Javascript Source map detected
Description
JavaScript source maps are files that map minified or compiled production code back to the original source code, enabling developers to debug production applications. When source maps are publicly accessible on production systems, they expose the original, unobfuscated source code including comments, variable names, and application logic that were intended to remain private.
Remediation
Remove source map files from production environments and prevent public access to them. Implement the following measures:
1. Delete all .map files from production deployments before publishing
2. Configure your build process to exclude source maps in production builds
3. If source maps are needed for production debugging, restrict access using web server configuration:
For Nginx:
location ~ \.map$ {
deny all;
return 404;
}For Apache (.htaccess):
<FilesMatch "\.map$">
Require all denied
</FilesMatch>4. Alternatively, use error tracking services that support private source map uploads (such as Sentry or Rollbar) to enable debugging without exposing maps publicly
5. Verify that source maps are not accessible by checking for .map file references in production JavaScript files