For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Sign inTry it free
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
  • Flagship blog
    • 52 Blog Posts, Claude, 3 Prompts, Under an Hour
    • Shipping from Oakland: An Observability Hackathon Recap
    • Day 12 | New Year, New Observability
    • Day 11 | What engineering teams really want from Observability
    • Day 10 | Why observability and feature flags go together like milk and cookies
    • Day 9 | The Three Ghosts Haunting Your AI This Holiday Season
    • Day 8 | Observable Multi-Modal Agentic Systems
    • Day 7 | SLOs that actually drive decisions
    • Day 6 | Stop cardinality from stealing your cloud budget
    • Day 5 | Using a Popular Tidying Method to Consolidate Your Observability Stack
    • Day 4 | Tracing the impact of feature flags in your Node.js app
    • Day 3 | Zero-Config Observability with OpenTelemetry
    • Day 2 | Why AI agents need three layers of observability
    • Day 1 | Observability Under the Tree: What Changed in 2025
    • 5 takeaways from my first PyCon JP conference
    • Dungeons & Downtimes: XP gained from our adventure
    • Reverse Proxy for custom domains
    • Adventures in dogfooding: Guarded Releases
    • A quick tool for npm package scanning
    • My DEF CON 33 experience
    • Make every launch a big deal
    • Fun with JS streams
    • Moonshots XXII: Hack to the Future recap
    • A tale of three rate limiters
    • My good friend Claude
    • My approach to React app architecture in 2025
    • Data isolation with ClickHouse row policies
    • Ingest and Visualization for OpenTelemetry Metrics
    • Alert Evaluations: Incremental Merges in ClickHouse
    • Optimizing ClickHouse: The Tactics That Worked for Us
    • Migrating from OpenSearch to ClickHouse
    • Revamping Privacy Mode: A Better Way to Obfuscate Sensitive Data
    • An open-source session replay benchmark
    • LLM-based Grouping of Errors
    • Building GitHub Enhanced Stacktraces
    • Vercel Edge Runtime Support
    • Finding Interesting Sessions with Markov Chains
    • Building Logging Integrations at LaunchDarkly
    • The Network Request Details Panel
    • Using Github as a Headless CMS
    • Your Source Maps Should Be Public
    • Supporting Outside Contributions at LaunchDarkly
    • Managing our design tokens at LaunchDarkly
    • Our Commitment to OpenTelemetry
    • The 5 Best Logging Libraries for Ruby
    • InfluxDB: Visualizing Millions of Customers' Metrics using a Time Series Database
    • 8 Tips to Help You Maximize Chrome DevTools
    • The Debugging Process and Techniques for Web Applications (Part 2/2)
    • 5 Best Node.js Logging Libraries
    • What are rage clicks and how to detect them
    • 5 Best Practices for Maintaining a Clean ReactJS App
    • Is Kafka the Key? The Evolution of LaunchDarkly's Ingest
    • What Is Full Stack Monitoring and How Does It Work?
    • The beauty of contact-first API design
    • What is Frontend Monitoring and What Tools Help You Do It?
    • 5 strategies to monitor the health of your web application
    • Configuring OpenSearch for a Write-Heavy Workload
    • Maximizing Our Machines: Worker Pools At LaunchDarkly
Sign inTry it free
LogoLogo
On this page
  • Why private source maps?
  • Why private source maps don’t matter
  • ChatGPT as de-compiler
  • Benefits of public source maps
  • Debug with Dev Tools
  • LaunchDarkly automatically recognizes public source maps
Flagship blog

Your Source Maps Should Be Public

Was this page helpful?
Previous

Supporting Outside Contributions at LaunchDarkly

Next
Built with

Published May 12, 2023

portrait of Chris Esplin.

by Chris Esplin

Source maps are critical for web development in today’s JavaScript environment.

In fact, all of our build tools—Rollup, Vite, WebPack, ESBuild—transpile and bundle our JavaScript and support source maps out of the box.

Debugging errors in production with transpiled code is nigh impossible. So our tooling creates source maps.

See What are source maps? by Jecelyn Yeen for all of the details.

Why private source maps?

Private source maps make it harder for an attacker to understand your front-end application.

An attacker can easily use public source maps to view the code in its original, un-transpiled state. The same source maps that make debugging easier make attacking your application easier.

Check out our unobfuscated source code on https://www.highlight.io! It’s readable, public and easy to ingest for developer tools like LaunchDarkly. Our vite bundler generates these source maps with a single flag.

Unobfuscated source code on LaunchDarkly visible in the browser with public source maps.

Unobfuscated source code on LaunchDarkly visible in the browser with public source maps.

Why private source maps don’t matter

Guess what!

With or without source maps, Chrome Dev Tools makes deconstructing your JavaScript application relatively easy.

For instance, You can open up the Network tab and watch each request and response.

Chrome Dev Tools Network tab showing HTTP requests and responses.

Chrome Dev Tools Network tab showing HTTP requests and responses.

The Application tab also surfaces the data your site is saving locally.

Chrome Dev Tools Application tab displaying locally stored site data.

Chrome Dev Tools Application tab displaying locally stored site data.

Who cares how the code is written if the results, in both data and network, are readily visible?

Dev Tools will even allow an attacker to reformat the code and use breakpoints to step through it!

And then there’s ChatGPT…

ChatGPT as de-compiler

ChatGPT struggles with long code snippets, so it’s not yet a silver bullet for decompilation.

ChatGPT failing to decompile a long obfuscated code snippet.

ChatGPT failing to decompile a long obfuscated code snippet.

But ChatGPT can de-compile shorter code snippets quite effectively.

ChatGPT successfully decompiling a shorter obfuscated code snippet.

ChatGPT successfully decompiling a shorter obfuscated code snippet.

Benefits of public source maps

Debug with Dev Tools

Dev Tools will automatically recognize and apply public source maps to your code.

Debugging production issues will be much, much easier, especially if you see errors in your console. With public source maps, Dev Tools can link your errors directly to the de-compiled code. It’s magical.

Chrome Dev Tools debugger using public source maps to link errors to original code.

Chrome Dev Tools debugger using public source maps to link errors to original code.

LaunchDarkly automatically recognizes public source maps

LaunchDarkly does support private source maps. We even publish a source map uploader on NPM that will send your private source maps directly to our servers.

Our source map uploader works well, but depending on a team’s setup, it can be tricky for users to implement and can become a constant source of bugs due to unique build pipelines and machine types.

However, if you make your source maps public, you don’t have to do any of that work. And you automatically get production source maps for your own debugging in Dev Tools.

It’s a win/win.