Gathering detailed insights and metrics for source-map-resolve
[DEPRECATED] Resolve the source map and/or sources for a generated file.
Installations
npm install source-map-resolveDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
13.8.0
NPM Version
6.13.7
Score
99.4
Supply Chain
98.5
Quality
75.4
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Contributors
4
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
validate.email 🚀
Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.
Developer
lydell
Download Statistics
Total Downloads
5,676,732,460
Last Day
2,327,079
Last Week
13,055,864
Last Month
55,031,080
Last Year
715,552,531
GitHub Statistics
MIT License
93 Stars
75 Commits
30 Forks
5 Watchers
2 Branches
4 Contributors
Updated on Jan 27, 2025
Bundle Size
5.63 kB
Minified
2.27 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.6.0
Package Id
source-map-resolve@0.6.0
Size
7.46 kB
NPM Version
6.13.7
Node Version
13.8.0
Published on
Mar 21, 2020
Total Downloads
Cumulative downloads
Total Downloads
5,676,732,460
Last Day
-1%
2,327,079
Compared to previous day
Last Week
-0.9%
13,055,864
Compared to previous week
Last Month
-0.7%
55,031,080
Compared to previous month
Last Year
-25.3%
715,552,531
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
5
Overview 
Resolve the source map and/or sources for a generated file.
1var sourceMapResolve = require("source-map-resolve") 2var sourceMap = require("source-map") 3 4var code = [ 5 "!function(){...}();", 6 "/*# sourceMappingURL=foo.js.map */" 7].join("\n") 8 9sourceMapResolve.resolveSourceMap(code, "/js/foo.js", fs.readFile, function(error, result) { 10 if (error) { 11 return notifyFailure(error) 12 } 13 result 14 // { 15 // map: {file: "foo.js", mappings: "...", sources: ["/coffee/foo.coffee"], names: []}, 16 // url: "/js/foo.js.map", 17 // sourcesRelativeTo: "/js/foo.js.map", 18 // sourceMappingURL: "foo.js.map" 19 // } 20 21 sourceMapResolve.resolveSources(result.map, result.sourcesRelativeTo, fs.readFile, function(error, result) { 22 if (error) { 23 return notifyFailure(error) 24 } 25 result 26 // { 27 // sourcesResolved: ["/coffee/foo.coffee"], 28 // sourcesContent: ["<contents of /coffee/foo.coffee>"] 29 // } 30 }) 31}) 32 33sourceMapResolve.resolve(code, "/js/foo.js", fs.readFile, function(error, result) { 34 if (error) { 35 return notifyFailure(error) 36 } 37 result 38 // { 39 // map: {file: "foo.js", mappings: "...", sources: ["/coffee/foo.coffee"], names: []}, 40 // url: "/js/foo.js.map", 41 // sourcesRelativeTo: "/js/foo.js.map", 42 // sourceMappingURL: "foo.js.map", 43 // sourcesResolved: ["/coffee/foo.coffee"], 44 // sourcesContent: ["<contents of /coffee/foo.coffee>"] 45 // } 46 result.map.sourcesContent = result.sourcesContent 47 var map = new sourceMap.sourceMapConsumer(result.map) 48 map.sourceContentFor("/coffee/foo.coffee") 49 // "<contents of /coffee/foo.coffee>" 50})
Installation
npm install source-map-resolve
Usage
sourceMapResolve.resolveSourceMap(code, codeUrl, read, callback)
codeis a string of code that may or may not contain a sourceMappingURL comment. Such a comment is used to resolve the source map.codeUrlis the url to the file containingcode. If the sourceMappingURL is relative, it is resolved againstcodeUrl.read(url, callback)is a function that readsurland responds usingcallback(error, content). In Node.js you might want to usefs.readFile, while in the browser you might want to use an asynchronusXMLHttpRequest.callback(error, result)is a function that is invoked with either an error ornulland the result.
