Your NPM Package Is Leaking Source Code (Here's How to Fix It)
javascript
dev.to
Last week the dev community had a field day when someone discovered that a major CLI tool had accidentally shipped source map files in their NPM package. The .js.map files were sitting right there in the published tarball, and anyone who ran npm pack on the installed package could reconstruct the entire original TypeScript source. This isn't a new class of bug. It happens more often than you'd think, and it's probably happening in your packages right now. What Are Source Maps and Why