Sometimes tech people forget to disable source-maps in production, especially when using the create-react-app project.
This might sound too basic, but I've looked this mistake so many times in private production projects.
TL&DR ... not really, this is a very small article
The create-react-app build command is not production ready, before publishing your project you should remove source-maps. However, this applies to any private web project, so, be careful and take a look at your production code maybe you are leaking the whole codebase.
Related issue: https://github.com/facebook/create-react-app/issues/2005
Top comments (3)
I guess it just depends on the nature of your app. Javascript source code is easily beautified back again (without any sourcemap), so maybe isn't even worth removing them. Having the sourcemaps available improves Sentry reports, for example.
Also, it respects your user's freedom. And it makes reporting bugs by a casual dev much simpler ;)
I agree, there is no such thing as full-security, neither in frontend nor your backend systems. What really makes the difference is the number of layers you have, but systems always can be broken. So not leaking your codebase in a readable manner is another security layer you can have. From a developer perspective, the real value of a codebase is the time you put in organize, name things (a hard part), give structure and meaning to your code, not so much the code itself as a sequence of statements. So, if your code is readable and understandable, is also easy to reuse and then it becomes a business concern because if you leak this type of code, anyone can copy & paste and reuse your components and I think business people are going to be not so happy about this. I think for this reason companies like Facebook do not leak his code in this way if they want to share those valuable assets they do it in a way they can gain some value and do not lose some competitive advantage.