I'm a Systems Reliability and DevOps engineer for Netdata Inc. When not working, I enjoy studying linguistics and history, playing video games, and cooking all kinds of international cuisine.
However, is it safe to leave that in production because, with the source map, you can generate the real source code and able to read the unminified code?
If the minification doesn't actually break anything (that is, your code works identically before and after minification), you can do this without a source map. Yeah, you won't see 'actual' variable and function names, but anybody who's actually good at JS shouldn't need that (it makes it easier, but isn't required by any means). Most developer tools actually have a way to 'pretty-print' source code (that is, display it with what they consider 'correct' formatting for human consumption). Try viewing your minified code through that (or just send it through any of the widely available formatting tools out there), and you'll notice that it's actually rather readable other than the mangled variable and function names.
So no, there's no security risk as long as you're not encoding secret data into your variable and function names.
anybody who's actually good at JS shouldn't need that
Good luck going through thousands of lines, where each variable is meaningless alphanumeric mush.
Even with pretty print option, you'll have a hard time understanding the code without investing a good portion of time.
Normaly when you code, you don't have each variable has meaningless alphanumeric mush.
A good Dev take care of the quality of the code because of the future. We never know.
I'm a Systems Reliability and DevOps engineer for Netdata Inc. When not working, I enjoy studying linguistics and history, playing video games, and cooking all kinds of international cuisine.
Except that you almost always have a debugger available, which means you can easily correlate code with what's happening on the page. Drop a breakpoint at the start of each function, reload, and you can literally follow the flow of execution from the very beginning.
Yes, it's not easy, but it's definitely doable with patience, and anybody who's likely to rip off your code will generally have a lot of that.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If the minification doesn't actually break anything (that is, your code works identically before and after minification), you can do this without a source map. Yeah, you won't see 'actual' variable and function names, but anybody who's actually good at JS shouldn't need that (it makes it easier, but isn't required by any means). Most developer tools actually have a way to 'pretty-print' source code (that is, display it with what they consider 'correct' formatting for human consumption). Try viewing your minified code through that (or just send it through any of the widely available formatting tools out there), and you'll notice that it's actually rather readable other than the mangled variable and function names.
So no, there's no security risk as long as you're not encoding secret data into your variable and function names.
Good luck going through thousands of lines, where each variable is meaningless alphanumeric mush.
Even with pretty print option, you'll have a hard time understanding the code without investing a good portion of time.
Normaly when you code, you don't have each variable has meaningless alphanumeric mush.
A good Dev take care of the quality of the code because of the future. We never know.
Except that you almost always have a debugger available, which means you can easily correlate code with what's happening on the page. Drop a breakpoint at the start of each function, reload, and you can literally follow the flow of execution from the very beginning.
Yes, it's not easy, but it's definitely doable with patience, and anybody who's likely to rip off your code will generally have a lot of that.