Comment by madeofpalk
1 day ago
That's if your goal is to obfuscate code.
Often though, Javascript is hard to read not because it's been obfuscated, but because its been transpiled and/or minified for smaller network payloads.
I can understand why some don't want to ship their sourcemaps to prod, but also it really doesn't matter all that much.
If your goal isn't to obfuscate code as you said you still need to do some kind of transformation so sourcemaps are necessary. It's possible to debug code that's been converted from ES2025 to ES3 without them but it's really annoying to have to do that.
Let's be honest, when a company makes a website they want you to see the website not the code. Of course front-end code is less private in nature but still, showing it could expose some vulnerabilities.