#exposed-files

Exposed Files

Source maps in production: shipping your source code by accident

Source maps make minified code debuggable by mapping it back to the original. Ship them to production and you have effectively published your source code.

Exposed Files

Your .git folder is public — and that is a full source-code download

If /.git is reachable on your site, an attacker can rebuild your whole repository — code, history and any secrets you ever committed. Here is how to check.

Exposed Files

.env exposed: how a single file hands attackers your whole stack

The .env file holds your database URLs, API keys and tokens. It belongs on the server — but when it ships to a public folder, anyone can just download it.