source-map BSD-3-Clause 69 versions

source-map

npm Repository Homepage

Generates and consumes source maps

Versions

BSD-3-Clause

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mozilla-npmmythmonjkratzerfactorui.npmproject-nimbus-publishinggijsbrizentalaplacitellimozrhelmerknowtheorynbaumgardnertigleymeemelimlifshinllisi-mozjdarcangelo-mozillanchevobbemozilla-devtoolsnickfitzgeraldloganfsmythejpbrueltromey

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:bench/scalajs-runtime-sourcemap.js	AI (source-diff): Benchmark fixture containing a standard source map (base64-VLQ mappings). Not executable code; expected test data for a source-map library.	ai	2026/04/21
license	uncommon-license:GPL	AI (license): GPL is part of the standard tri-license used by Mozilla projects; expected and legitimate for this package.	ai	2026/04/21
license	uncommon-license:LGPL	AI (license): LGPL is part of the standard tri-license used by Mozilla projects; expected and legitimate for this package.	ai	2026/04/21
npm-metadata	suspicious-initial-version	AI (npm-metadata): source-map 0.0.0 is the original 2011 release of the canonical Mozilla source-map library, not a throwaway package. Version 0.0.0 reflects early npm conventions, not malicious intent.	ai	2026/04/21
license	uncommon-license:MPL	AI (license): MPL is the standard Mozilla Public License used across all Mozilla open-source projects; expected and legitimate for this package.	ai	2026/04/21
source-diff	obfuscated-file:dist/source-map.js	AI (source-diff): dist/source-map.js is a webpack bundle built from source (confirmed by build script in package.json). Standard for browser-compatible distribution of source-map.	ai	2026/04/21
dependencies	unvetted-dep:requirejs	AI (dependencies): requirejs is a well-known AMD module loader; its use as a pinned dependency in this early-era Mozilla package is legitimate and expected.	ai	2026/04/21
license	uncommon-license:BSD	AI (license): Package explicitly references BSD-3-Clause; the 'BSD' short-form label is a known false positive for this well-established Mozilla package.	ai	2026/04/21
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of 'mozilla' account while adding multiple Mozilla-affiliated individual accounts is consistent with org restructuring.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Legitimate maintainer transition within Mozilla org; new publisher eemeli is established, repo URL unchanged, multiple Mozilla-affiliated maintainers added.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are Mozilla-affiliated accounts; reflects org-level npm account management, not a takeover.	ai	2026/04/21
source-diff	obfuscated-file:dist/source-map.debug.js	AI (source-diff): Webpack bundle output for browser distribution; standard build artifact, not obfuscation.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_base64.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_base64_vlq.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_binary_search.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_array_set.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_quick_sort.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_source_map_consumer.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_source_map_generator.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_source_node.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_util.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_dog_fooding.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): New dist/ folder with webpack bundles for browser support; expected for this package.	ai	2026/04/21
source-diff	source-size-tripled	AI (source-diff): Size increase from adding dist/ webpack bundles; expected build artifacts for browser distribution.	ai	2026/04/21
source-diff	obfuscated-file:dist/test/test_api.js	AI (source-diff): Webpack-bundled test file for browser testing; standard build artifact.	ai	2026/04/21
provenance	no-provenance	AI (provenance): source-map is a 5000+ day old Mozilla package with 280M weekly downloads; lack of Sigstore provenance is expected for packages of this era and does not indicate risk.	ai	2026/04/21
dependencies	unvetted-dep:amdefine	AI (dependencies): amdefine is a well-known AMD/CommonJS compatibility shim and has been a stable, legitimate dependency of source-map for many years.	ai	2026/04/21

Versions (showing 69 of 69)

Version	Deps	Published
0.7.6	0 / 5	2025-07-24
0.7.5	0 / 5	2025-07-24
0.7.4	0 / 8	2022-06-04
0.7.3	0 / 7	2018-05-16
0.7.2	0 / 2	2018-02-26
0.7.1	0 / 2	2018-02-14
0.7.0	0 / 2	2018-01-19
0.6.1	0 / 2	2017-09-29
0.6.0	0 / 2	2017-09-27
0.5.7	0 / 2	2017-08-21
0.5.6	0 / 2	2016-05-02
0.5.5	0 / 2	2016-04-25
0.5.4	0 / 2	2016-04-22
0.5.3	0 / 2	2015-10-23
0.5.2	0 / 2	2015-10-21
0.5.1	0 / 2	2015-09-23
0.5.0	0 / 2	2015-09-10
0.4.4	1 / 1	2015-07-13
0.4.3	1 / 1	2015-07-07
0.4.2	1 / 1	2015-03-12
0.4.1	1 / 1	2015-03-02
0.4.0	1 / 1	2015-02-25
0.3.0	1 / 1	2015-02-10
0.2.0	1 / 1	2015-01-26
0.1.43	1 / 1	2015-01-08
0.1.42	1 / 1	2014-12-31
0.1.41	1 / 1	2014-12-17
0.1.40	1 / 1	2014-10-02
0.1.39	1 / 1	2014-09-09
0.1.38	1 / 1	2014-08-03
0.1.37	1 / 1	2014-07-11
0.1.36	1 / 1	2014-07-09
0.1.35	1 / 1	2014-07-08
0.1.34	1 / 1	2014-06-09
0.1.33	1 / 1	2014-02-27
0.1.32	1 / 1	2014-02-11
0.1.31	1 / 1	2013-11-01
0.1.30	1 / 1	2013-09-30
0.1.29	1 / 1	2013-08-22
0.1.28	1 / 1	2013-08-16
0.1.27	1 / 1	2013-07-22
0.1.26	1 / 1	2013-07-15
0.1.25	1 / 1	2013-06-27
0.1.24	1 / 1	2013-06-24
0.1.23	1 / 1	2013-06-14
0.1.22	1 / 1	2013-04-04
0.1.21	1 / 1	2013-04-02
0.1.20	1 / 1	2013-04-02
0.1.19	1 / 1	2013-03-25
0.1.18	1 / 1	2013-03-25
0.1.17	1 / 1	2013-03-25
0.1.16	1 / 1	2013-03-22
0.1.15	1 / 1	2013-03-22
0.1.14	1 / 1	2013-03-21
0.1.13	1 / 1	2013-03-20
0.1.12	1 / 1	2013-03-20
0.1.11	1 / 1	2013-03-20
0.1.10	1 / 1	2013-03-19
0.1.9	1 / 1	2013-03-01
0.1.8	1 / 1	2012-11-19
0.1.7	1 / 1	2012-11-02
0.1.6	1 / 1	2012-11-02
0.1.5	1 / 1	2012-10-31
0.1.4	1 / 1	2012-10-29
0.1.3	1 / 1	2012-10-12
0.1.2	1 / 0	2012-09-05
0.1.1	1 / 0	2012-06-19
0.1.0	1 / 0	2011-09-08
0.0.0	1 / 0	2011-08-30