Set webpack cfg devtool property to 'nosources-source-map'

[staszekj]

Webpack cfg devtool property other than: 'cheap-module-source-map', 'source-map' or false

This is mostly frustrating for production build where I'd like to have possibility to set devtool='nosources-source-map' or other less specific source-map

Now devtool is calculated as below:

    devtool: isEnvProduction
      ? shouldUseSourceMap
        ? 'source-map'
        : false
      : isEnvDevelopment && 'cheap-module-source-map',

so there is no chance to override devtool value either for development nor production mode.

[heyimalex]

Hm, I don't think this will be supported; it's pretty niche, and I'm not sure of anything nosources-source-map does that isn't possible already. We keep configuration like this to a minimum by design. Why exactly do you want to use nosources-source-map?

[staszekj]

Suppose I have the following error:

in file: main-app.tsx

    const myFunction: any = "";  //line 11
    myFunction(); //line 12

on production if user open Chrome DevTools user should see error with exact line number (as it is show below)

TypeError: "" is not a function
    at C (main-app.tsx:12)

but user should not be able to see original source in main-app.tsx file

[heyimalex]

I think there are ways to make your sourcemaps private and still use them on your production site. Honestly though I don’t use dev-tools too often in production, so I don’t know exactly how.

At work we use sentry for tracking errors, which supports uploading a private source map, and tracebacks correspond to the original source line, so at least conceptually I know it’s possible.

[staszekj]

ok - so pls let me sum up your point. If I create source map files but won't public them on production or deny public access to them user won't be able to see code but also won't be able to see exact error line number.

To decode line number I need to have my previously generated source map files and additional tool (ex: Sentry) to traceback to the original source map.

I checked some Sentry alternatives
https://www.slant.co/options/964/alternatives/~sentry-alternatives

These tools give access to error log remotely (without bothering user)
Unfortunately most of them are non-free solutions (however some of them have free plans)

[heyimalex]

I'm only saying that your use case is covered through other means:

• Unprivileged users are never looking at tracebacks, so line numbers don't mean anything. If you're tracking frontend errors, you can always recover the offending line from a traceback and the full sourcemap, which is what sentry does behind the scenes.
• Privileged users who want to use sourcemaps when debugging the live site have some options, though it's not quite as easy as nosources-source-map. The gist is you make the *.map files require some sort of authentication. How you handle that is up to you.

Hiding your soucemaps is kinda pointless in the first place, but I understand the sentiment.

I only used sentry as an example, but I've been very happy using them for frontend error tracking so that may be a good route. I never go over on their free plan.