0

I was using npm run build to build my page for production, and I check the /build folder the source code doesn't exists. But when I host the host the website via IIS or httpd and use the browser to open the page, I found the source code is in there! That means anyone can grab my code and build their own website? Wired.

enter image description here

enter image description here

enter image description here

enter image description here

William
  • 97
  • 1
  • 8
  • I'm not sure why do you think that's a concern. It has nothing to do with security at all. JS technically doesn't have a compiling process, because it is a scripting language. So essentially what the users will be seeing is the source code itself, no matter whether you have the production build or not. It is just a matter of fact that React production build is bundled and minified (although they still call it a compilation in the terminal). – Matthew Kwong Dec 31 '21 at 06:39
  • If you are worry about it, i suggest see this answer https://stackoverflow.com/a/68127201/12337783 to similar question about obfuscating codes. – Mohammad Hossein Dolatabadi Dec 31 '21 at 07:33

1 Answers1

1

In your build directory, you'll see some .map files. Those are source maps, and they contain all the data necessary to rebuild things in the way you see files on-disk, even though everything is bundled for the browser.

These are useful development tools. They allow you to set breakpoints. You can even see code from other languages that was transpiled.

You should disable sourcemaps for your production builds.

Brad
  • 159,648
  • 54
  • 349
  • 530