search menu
Tools

Import maps

Leakpit provides a tool for managing JavaScript module imports without relying on a bundler. This tool allows you to pin external modules (from npm or CDNs), download them to your project and generate the importmap.json.

Installation #

To use this tool you need to download it by running the following command:

go get --tool go.leapkit.dev/tools/importmap

Usage #

Pinning modules #

To pin external modules, use the following command:

go tool importmap pin <module_name>[@<version>] [module_name[@<version>]]

This will download the specified modules and generate an importmap.json file. By default the JSON file is created into the ./internal/system/assets folder and downloaded JS modules are stored into a vendor folder within the same path in the project.

├── internal/
│    ├── system/
│    │    ├── assets/
│    │    │    ├── application.js
│    │    │    ├── importmap.json
│    │    │    └── vendor/
│    │    │    |     ├── [email protected]
│    │    │    |     └── [email protected]
// importmap.json
{
    "imports": {
        "application": "application.js",
        "module_1": "vendor/[email protected]",
        "module_2": "vendor/[email protected]"
    }
}

Unpinning modules #

To unpin external modules, use the unpin command to remove the specified modules from the importmap.json file and delete the downloaded JS modules from the vendor folder.

go tool importmap unpin <module_name> [module_name, ...]

Updating modules #

To update all your external modules to their last versions, use the following command:

go tool importmap update

If you need to update a module to an specific version, use the pin command:

go tool importmap pin <module_name>[@<version>]

Re-download modules #

If you want to re-download packages from the importmap.json file, use the pristine command:

go tool importmap pristine

Watching installed modules #

If you want to watch your installed modules, use the packages command:

go tool importmap packages
[info] Pinned packages:
  application to: application.css
  module_1    to: vendor/[email protected]
  module_2    to: vendor/[email protected]

or if you want to see a JSON view of them, use the json command:

go tool importmap json
[info] internal/system/assets/importmap.json
{
    "imports": {
        "application": "application.js",
        "module_1": "vendor/[email protected]",
        "module_2": "vendor/[email protected]"
    }
}

Outdated modules #

This tool provides a way to check for outdated modules. To check for outdated modules, use the outdated command:

go tool importmap outdated
[info] outdated packages:
  module_1 pinned: 1.0.0, latest: 1.2.3
  module_2 pinned: 1.0.0, latest: 1.2.3

Audit modules #

To audit your modules, use the audit command:

go tool importmap audit
[info] audit report:
[info] Report results:

[email protected]
  Severity            "high"
  Description         "Vulnerability description"
  Vulnerable versions "<1.0.0"