Remove source maps from build

[allanlewis]

Is your feature request related to a problem? Please describe.

This module tells Webpack to generate source maps for Sentry, which is very useful. However, for compliance reasons I'd like to not deploy source maps to production.

Describe the solution you'd like

I want to be able to upload source maps to Sentry but then exclude them from my build so they're not accessible in production.

Describe alternatives you've considered

I'm currently looking to manually delete the source maps from my dist directory before deploying.

Additional context

n/a

[zecar]

maybe you could use this to secure those: https://docs.sentry.io/platforms/javascript/guides/capacitor/sourcemaps/uploading/hosting-publicly/

[allanlewis]

maybe you could use this to secure those: https://docs.sentry.io/platforms/javascript/guides/capacitor/sourcemaps/uploading/hosting-publicly/

There's no problem deploying source maps to Sentry, I just don't want them in the bundle I deploy to my server 😕

Even if they're behind basic auth, I don't think that would pass compliance.

I've now added something along the lines of find dist -name '*.js.map' -delete to my build script, which seems a bit messy...

[zecar]

depending on what you are using to deploy your app + how you upload sourcemaps to sentry you could use ENV variables to disable sourcemaps in your build.. for example webpack has specific configuration regarding sourcemaps..

regarding basic auth for sourcemaps.. you could also add server configuration to only allow Sentry's IP to access your .map files https://docs.sentry.io/product/security/ip-ranges/

to remove the source map url from your js files you can use (if you don't already) [this] (https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#use-hidden-source-map)

[allanlewis]

depending on what you are using to deploy your app + how you upload sourcemaps to sentry you could use ENV variables to disable sourcemaps in your build.. for example webpack has specific configuration regarding sourcemaps..

I tried that but it looked to me like this module was overriding my Webpack settings, but I'm not a Webpack expert 😕

regarding basic auth for sourcemaps.. you could also add server configuration to only allow Sentry's IP to access your .map files https://docs.sentry.io/product/security/ip-ranges/

That seems like more work than just not deploying them...

to remove the source map url from your js files you can use (if you don't already) [this] (https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#use-hidden-source-map)

I already do that but my compliance requires that the source maps are not present at all 🤷‍♂️

Thanks for all your suggestions 🙏

[rchl]

I tried that but it looked to me like this module was overriding my Webpack settings, but I'm not a Webpack expert 😕

Yes, it does because the source maps need to be generated to be able to upload those to Sentry.

I'm currently looking to manually delete the source maps from my dist directory before deploying.

It's what the module would most likely have to do too if it would be handled automatically by it. So it's a good workaround for the time being IMO.

[allanlewis]

I'm currently looking to manually delete the source maps from my dist directory before deploying.

It's what the module would most likely have to do too if it would be handled automatically by it. So it's a good workaround for the time being IMO.

I agree, it's simple and it works reliably 👍

[kolesoffac]

This approach is good but seems messy because the links stay in the js file and you can see a lot of warnings in the console.

[allanlewis]

This approach is good but seems messy because the links stay in the js file and you can see a lot of warnings in the console.

I'm using hidden-source-map which I think prevents that from happening.

[kolesoffac]

I use nuxtjs and therefore there is no such feature

[kolesoffac]

I wrong.
https://sentry.nuxtjs.org/sentry/options#sourcemapstyle

Thanks