Source Map
A file that maps minified production JavaScript back to the original source code, useful for debugging but a leak risk if shipped to production.
In detail
Source maps are JSON files that describe how minified, compiled or transformed JavaScript relates to the original TypeScript or unminified source. Browsers fetch source maps on demand when devtools is open, allowing developers to debug production code as if it were the original. The downside is that publicly accessible source maps reveal the original source code structure, comments, internal API names and sometimes accidentally-included secrets. Most production frameworks default to either suppressing source maps or hosting them privately.
Why it matters for Australian business
For Australian businesses the rule is simple: source maps should not be served from a public URL in production. Vibe-coded apps deployed quickly often ship source maps by default, exposing what would otherwise be confidential implementation details. Our scanner checks for this and our security audits include verification that source maps are absent or behind authentication.