Your source code is public if you don’t know this simple trick. | by Shoaib Mehedi | Dev Genius | Apr, 2021 | Medium

 

Your source code is public if you don’t know this simple trick.

This simple trick will save your career.

As web developers, we should always be careful. Many possibilities like vulnerability, security issues, public keys, public source code, and many others can happen. One of the most dangerous issues is public source code.

Source code and map

When you build your project, the process generates a folder called “build” or any other as per framework policy. Just go to the build folder, and you will find some .jsextension files, and some are .map extension files. The js & map files are the source and map files. The map files are also important while developing. The map helps to debug.

Your Source Is Public

When a web is published, then you only publish the build folder. Now from the previous section, we know that the map file is only needed to debug. If we publish the build folder with the map files, then your source code is considered.

Where to find source code

  • Inspect the web page from a browser.
  • Go to the Source tab.
  • There you will find the whole path of the source

Solution

There are two simple solutions to solve the problem. The ultimate target is to remove map files before deployment. Here is a simple way you can use it. Add GENERATE_SOURCEMAP = false at your package.json script section.

"scripts": {"build": "GENERATE_SOURCEMAP=false}

Removing maps manually will also work, but this is now a proper way.

Conclusion

In this article, I tried to cover a simple trick some don’t know about. Sometimes this little mistake makes a thread. Thank you.

Have a great day!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.