{"id":42471089,"url":"https://github.com/thredup/rollbar-sourcemap-webpack-plugin","last_synced_at":"2026-01-28T09:48:48.018Z","repository":{"id":8356627,"uuid":"58090463","full_name":"thredup/rollbar-sourcemap-webpack-plugin","owner":"thredup","description":"A Webpack plugin to upload sourcemaps to Rollbar","archived":false,"fork":false,"pushed_at":"2023-08-29T15:23:54.000Z","size":2958,"stargazers_count":146,"open_issues_count":38,"forks_count":43,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-10-24T01:34:56.967Z","etag":null,"topics":["rollbar","sourcemaps","webpack","webpack-plugin"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thredup.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-04T23:33:44.000Z","updated_at":"2025-07-17T18:28:26.000Z","dependencies_parsed_at":"2024-06-18T13:53:12.241Z","dependency_job_id":"fd818062-9fe5-49f0-9185-80879b68f0cc","html_url":"https://github.com/thredup/rollbar-sourcemap-webpack-plugin","commit_stats":{"total_commits":190,"total_committers":16,"mean_commits":11.875,"dds":0.3052631578947368,"last_synced_commit":"0c15d3eb902da482bb04142e5abc7e6a66595107"},"previous_names":["brandondoran/rollbar-sourcemap-webpack-plugin"],"tags_count":43,"template":false,"template_full_name":null,"purl":"pkg:github/thredup/rollbar-sourcemap-webpack-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thredup%2Frollbar-sourcemap-webpack-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thredup%2Frollbar-sourcemap-webpack-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thredup%2Frollbar-sourcemap-webpack-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thredup%2Frollbar-sourcemap-webpack-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thredup","download_url":"https://codeload.github.com/thredup/rollbar-sourcemap-webpack-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thredup%2Frollbar-sourcemap-webpack-plugin/sbom","scorecard":{"id":883284,"data":{"date":"2025-08-11","repo":{"name":"github.com/thredup/rollbar-sourcemap-webpack-plugin","commit":"0c15d3eb902da482bb04142e5abc7e6a66595107"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 2/25 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/thredup/rollbar-sourcemap-webpack-plugin/nodejs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/thredup/rollbar-sourcemap-webpack-plugin/nodejs.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"65 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-vxf5-wxwp-m7g9","Warn: Project is vulnerable to: GHSA-25mp-g6fv-mqxx","Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc","Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f","Warn: Project is vulnerable to: GHSA-qpjv-v59x-3qc4","Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w","Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf","Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-pvrw-g6fx-mcx2","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T09:03:56.222Z","repository_id":8356627,"created_at":"2025-08-24T09:03:56.222Z","updated_at":"2025-08-24T09:03:56.222Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28844011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T07:39:25.367Z","status":"ssl_error","status_checked_at":"2026-01-28T07:39:24.487Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rollbar","sourcemaps","webpack","webpack-plugin"],"created_at":"2026-01-28T09:48:47.407Z","updated_at":"2026-01-28T09:48:48.013Z","avatar_url":"https://github.com/thredup.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RollbarSourceMapPlugin\n\n[![Dependency Status](https://img.shields.io/david/thredup/rollbar-sourcemap-webpack-plugin.svg?style=flat-square)](https://david-dm.org/thredup/rollbar-sourcemap-webpack-plugin)\n[![devDependency Status](https://img.shields.io/david/dev/thredup/rollbar-sourcemap-webpack-plugin.svg?maxAge=2592000?style=flat-square)](https://david-dm.org/thredup/rollbar-sourcemap-webpack-plugin#info=devDependencies)\n[![Dependabot Status](https://api.dependabot.com/badges/status?host=github\u0026repo=thredup/rollbar-sourcemap-webpack-plugin)](https://dependabot.com)\n[![Actions Status](https://github.com/thredup/rollbar-sourcemap-webpack-plugin/workflows/CI/badge.svg)](https://github.com/thredup/rollbar-sourcemap-webpack-plugin/actions)\n[![Downloads](https://img.shields.io/npm/dm/rollbar-sourcemap-webpack-plugin.svg?style=flat-square)](https://www.npmjs.com/package/rollbar-sourcemap-webpack-plugin)\n\nThis is a [Webpack](https://webpack.github.io) plugin that simplifies uploading the sourcemaps,\ngenerated from a webpack build, to [Rollbar](https://rollbar.com).\n\nProduction JavaScript bundles are typically minified before deploying,\nmaking Rollbar stacktraces pretty useless unless you take steps to upload the sourcemaps.\nYou may be doing this now in a shell script, triggered during your deploy process,\nthat makes curl posts to the Rollbar API. This can be finicky and error prone to setup.\nRollbarSourceMapPlugin aims to remove that burden and automatically upload the sourcemaps when they are emitted by webpack.\n\n## Prerequisites\n\n**As of version 3.0.0, Webpack 4 is required. This plugin is no longer compatible with Webpack 3 and older.