Not about client-side vs server-side. It’s unminified source code containing comments, links to internal tickets and private repositories. That’s the exact reason it’s meant to be stripped at build time, not because of FUD but because it’s a legitimate risk.
You know you can un-minify code, don’t you? Minifying it doesn’t encrypt it. The links to internal tickets and private repositories would still be there even if they minify it.
Links to internal tickets and repos aren’t a security issue btw.
Minifying is a one way process and once it’s done, you lose the names of all variables and functions. And no, they wouldn’t be present because comments are stripped.
Not about client-side vs server-side. It’s unminified source code containing comments, links to internal tickets and private repositories. That’s the exact reason it’s meant to be stripped at build time, not because of FUD but because it’s a legitimate risk.
You know you can un-minify code, don’t you? Minifying it doesn’t encrypt it. The links to internal tickets and private repositories would still be there even if they minify it.
Links to internal tickets and repos aren’t a security issue btw.
Minifying is a one way process and once it’s done, you lose the names of all variables and functions. And no, they wouldn’t be present because comments are stripped.
No, this is food for exploit-searching AI. Private comments and tickets, etc is what they use to leverage targeted attacks.