping.
generator.addMapping({
source: "module-one.scm",
original: { line: 128, column: 0 },
generated: { line: 3, column: 456 }
})
Set the source content for an original source file.
sourceFile
the URL of the original source file.
sourceContent
the content of the source file.
generator.setSourceContent("module-one.scm",
fs.readFileSync("path/to/module-one.scm"))
Applies a SourceMap for a source file to the SourceMap. Each mapping to the supplied source file is rewritten using the supplied SourceMap. Note: The resolution for the resulting mappings is the minimum of this map and the supplied map.
sourceMapConsumer
: The SourceMap to be applied.
sourceFile
: Optional. The filename of the source file.
If omitted, sourceMapConsumer.file will be used, if it exists.
Otherwise an error will be thrown.
sourceMapPath
: Optional. The dirname of the path to the SourceMap
to be applied. If relative, it is relative to the SourceMap.
This parameter is needed when the two SourceMaps aren't in the same directory, and the SourceMap to be applied contains relative source paths. If so, those relative source paths need to be rewritten relative to the SourceMap.
If omitted, it is assumed that both SourceMaps are in the same directory,
thus not needing any rewriting. (Supplying '.'
has the same effect.)
Renders the source map being generated to a string.
generator.toString()
// '{"version":3,"sources":["module-one.scm"],"names":[],"mappings":"...snip...","file":"my-generated-javascript-file.js","sourceRoot":"http://example.com/app/js/"}'
SourceNodes provide a way to abstract over interpolating and/or concatenating snippets of generated JavaScript source code, while maintaining the line and column information associated between those snippets and the original source code. This is useful as the final intermediate representation a compiler might use before outputting the generated JS and source map.
line
: The original line number associated with this source node, or null if
it isn't associated with an original line. The line number is 1-based.
column
: The original column number associated with this source node, or null
if it isn't associated with an original column. The column number
is 0-based.
source
: The original source's filename; null if no filename is provided.
chunk
: Optional. Is immediately passed to SourceNode.prototype.add
, see
below.
name
: Optional. The original identifier.
var node = new SourceNode(1, 2, "a.cpp", [
new SourceNode(3, 4, "b.cpp", "extern int status;\n"),
new SourceNode(5, 6, "c.cpp", "std::string* make_string(size_t n);\n"),
new SourceNode(7, 8, "d.cpp", "int main(int argc, char** argv) {}\n"),
]);
Creates a SourceNode from generated code and a SourceMapConsumer.
code
: The generated code
sourceMapConsumer
The SourceMap for the generated code
relativePath
The optional path that relative sources in sourceMapConsumer
should be relative to.
const consumer = await new SourceMapConsumer(fs.readFileSync("path/to/my-file.js.map", "utf8"));
onst node = SourceNode.fromStringWithSourceMap(fs.readFileSync("path/to/my-file.js"),
consumer);
Add a chunk of generated JS to this source node.
chunk
: A string snippet of generated JS code, another instance of
SourceNode
, or an array where each member is one of those things.node.add(" + ");
node.add(otherNode);
node.add([leftHandOperandNode, " + ", rightHandOperandNode]);
Prepend a chunk of generated JS to this source node.
chunk
: A string snippet of generated JS code, another instance of
SourceNode
, or an array where each member is one of those things.node.prepend("/** Build Id: f783haef86324gf **/\n\n");
Set the source content for a source file. This will be added to the
SourceMap
in the sourcesContent
field.
sourceFile
: The filename of the source file
sourceContent
: The content of the source file
node.setSourceContent("module-one.scm",
fs.readFileSync("path/to/module-one.scm"))
Walk over the tree of JS snippets in this node and its children. The walking function is called once for each snippet of JS and is passed that snippet and the its original associated source's line/column location.
fn
: The traversal function.var node = new SourceNode(1, 2, "a.js", [
new SourceNode(3, 4, "b.js", "uno"),
"dos",
[
"tres",
new SourceNode(5, 6, "c.js", "quatro")
]
]);
node.walk(function (code, loc) { console.log("WALK:", code, loc); })
// WALK: uno { source: 'b.js', line: 3, column: 4, name: null }
// WALK: dos { source: 'a.js', line: 1, column: 2, name: null }
// WALK: tres { source: 'a.js', line: 1, column: 2, name: null }
// WALK: quatro { source: 'c.js', line: 5, column: 6, name: null }
Walk over the tree of SourceNodes. The walking function is called for each source file content and is passed the filename and source content.
fn
: The traversal function.var a = new SourceNode(1, 2, "a.js", "generated from a");
a.setSourceContent("a.js", "original a");
var b = new SourceNode(1, 2, "b.js", "generated from b");
b.setSourceContent("b.js", "original b");
var c = new SourceNode(1, 2, "c.js", "generated from c");
c.setSourceContent("c.js", "original c");
var node = new SourceNode(null, null, null, [a, b, c]);
node.walkSourceContents(function (source, contents) { console.log("WALK:", source, ":", contents); })
// WALK: a.js : original a
// WALK: b.js : original b
// WALK: c.js : original c
Like Array.prototype.join
except for SourceNodes. Inserts the separator
between each of this source node's children.
sep
: The separator.var lhs = new SourceNode(1, 2, "a.rs", "my_copy");
var operand = new SourceNode(3, 4, "a.rs", "=");
var rhs = new SourceNode(5, 6, "a.rs", "orig.clone()");
var node = new SourceNode(null, null, null, [ lhs, operand, rhs ]);
var joinedNode = node.join(" ");
Call String.prototype.replace
on the very right-most source snippet. Useful
for trimming white space from the end of a source node, etc.
pattern
: The pattern to replace.
replacement
: The thing to replace the pattern with.
// Trim trailing white space.
node.replaceRight(/\s*$/, "");
Return the string representation of this source node. Walks over the tree and concatenates all the various snippets together to one string.
var node = new SourceNode(1, 2, "a.js", [
new SourceNode(3, 4, "b.js", "uno"),
"dos",
[
"tres",
new SourceNode(5, 6, "c.js", "quatro")
]
]);
node.toString()
// 'unodostresquatro'
Returns the string representation of this tree of source nodes, plus a SourceMapGenerator which contains all the mappings between the generated and original sources.
The arguments are the same as those to new SourceMapGenerator
.
var node = new SourceNode(1, 2, "a.js", [
new SourceNode(3, 4, "b.js", "uno"),
"dos",
[
"tres",
new SourceNode(5, 6, "c.js", "quatro")
]
]);
node.toStringWithSourceMap({ file: "my-output-file.js" })
// { code: 'unodostresquatro',
// map: [object SourceMapGenerator] }
0.7.1
FAQs
Generates and consumes source maps
The npm package source-map receives a total of 31,091,248 weekly downloads. As such, source-map popularity was classified as popular.
We found that source-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.