NEXTJS_NO_PRODUCTION_SOURCE_MAPS
Conformance is available on Enterprise plans
Enabling production source maps in your Next.js application will publicly share your
application's source code and should be done with caution. This rule flags any
usage of productionBrowserSourceMaps for review. If intentional, the exception
should be added to an allowlist.
For further reading, see:
This rule will catch the following code.
module.exports = {
productionBrowserSourceMaps: true,
};To fix this issue, either set the value of productionBrowserSourceMaps configuration to false,
or if intentional add an exception to an allowlist.
Disabling source maps in production has the benefit of not exposing your source code publicly, but it also means that errors in production will lack helpful stack traces, complicating the debugging process.
For protected deployments, it is generally safe to enable source maps, as these deployments are only accessible by authorized users who would already have access to your source code. Preview deployments are protected by default, making them a safe environment for enabling source maps.
If you use a third-party error tracking service like Sentry, you can safely enable source maps by:
- Uploading the source maps to your error tracking service
- Emptying or deleting the source maps before deploying to production
Many third-party providers like Sentry offer built-in configuration options to automatically delete sourcemaps after uploading them. Check your provider's documentation for these features before implementing a manual solution.
If you need to implement this manually, you can use an approach like this:
// Empty the source maps after uploading them to your error tracking service
const sourcemapFiles = await findFiles('.next', /\.js\.map$/);
await Promise.all(
sourcemapFiles.map(async (file) => {
await writeFile(file, '', 'utf8');
}),
);Was this helpful?