DEV Community

Cover image for Unpacking js.map files
fx2301
fx2301

Posted on

Unpacking js.map files

Why?

You want to review JavaScript for vulnerabilities outside of the browser.

When?

This can be done when .js.map files are available. The hint will be unofusicated code in the browser debugger, and //# sourceMappingURL= lines on the end of obfusicated .js files.

How?

unpack failed on some content for me and consumed the first character of filenames. source-map-unpacker worked well:

npm install source-map-unpacker
node ./node_modules/source-map-unpacker/unmap.js \
  -p code.js.map -o code
Enter fullscreen mode Exit fullscreen mode

Art licensed under Creative Commons by gforsythe

Discussion (0)