Able to view the whole source code in the production build when I run it locally using pushstate-server

[reznord]

Able to view the whole source code of the project in the chrome debugger when running the build using pushstate-server. Not sure whether this is a known issue or an expected behavior.

NOTE:

I haven't ejected the project.

Steps to reproduce:

• Initialize a project with CRA create-react-app testApp
• Run yarn run build to bundle the project
• Deploy the build using pushstate-server using pushstate-server build
• Go to localhost:9000 and go to sources in chrome debugger.

Now go to sources and see the following path top -> webpack:// -> . -> src.

Actual Behavior

Here you can see the whole code of the project in the production build.

Expected Behavior

The source code is not supposed to be exposed in the production build.

Discussion

Can anyone confirm whether this is a bug or just an expected behavior.

The following image shows the code when I deployed the project locally using pushstate-server

[gaearon]

This is expected. You can delete .map files from the build output if you want to disable it, although you'll get console warnings about them missing.

There is no harm in leaving them in though in my opinion. Client code is already available to the user’s machine so there’s no secrets in it.

[reznord]

Just wanted to know, thanks for the clarification @gaearon