feat(@angular/build): emit debug ids for stable subresource integrity hashes#33110
Conversation
Sorry, something went wrong.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements ECMA-426 Debug ID injection into JavaScript files and source maps using a new deterministic UUIDv5 utility. The injection is integrated into the post-bundle build process and includes validation tests. Review feedback suggests hardening the regex for comment detection to prevent false positives and optimizing the source map JSON update to maintain formatting and performance.
Sorry, something went wrong.
|
Sorry for the delay. Just the comment about the regular expressions and this should be good to merge. Also please squash the commits. |
Sorry, something went wrong.
… hashes Enable generating sub-resource integrity hashes when using error tracking tools relying on Debug IDs linking generated code files with source maps. Closes angular#33108 fix: persist formatting of source map JSON fix: improve source map comment detection and test fix
IchordeDionysos
force-pushed
the
feat/sub-resource-integrity-with-debug-id
branch
from
29e12e5 to
11b40dc
Compare
June 13, 2026 15:06
|
@clydin no worries you were probably more focused on the 22 release with it's amazing features 😍 Adjusted the Regex and did one minor incorrect test assumption. |
Sorry, something went wrong.
Reviewers
+1 more reviewer
2 participants
Enable generating sub-resource integrity hashes when using error tracking tools relying on Debug IDs linking generated code files with source maps.
Closes #33108
PR Checklist
Please check to confirm your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
When Angular generates source maps, they only include a link to the source map URL and no Debug ID:
The source map file also does not contain a debug ID:
{ "version": 3, "debugId": "old", "mappings": "" }Issue Number: #33108
What is the new behavior?
When Angular generates source maps, in addition to the source map URL, generated files will also include a Debug ID above the
sourceMappingURL:In addition the source map file will include the matching Debug ID:
{ "version": 3, "debugId": "old", "mappings": "", "debugId": "11111111-2222-5333-9444-555555555555" }Does this PR introduce a breaking change?
Other information
I'm happy to hear if there are concerns with this particular approach and which alternative solutions might be a better solution.
This allows error tracking to more reliably map generated code files to their corresponding stack traces.
Error tracking tools have historically solved this by running post-processing scripts that generate and inject Debug IDs after the framework build script and before deployment.
However, this approach will break any integrity hash that Angular generated for SRI as the file content will have changed.
--
This PR is part of a two fold effort to enable SRI for our specific integration of Angular.
The first PR, implementing support for dynamically loaded files can be found here, and should be merged first: #33109