
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
A Ruby library to read, create and manipulate Source Maps.
Source Maps allow easy debugging and development of CoffeeScript and minifed JavaScript.
gem install sourcemap
# or Bundler:
gem 'sourcemap'
Join multiple source maps together.
foo = File.read("examples/foo.js")
bar = File.read("examples/bar.js")
foobar = foo + bar
foo_map = SourceMap::Map.from_json File.read("examples/foo.map")
bar_map = SourceMap::Map.from_json File.read("examples/bar.map")
foobar_map = foo_map + bar_map
foobar_map.to_json
Base one source map of another.
cs_map = SourceMap::Map.from_json File.read("examples/index.map")
min_map = SourceMap::Map.from_json File.read("examples/index.min.map")
combined_map = cs_map | min_map
combined_map.to_json
Create a new Map
instance from a JSON map string.
SourceMap::Map.from_json(%{
{
"version": 3,
"file": "index.js",
"sourceRoot": "",
"sources": [
"index.coffee"
],
"names": [],
"mappings": ";AAAA;AAAA,MAAA,IAAA;;AAAA"
}
})
Create a new Map
instance from a hash.
hash = {
'version' => 3,
'file' => "script.min.js",
'mappings' => "AAEAA,QAASA,MAAK,EAAG,CACfC,OAAAC,IAAA,CAAY,eAAZ,CADe",
'sources' => ["script.js"],
'names' => ["hello", "console", "log"]
}
map = SourceMap::Map.from_hash(hash)
Instantiate a Map
instance, passing in an optional array of Mapping
s and file name.
@mappings = SourceMap::Map.new([
SourceMap::Mapping.new('a.js', SourceMap::Offset.new(0, 0), SourceMap::Offset.new(0, 0)),
SourceMap::Mapping.new('b.js', SourceMap::Offset.new(1, 0), SourceMap::Offset.new(20, 0)),
SourceMap::Mapping.new('c.js', SourceMap::Offset.new(2, 0), SourceMap::Offset.new(30, 0))
])
Returns the amount of mappings
Lookup a mapping by integer
map = SourceMap::Map.from_json(json)
map[5] #=> <Mapping>
Iterate over each mapping.
Returns a VLQ representation of the source map.
mapping = SourceMap::Map.from_hash(hash)
mappings.to_s #=> "ACmBA;ACUA"
Returns an array of the original file names referenced in each mapping.
Returns an array of 'names', which are referenced in the mappings (in case the original source file is not available).
Concatenates Maps together, so you can serve mappings from multiple sources as one combined map.
foo_map = SourceMap::Map.from_json File.read("examples/foo.map")
bar_map = SourceMap::Map.from_json File.read("examples/bar.map")
foobar_map = foo_map + bar_map
foobar_map.to_json
Pipes map files together, so for example you could pipe a CoffeeScript map of index.coffee
and an uglifier map of index.js
together. In other words, one mapping will be based of the other.
coffeescript_map = SourceMap::Map.from_json(cs_map_json)
uglifier_map = SourceMap::Map.from_json(min_map_json)
combined_map = coffeescript_map | uglifier_map
Find the closest generated mapping to any given offset using a binary tree search.
foo_map = SourceMap::Map.from_json File.read("examples/foo.map")
foo_map.bsearch(SourceMap::Offset.new(1,1)) #=> <Mapping>
The method will return nil
if an offset can't be found.
Convert a Map
instance back to JSON.
map = Map.new([
Mapping.new('a.js', Offset.new(0, 0), Offset.new(0, 0)),
Mapping.new('b.js', Offset.new(1, 0), Offset.new(20, 0)),
Mapping.new('c.js', Offset.new(2, 0), Offset.new(30, 0))
])
map.to_json #=> "{...}"
Instantiate an Offset
, passing in a line and column integer.
Add two offsets together.
Compare the position of two offsets, first the line than the column.
Get a pretty representation of an offset.
FAQs
Unknown package
We found that sourcemap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.