Will It Vibe logoWill It Vibe?
NEXT-007Low severity-4 points

Production browser source maps enabled

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

productionBrowserSourceMaps: true publishes readable source maps for the client bundle to production, exposing your original source, comments, and internal structure to anyone who opens dev tools.

Why it matters

productionBrowserSourceMaps: true ships full source maps for the client bundle to production. Anyone can open dev tools and read your original, unminified source, including comments, internal names, and the structure of any client-side logic you assumed was obfuscated. It also increases the bytes served.

How to fix it

Remove productionBrowserSourceMaps (it defaults to false) so maps are not published. If you need source maps for error monitoring, upload them privately to your error tracker (Sentry and similar tools support this) instead of serving them from the site.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks