Menu
Recently I have passed to gulp task manager, and I noticed that by default, build task produce .map files. This makes me wonder: is useful to obfuscate code for production deployment? Does it protect my software from being hacked? If yes, should I delete my .map files from there?
559
While JavaScript obfuscation is often the entry point for those looking for some degree of source code protection, the bottom line is that obfuscation is usually a means to an end. While developing your application's threat model, it's important to understand the risks posed by unprotected JavaScript code.
A obfuscator won't help you at all if someone wants to figure out the code. The code still exists on the client machine and they can grab a copy of it and study it at their leisure. There is simply no way to hide code written in Javascript since the source code has to be handed to the browser for execution.
Name obfuscation does not affect the performance and should always be used. You can virtualize methods that are not computationally intensive.
Obfuscation makes it much more difficult for attackers to review the code and analyze the application. It also makes it hard for hackers to debug and tamper with your application.
Simple obfuscation will not protect your software from being hacked. If you really want to protect your javascript, to add something that will make the life of someone who tries to steal or tamper with your software really difficult, you should check Jscrambler. I have not yet seen any solution that goes even close to the level of protection they enable you to achieve.
As for the source maps question, if you obfuscate yes you should delete them.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