**\n\n## Installation\n\nInstall the plugin with npm:\n\n```shell\nnpm install rollbar-sourcemap-webpack-plugin --save-dev\n```\n\n## Basic Usage\n\nAn example webpack.config.js:\n\n```javascript\nconst RollbarSourceMapPlugin = require('rollbar-sourcemap-webpack-plugin')\n\nconst PUBLIC_PATH = 'https://my.cdn.net/assets'\n\nconst webpackConfig = {\n  mode: 'production',\n  devtool: 'hidden-source-map'\n  entry: 'index',\n  publicPath: PUBLIC_PATH,\n  output: {\n    path: 'dist',\n    filename: 'index-[hash].js'\n  },\n  plugins: [new RollbarSourceMapPlugin({\n    accessToken: 'aaaabbbbccccddddeeeeffff00001111',\n    version: 'version_string_here',\n    publicPath: PUBLIC_PATH\n  })]\n}\n```\n\n## Plugin Configuration\n\nYou can pass a hash of configuration options to `RollbarSourceMapPlugin`.\nAllowed values are as follows:\n\n### `accessToken: string` **(required)**\n\nYour rollbar `post_server_item` access token.\n\n### `version: string` **(required)**\n\nA string identifying the version of your code this source map package is for. Typically this will be the full git sha.\n\n### `publicPath: string | function(string): string` **(required)**\n\nThe base url for the cdn where your production bundles are hosted or a function that receives the source file local address and returns the url for that file in the cdn where your production bundles are hosted.\nYou should use the function form when your project has some kind of divergence between url routes and actual folder structure.\nFor example: NextJs projects can serve bundled files in the following url `http://my.app/_next/123abc123abc123/page/home.js` but have a folder structure like this `APP_ROOT/build/bundles/pages/home.js`.\nThe function form allows you to transform the final public url in order to conform with your routing needs.\n\n### `includeChunks: string | [string]` **(optional)**\n\nAn array of chunks for which sourcemaps should be uploaded.\nThis should correspond to the names in the webpack config `entry` field.\nIf there's only one chunk, it can be a string rather than an array.\nIf not supplied, all sourcemaps emitted by webpack will be uploaded, including those for unnamed chunks.\n\n### `silent: boolean` **(default: `false`)**\n\nIf `false`, success and warning messages will be logged to the console for each upload. Note: if you also do not want to see errors, set the `ignoreErrors` option to `true`.\n\n### `ignoreErrors: boolean` **(default: `false`)**\n\nSet to `true` to bypass adding upload errors to the webpack compilation. Do this if you do not want to fail the build when sourcemap uploads fail.\nIf you do not want to fail the build but you do want to see the failures as warnings, make sure `silent` option is set to `false`.\n\n### `rollbarEndpoint: string` **(default: `https://api.rollbar.com/api/1/sourcemap`)**\n\nA string defining the Rollbar API endpoint to upload the sourcemaps to. It can be used for self-hosted Rollbar instances.\n\n### `encodeFilename: boolean` **(default: `false`)**\n\nSet to true to encode the filename. NextJS will reference the encode the URL when referencing the minified script which must match exactly with the minified file URL uploaded to Rollbar.\n\n## Webpack Sourcemap Configuration\n\nThe [`output.devtool`](https://webpack.js.org/configuration/devtool/) field in webpack configuration controls how sourcemaps are generated.\nThe recommended setup for sourcemaps in a production app is to use hidden sourcemaps.\nThis will include original sources in your sourcemaps, which will be uploaded to Rollbar and NOT to a public location alongside the minified javascript.\nThe `hidden` prefix will prevent `//# sourceMappingURL=URL_TO_SOURCE_MAP` from being inserted in the minified javascript.\nThis is important because if the `sourceMappingURL` comment is present,\nRollbar will attempt to download the sourcemap from this url, which negates the whole\npurpose of this plugin. And since you are not uploading sourcemaps to a public location,\nRollbar would not be able to download the sourcemaps.\n\n### webpack.config.js\n\n```json\noutput: {\n  devtool: 'hidden-source-map'\n}\n```\n\n## App Configuration\n\n- The web app should have [Rollbar.js](https://www.npmjs.com/package/rollbar) installed and configured for webpack as described [here](https://github.com/rollbar/rollbar.js/tree/master/examples/webpack#using-rollbar-with-webpack).\n- See the [Rollbar source map](https://rollbar.com/docs/source-maps/) documentation\n  for how to configure the client side for sourcemap support.\n  The `code_version` parameter must match the `version` parameter used for the plugin.\n- More general info on the using [Rollbar for browser JS](https://rollbar.com/docs/notifier/rollbar.js/).\n\n## Examples\n\n- [React](https://github.com/thredup/rollbar-sourcemap-webpack-plugin/tree/master/examples/react)\n- [Next.js](https://github.com/thredup/rollbar-sourcemap-webpack-plugin/tree/master/examples/next-js)\n\n## Contributing\n\nSee the [Contributors Guide](/CONTRIBUTING.md)\n\n## License\n\n[MIT](/LICENSE.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthredup%2Frollbar-sourcemap-webpack-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthredup%2Frollbar-sourcemap-webpack-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthredup%2Frollbar-sourcemap-webpack-plugin/lists"}