Installations
npm install @joshaber/webpack-sourcesDeveloper Guide
Typescript
No
Module System
CommonJS
Score
72.9
Supply Chain
98.9
Quality
74.6
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (100%)
Developer
webpack
Download Statistics
Total Downloads
576
Last Day
2
Last Week
4
Last Month
12
Last Year
63
GitHub Statistics
262 Stars
299 Commits
71 Forks
10 Watching
10 Branches
93 Contributors
Bundle Size
45.18 kB
Minified
12.19 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
1.3.1
Package Id
@joshaber/webpack-sources@1.3.1
Unpacked Size
29.54 kB
Size
7.93 kB
File Count
16
Total Downloads
Cumulative downloads
Total Downloads
576
Last day
0%
2
Compared to previous day
Last week
300%
4
Compared to previous week
Last month
100%
12
Compared to previous month
Last year
-47.1%
63
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
webpack-sources
Contains multiple classes which represent a Source. A Source can be asked for source code, size, source map and hash.
Source
Base class for all sources.
Public methods
All methods should be considered as expensive as they may need to do computations.
source
1Source.prototype.source() -> String | ArrayBuffer
Returns the represented source code as string.
size
1Source.prototype.size() -> Number
Returns the size in chars of the represented source code.
map
1Source.prototype.map(options: Object) -> Object | null
Returns the SourceMap of the represented source code as JSON. May return null if no SourceMap is available.
The options object can contain the following keys:
columns: Boolean(defaulttrue): If set to false the implementation may omit mappings for columns.module: Boolean(defaulttrue): If set to false the implementation may omit inner mappings for modules.
sourceAndMap
1Source.prototype.sourceAndMap(options: Object) -> { 2 code: String, 3 map: Object 4}
Returns both, source code (like Source.prototype.source() and SourceMap (like Source.prototype.map()). This method could have better performance than calling source() and map() separately.
See map() for options.
updateHash
1Source.prototype.updateHash(hash: Hash) -> void
Updates the provided Hash object with the content of the represented source code. (Hash is an object with an update method, which is called with string values)
node (optional)
1Source.prototype.node(options: Object) -> SourceNode
This is an optional method. It may be null if not implemented.
Returns a SourceNode (see source-map library) for the represented source code.
See map() for options.
listNode (optional)
1Source.prototype.listNode(options: Object) -> SourceNode
This is an optional method. It may be null if not implemented.
Returns a SourceListMap (see source-list-map library) for the represented source code.
See map() for options.
RawSource
Represents source code without SourceMap.
1new RawSource(sourceCode: String)OriginalSource
Represents source code, which is a copy of the original file.
1new OriginalSource(
2 sourceCode: String,
3 name: String
4)sourceCode: The source code.name: The filename of the original source code.
OriginalSource tries to create column mappings if requested, by splitting the source code at typical statement borders (;, {, }).
SourceMapSource
Represents source code with SourceMap, optionally having an additional SourceMap for the original source.
1new SourceMapSource( 2 sourceCode: String, 3 name: String, 4 sourceMap: Object | String, 5 originalSource?: String, 6 innerSourceMap?: Object | String 7)
sourceCode: The source code.name: The filename of the original source code.sourceMap: The SourceMap for the source code.originalSource: The source code of the original file. Can be omitted if thesourceMapalready contains the original source code.innerSourceMap: The SourceMap for theoriginalSource/name.
LineToLineMappedSource
Represents source code, which is mapped line by line to the original file.
1new LineToLineMappedSource(
2 sourceCode: String,
3 name: String,
4 originalSource: String
5)sourceCode: The source code.name: The filename of the original source code.originalSource: The original source code.
CachedSource
Decorates a Source and caches returned results of map, source, size and sourceAndMap in memory. Every other operation is delegated to the wrapped Source.
1new CachedSource(source: Source)
PrefixSource
Prefix every line of the decorated Source with a provided string.
1new PrefixSource(
2 prefix: String,
3 source: Source
4)ConcatSource
Concatenate mulitple Sources or strings to a single source.
1new ConcatSource( 2 ...items?: Source | String 3)
Public methods
add
1ConcatSource.prototype.add(item: Source | String)
Adds an item to the source.
ReplaceSource
Decorates a Source with replacements and insertions of source code.
Public methods
replace
1ReplaceSource.prototype.replace( 2 start: Number, 3 end: Number, 4 replacement: String 5)
Replaces chars from start (0-indexed, inclusive) to end (0-indexed, inclusive) with replacement.
Locations represents locations in the original source and are not influenced by other replacements or insertions.
insert
1ReplaceSource.prototype.insert( 2 pos: Number, 3 insertion: String 4)
Inserts the insertion before char pos (0-indexed).
Location represents location in the original source and is not influenced by other replacements or insertions.
original
Get decorated Source.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 5/10 approved changesets -- score normalized to 5
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/webpack-sources/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/webpack-sources/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/webpack-sources/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/webpack-sources/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/webpack-sources/test.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
3.6
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More