The result is an object with the following properties:
map: The source map forcode, as an object (not a string).url: The url to the source map. If the source map came from a data uri, this property isnull, since then there is no url to it.sourcesRelativeTo: The url that the sources of the source map are relative to. Since the sources are relative to the source map, and the url to the source map is provided as theurlproperty, this property might seem superfluos. However, remember that theurlproperty can benullif the source map came from a data uri. If so, the sources are relative to the file containing the data uri—codeUrl. This property will be identical to theurlproperty orcodeUrl, whichever is appropriate. This way you can conveniently resolve the sources without having to think about where the source map came from.sourceMappingURL: The url of the sourceMappingURL comment incode.
If code contains no sourceMappingURL, the result is null.
sourceMapResolve.resolveSources(map, mapUrl, read, [options], callback)
mapis a source map, as an object (not a string).mapUrlis the url to the file containingmap. Relative sources in the source map, if any, are resolved againstmapUrl.read(url, callback)is a function that readsurland responds usingcallback(error, content). In Node.js you might want to usefs.readFile, while in the browser you might want to use an asynchronusXMLHttpRequest.optionsis an optional object with any of the following properties:sourceRoot: Override thesourceRootproperty of the source map, which might only be relevant when resolving sources in the browser. This lets you bypass it when using the module outside of a browser, if needed. Pass a string to replace thesourceRootproperty with, orfalseto ignore it. Defaults toundefined.
callback(error, result)is a function that is invoked with either an error ornulland the result.
The result is an object with the following properties:
sourcesResolved: The same asmap.sources, except all the sources are fully resolved.sourcesContent: An array with the contents of all sources inmap.sources, in the same order asmap.sources. If getting the contents of a source fails, an error object is put into the array instead.
sourceMapResolve.resolve(code, codeUrl, read, [options], callback)
The arguments are identical to sourceMapResolve.resolveSourceMap, except that
you may also provide the same options as in sourceMapResolve.resolveSources.
This is a convenience method that first resolves the source map and then its
sources. You could also do this by first calling
sourceMapResolve.resolveSourceMap and then sourceMapResolve.resolveSources.
The result is identical to sourceMapResolve.resolveSourceMap, with the
properties from sourceMapResolve.resolveSources merged into it.
There is one extra feature available, though. If code is null, codeUrl is
treated as a url to the source map instead of to code, and will be read. This
is handy if you sometimes get the source map url from the SourceMap: <url>
header (see the Notes section). In this case, the sourceMappingURL property
of the result is null.
sourceMapResolve.*Sync()
There are also sync versions of the three previous functions. They are identical to the async versions, except:
- They expect a sync reading function. In Node.js you might want to use
fs.readFileSync, while in the browser you might want to use a synchronusXMLHttpRequest. - They throw errors and return the result instead of using a callback.
sourceMapResolve.resolveSourcesSync also accepts null as the read
parameter. The result is the same as when passing a function as the read parameter, except that the sourcesContent property of the result will be an
empty array. In other words, the sources aren’t read. You only get the
sourcesResolved property. (This only supported in the synchronus version, since
there is no point doing it asynchronusly.)
sourceMapResolve.parseMapToJSON(string, [data])
The spec says that if a source map (as a string) starts with )]}', it should
be stripped off. This is to prevent XSSI attacks. This function does that and
returns the result of JSON.parseing what’s left.
If this function throws error, error.sourceMapData === data.
Errors
All errors passed to callbacks or thrown by this module have a sourceMapData
property that contain as much as possible of the intended result of the function
up until the error occurred.
Note that while the map property of result objects always is an object,
error.sourceMapData.map will be a string if parsing that string fails.
Note
This module resolves the source map for a given generated file by looking for a
sourceMappingURL comment. The spec defines yet a way to provide the URL to the
source map: By sending the SourceMap: <url> header along with the generated
file. Since this module doesn’t retrive the generated code for you (instead
you give the generated code to the module), it’s up to you to look for such a
header when you retrieve the file (should the need arise).
License
MIT.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/lydell/source-map-resolve/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/lydell/source-map-resolve/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/lydell/source-map-resolve/ci.yml/master?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 3/26 approved changesets -- score normalized to 1
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2025-03-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More