Menu
I have kind of a basic question about webpack and react that I can use help with (around code obfuscation/uglification).
I am using create-react-app for my application and it appears to create a bundled build for production (after running yarn build).
And in that file it seems that everything is put into a main.JS file and main.CSS file Etc. I push this live using "firebase deploy" (in my case). I would like my code to be uglified and not be completely readable by any developer out there.
But when I go to look at my apps in Chrome it doesn't show main.JS or any other of the bundles files. It just shows every single individual file and exactly the code that I've written. Any idea why this is? Why doesn't it show the uglified combined main.js file under the 'sources' tab in chrome? Is this to do with the source map?
916
If you're using Create React App, please follow the instructions above. This section is only relevant if you configure webpack directly. Webpack v4+ will minify your code by default in production mode.
One great benefit to using create-react-app is that it gives us code splitting and chunking out of the box. Chunks allow us to separate our codes into bundles, which are a group of related chunks packaged into a single file. Tools such as Create React App, Gatsby, and Next. js use webpack to bundle applications.
Formatting Code Automatically With Prettier you can format the code you write automatically to ensure a code style within your project.
Save this question.
There is a better way to make sure source maps are not included. Create .env file in your project root folder and add GENERATE_SOURCEMAP=false. You will get you build without source maps.
111
React minifies the code during the build and generates source maps. JS ends up being sort of obfuscated as a byproduct of minification, not because of secrecy. That way, the end users are able to load scripts faster than if they were not minified, and you (and everybody else) get to navigate around original code when you (or they) open Developer Tools.
If you take a look in build/static/js directory after the build, there are pairs of .js and .map files. JS files are loaded with your website, and .map files are loaded on demand, when Developer Tools are opened.
To disable sourcemap generation, run your build with GENERATE_SOURCEMAP environment variable set to false.
GENERATE_SOURCEMAP=false npm run build or
GENERATE_SOURCEMAP=false yarn build or make it part of build script in package.json
{ … "scripts": { … - "build": "react-scripts build" + "build": "GENERATE_SOURCEMAP=false react-scripts build" } } If you omit the sourcemap generation, .map files will not end up in production, and your original source code will not be available for anyone (including you).
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
