Skip to content

Upload SourceMap During Project Build

TrueWatch currently provides a Vite plugin that makes it easy to upload SourceMap files for the corresponding directory during the build process of a Web project.

Note: Currently, only Web applications are supported for upload.

Preparation

  1. Obtain the OpenApi domain address for the corresponding site;
  2. Obtain the required API KEY for OpenApi from TrueWatch here;
  3. Obtain the applicationId, env, and version information for the Web application from TrueWatch. If there is no application, create a new one;
  4. Preparation is complete.

Vite

Install @cloudcare/vite-plugin-sourcemap

Using npm:

npm install @cloudcare/vite-plugin-sourcemap --save-dev

Using yarn:

yarn add @cloudcare/vite-plugin-sourcemap --dev

Using pnpm:

pnpm add @cloudcare/vite-plugin-sourcemap --save-dev

Modify the plugins option in the vite.config.js file

// vite.config.ts
import { defineConfig } from "vite"
import vue from "@vitejs/plugin-vue"
import { SourceMapUploadVitePlugin } from "@cloudcare/vite-plugin-sourcemap"
// https://vitejs.dev/config/
export default defineConfig({
  build: {
    sourcemap: true, // Source map generation must be turned on
  },
  plugins: [
    vue(),

    SourceMapUploadVitePlugin({
      applicationId: "xxxxx", //  TrueWatch application appid
      apiKey: "xxxxxxxx", // open apikey
      server: "https://console.xx-xxx.cn", // openapi address for the corresponding site
      filepaths: ["dist/"], // directories to search, can be files or directories
      logLevel: "verbose", // log level
      //   root: 'dist/', // root directory for the relative path to upload
      env: "production", // TrueWatch application env
      version: "1.0.0", // TrueWatch application version
    }),
  ],
})

Sourcemap Plugin Options

interface Options {
  /**
   *
   * Files/directories to search for sourcemap.
   * All files that match the "extensions" list but do not match the "ignore" list will be searched
   * for sourcemap JSON or `//#sourceMappingURL=` comments to find the generated file + source map pairs, then the source maps will be uploaded.
   */
  filepaths: Array<string> | string

  /**
   * OpenApi Key generated by the TrueWatch platform, generation method reference (https://docs.truewatch.com/management/api-key/open-api/#_1)
   */
  apiKey: string

  /**
   * OpenApi service of the TrueWatch platform
   */
  server: string
  /**
   * applicationId corresponding to the TrueWatch RUM application (required)
   */
  applicationId: string
  /**
   * version corresponding to the TrueWatch RUM application (optional)
   */
  version?: string
  /**
   * env corresponding to the TrueWatch RUM application (optional)
   */
  env?: string

  /**
   * Find all matching files but do not upload them, useful for debugging
   */
  dryRun?: boolean
  /**
   * Delete all found source map files after upload.
   */
  deleteAfterUpload?: boolean
  /**
   * If source maps cannot be matched with their generated files via sourceMappingURL, attempt to match them by filename on the local disk
   */
  matchSourcemapsByFilename: ?boolean

  /**
   * List of file extensions to search for in the directory
   * Default [".js", ".map"].
   */
  extensions?: Array<string>

  /**
   * List of files to ignore
   */
  ignore?: Array<string>

  /**
   * Directory to which relative paths should be calculated. The relative paths of the sourcemaps to be uploaded should be included in the path where the error occurs, hence
   * the purpose of this parameter is to control the relative directory to upload
   * Default relative path from the execution directory to the search directory path.relative(process.cwd(), filepath)
   */
  root?: string
  /**
   * Log level for debugging purposes
   */
  logLevel?: "quiet" | "normal" | "verbose"
  /**
   * Whether to ignore errors on failure, this configuration ensures that errors do not interrupt the build process. Default false, meaning errors will be thrown normally
   */
  warnOnFailure?: boolean
}

Sourcemap Visibility in Production Environment

In production environments, sourcemap files are usually not retained for security reasons. These files allow developers to map minified or compiled code back to the original source code, but if exposed, they can reveal the internal logic of the application, increasing security risks.

To handle sourcemaps safely, you can enable the deleteAfterUpload: true option when configuring the SourceMapUploadVitePlugin. This ensures that once the sourcemaps are uploaded to the server, they are immediately deleted from the local file system, preventing them from being left behind in the production environment.

Additionally, by setting build.sourcemap to "hidden" in vite.config.ts, you can generate Sourcemaps without including any references to them in the JavaScript files. This prevents browsers from attempting to download and view the source code.

If "hidden" is enabled, you should also set matchSourcemapsByFilename: true in the SourceMapUploadVitePlugin. This configuration ensures that the plugin can identify and upload the corresponding Sourcemap files based on the JavaScript file names, even if there are no explicit references in the generated code.

Through these measures, you can maintain the convenience of application debugging while effectively protecting the security of the source code.

// vite.config.ts
import { defineConfig } from "vite"
import vue from "@vitejs/plugin-vue"
import { SourceMapUploadVitePlugin } from "@cloudcare/vite-plugin-sourcemap"
// https://vitejs.dev/config/
export default defineConfig({
  build: {
    sourcemap: "hidden", // Source map generation must be turned on
  },
  plugins: [
    vue(),

    SourceMapUploadVitePlugin({
      applicationId: "xxxxx", //  TrueWatch application appid
      apiKey: "xxxxxxxx", // open apikey
      server: "https://console.xxx-xxx.cn",
      filepaths: ["dist/"], // directories to search, can be files or directories
      logLevel: "verbose", // log level
      //   root: 'dist/', // root directory for the relative path to upload
      env: "production", // TrueWatch application env
      version: "1.0.0", // TrueWatch application version
      deleteAfterUpload: true,
      matchSourcemapsByFilename: true,
    }),
  ],
})

How to DEBUG

If no corresponding Sourcemap is found during the process, you can set the environment variable DEBUG=sourcemap-upload or configure logLevel: verbose to run the build command and view the detailed logs.

Notes

  • Node version > 16;

  • Notes on filepaths and root configuration:

In the console, there is an error with a line like at SVGGElement.<anonymous> @ http://localhost:8000/js/chunk-vendors.732b3b98.js:1:93427, where the relative path of the file causing the error is js/chunk-vendors.732b3b98.js. If the js files are in the static directory of the server as dist/js/*.js dist/js/*.js.map, the plugin configuration should be filepaths: ['dist'].

If root is not configured, the default value is dist/, and the Sourcemap file path uploaded to the server will be dist/js/**.js.map. In this case, the uploaded file directory path will not match the path where the error occurred. Therefore, you should add the configuration root:'/' or root: '' to ensure the uploaded directory path is js/**.js.map.