While this is a nice thing to do, and definitely good practice when deploying to production, you shouldn't rely on this alone to protect your source code as it can be easily found by prettifying the output main.js bundle.
Even though you prettify the code, the prettified code is a minified code with all the variables names changed and is a single .js file with ES5 code which webpack creates from your React source code so it's not easily understandable.
If your project is open source then it makes no difference, but for closed source projects you don't want to ship your source code as part of your production build.
Especially if it's commercial site. Although there may not be any secret logics or API keys (hopefully not any), but you always try to minimize sharing what's unnecessary.
While this is a nice thing to do, and definitely good practice when deploying to production, you shouldn't rely on this alone to protect your source code as it can be easily found by prettifying the output main.js bundle.
Even though you prettify the code, the prettified code is a minified code with all the variables names changed and is a single
.js
file with ES5 code which webpack creates from your React source code so it's not easily understandable.How/why is this good practice when deploying to production?
If your project is open source then it makes no difference, but for closed source projects you don't want to ship your source code as part of your production build.
Why?
Why would you want to publicize your code?
Especially if it's commercial site. Although there may not be any secret logics or API keys (hopefully not any), but you always try to minimize sharing what's unnecessary.
yes but who can develop it ?