Immediately had to think about the Apple Web Store which seemed to have the same "issue" two weeks ago[0]
I guess the same thing[1] applies here.
> This is not "exposing" their source code. While yes, it may not be minified and it's slightly more human readable, it's not exposing any additional logic. Remember, obfuscation is not security.
The reason for minification is not hiding the source code (which is impossible), but to reduce the payload size served to clients. Web pages (even web apps) are documents fully available to clients where users can choose to view, inspect and even modify their source code.
Honestly, I think including source maps for your frontend code should be the standard. Maybe web apps will get better if people can actually start studying existing frontend sourcemaps to learn good patterns which are being used in production by companies with lots of experienced engineers. Tons of people love to complaint about terrible web apps, but finding high quality web app examples to study and learn from is actually really difficult! Let's not pretend that the trivial todo-apps are where you're gonna go to learn anything about how a real-world app is organized.
I think this title is misleading, it makes it seem like more than just the unobfuscated code has been exposed.
> Remember: Always disable sourcemaps in production!
Or don't. There is a non-zero possibility that this wasn't even an accident.
One has serious doubts that the person who wrote this even understands (and can articulate the reasons) why they have this position.
In any case, GitHub isn't an unredactable, append-only ledger. "Archiving" this on a site that is no less subject to DMCA takedowns than any other site but that differs from other sites in having exceptionally fast response times to takedowns is not an especially well-thought-out move.
That is somewhat different as it required brute forcing IDs and his conviction was overturned (although the reasons do not establish a clear precedent).
Immediately had to think about the Apple Web Store which seemed to have the same "issue" two weeks ago[0]
I guess the same thing[1] applies here.
> This is not "exposing" their source code. While yes, it may not be minified and it's slightly more human readable, it's not exposing any additional logic. Remember, obfuscation is not security.
[0]https://news.ycombinator.com/item?id=45804664
[1]https://www.reddit.com/r/webdev/comments/1onnzlj/comment/nmy...
It’s not exposed, it’s how web stuff works
Well, to play devil's advocate, typically only the minified version is exposed.
However I agree that in the end outside of making it more readable, it's not making a huge difference.
The reason for minification is not hiding the source code (which is impossible), but to reduce the payload size served to clients. Web pages (even web apps) are documents fully available to clients where users can choose to view, inspect and even modify their source code.
Honestly, I think including source maps for your frontend code should be the standard. Maybe web apps will get better if people can actually start studying existing frontend sourcemaps to learn good patterns which are being used in production by companies with lots of experienced engineers. Tons of people love to complaint about terrible web apps, but finding high quality web app examples to study and learn from is actually really difficult! Let's not pretend that the trivial todo-apps are where you're gonna go to learn anything about how a real-world app is organized.
I think this title is misleading, it makes it seem like more than just the unobfuscated code has been exposed.
Yes, the repo creator's tone is obnoxious.
> Remember: Always disable sourcemaps in production!
Or don't. There is a non-zero possibility that this wasn't even an accident.
One has serious doubts that the person who wrote this even understands (and can articulate the reasons) why they have this position.
In any case, GitHub isn't an unredactable, append-only ledger. "Archiving" this on a site that is no less subject to DMCA takedowns than any other site but that differs from other sites in having exceptionally fast response times to takedowns is not an especially well-thought-out move.
Wait until you find out about "View source".
This is front-end code, that gets deliberately sent to the browser. With enough work, someone can deobfuscate such code manually.
yeah man, wait till you hear about the view source affordance
https://htmx.org/essays/right-click-view-source/
the web is an open platform, sorry
> Remember: Always disable sourcemaps in production!
I wish I could downvote this comment from the README.
Minification to reduce bandwidth is noble. But to obfuscate? Why?
People have gone to jail for less than this lol
A fairly minor breach of copyright?
Or, if you take the view of the court in the case of Andrew Auernheimer (weev), it exceeds authorized access and exfiltrated trade secrets
That is somewhat different as it required brute forcing IDs and his conviction was overturned (although the reasons do not establish a clear precedent).
[dead]