This content originally appeared on DEV Community and was authored by Tayfun Erbilen
If you are using create-react-app for creating react applications and using yarn build to get build, your react codes might not be safe.
Because, if you run yarn build command without any spesification, it will generating source maps as well.
And if you put builded files without deleting source maps to your server, anyone can see your entire react project codes.
How bad is it?
If you go this website, https://svgeditoronline.com/editor/ and open developer tools, and select "Sources" tab. Then you will able to see all project codes sadly.
What we have to do?
We have to delete .map files from builded files which is in build/static/js folder.
And for the next build you should change your package.json build command
find this line
...
"build": "react-scripts build",
...
change with this
...
"build": "GENERATE_SOURCEMAP=false react-scripts build",
...
Now, your code is safe. This is a small but important think.
I checked a lot of live react project, also checked selling react scripts on codecanyon, and guess what I found? Almost every project left .map files in static/js folder.
TL;DR
- Delete all your
.mapfiles frombuild/static/jsfolder. - Change your build command on
package.jsonfrom this"build": "react-scripts build",to this"build": "GENERATE_SOURCEMAP=false react-scripts build",for your next builds. - Now you are safe, I hope :)
This content originally appeared on DEV Community and was authored by Tayfun Erbilen
Tayfun Erbilen | Sciencx (2021-11-14T22:48:27+00:00) Your React Codes Might Not Be Safe!. Retrieved from https://www.scien.cx/2021/11/14/your-react-codes-might-not-be-safe/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.