-
Notifications
You must be signed in to change notification settings - Fork 10.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2 - Don't generate source maps by default #3817
Comments
Agreed! A nice way of managing sourcemaps could be a config parameter, such as: // gatsby-config.js
module.exports = {
pathPrefix : "/blog",
sourceMaps : true,
// ...
} It would let users choose when and where use them and would be particulary useful on multi-environments development (develop, staging, etc...). |
I don't think not generating source maps the right approach. For every production app I've made we've wanted them either to load when devtools were opened or to upload to sentry for clearer error tracking. I think if you don't want them in your uploaded site that's more of publishing concern than a building on? |
Instead of disabling sourcemaps by default — how about instead we a) investigate using relative paths, removing comments and otherwise making them more tidy by default and b) add a plugin to easily disable producing source maps by modifying the webpack config which also conveniently would speed up builds some. |
@KyleAMathews I cannot see the advantage of a plugin instead of a basic gatsby-config parameter? 🤔 |
@monsieurnebo mainly because we avoid config options at (almost) all costs :-) Adding config is a much weightier decision vs. a plugin. Also plugins are much more flexible than config. |
@KyleAMathews Ok! Would this plugin's purpose be only to disable sourcemaps via webpack configuration? Isn't that a bit overkill? |
@monsieurnebo that's how a config option would work so it's the same thing |
I'm struggling how to disable source maps for production since the default Webpack set up is to leave out the // gatsby-node.js
exports.onCreateWebpackConfig = ({ actions, stage }) => {
if (stage === 'build-javascript') {
// turn off source-maps
actions.setWebpackConfig({
devtool: false
})
}
}; edit: added an SO question here |
So it looks like that might actually work. Either my finder wasn't refreshing the file list or the /public/folder was holding on to old sourcemap files. |
This solved removing source map in v2. yarn add gatsby-plugin-no-sourcemaps@next plugins: [
"gatsby-plugin-no-sourcemaps",
] |
edit: I guess the |
Old issues will be closed after 30 days of inactivity. This issue has been quiet for 20 days and is being marked as stale. Reply here or add the label "not stale" to keep this issue open! |
This issue is being closed due to inactivity. Is this a mistake? Please re-open this issue or create a new issue. |
source-map 관련 버전, 의존성 오류로 보임. webpack-contrib/babel-minify-webpack-plugin#68 gatsby에서 socurcemap을 비활성화하는 플러그인을 이용한 해결 gatsbyjs/gatsby#3817
I think having sourcemaps on by default in production is dangerous. There must be countless people out there who think their code comments, environment variable names, and source code are private because the output was minified, without realizing that everything is public. It seems like a security/privacy risk, because most people will assume that only the compiled version will be visible in production. |
hi, any updates? |
Why do we need to develop and maintain separate plugin for a simple config option, which by the way should be a default setting in production? |
Description
Gatsby by default generates very expressive source maps. They include the full, non-minified source code of the site, including all comments like TODO, etc. They also expose absolute paths to the project directory leaking things like user names and naming conventions.
Source maps in general should not be available to anyone willing to open the dev tools in their browser. Access to them should be restricted and this requires some additional adjustments on the web server level.
I suggest we disable the default source map generation in the next version of the project.
See: #3324 (comment)
The text was updated successfully, but these errors were encountered: