英文:
What are the drawbacks of enabling source maps on a production Node.js app?
问题
在生产环境中为Node.js应用启用源映射时,是否有任何不利之处或需要考虑的事项我应该注意?
我有一个用TypeScript编写的生产Node.js应用程序。目前,当发生错误时,它们会被记录到标准输出中。然而,由于代码被转译,由此产生的堆栈跟踪不容易阅读。
为了解决这个问题,在本地开发过程中,我使用Node.js的--enable-source-maps标志,它提供了更一致的堆栈跟踪。
考虑到这是一个后端应用程序,并且任何错误不会直接暴露给客户端,我正在考虑在生产环境中启用源映射。
我已经在额外的错误处理方面使用了错误跟踪服务。
英文:
Are there any disadvantages or considerations I should be aware of when enabling source maps in a production environment for a Node.js application?
I have a production Node.js application that is written in TypeScript. Currently, when errors are thrown, they are logged to the standard output. However, the resulting stack traces are not easily readable due to the code being transpiled.
To address this issue during local development, I utilize the --enable-source-maps flag of Node.js, which provides more coherent stack traces.
Given that this is a back-end application and any errors are not directly exposed to the client, I am contemplating enabling source maps in the production environment as well.
I am already utilizing an error tracking service for additional error handling.
答案1
得分: 1
我理解您对源映射的使用以及它们对安全性和性能的影响的关切。
鉴于这是一个后端应用程序,任何错误都不会直接暴露给客户端
在这种情况下,问题不在于安全性,而在于性能。如果您的应用程序对性能不敏感,可以安全地使用源映射。但是,可能会出现一些意外情况,就像在这个GitHub问题中提到的情况一样:https://github.com/nodejs/node/issues/41541。
英文:
I understand your concern regarding the use of source maps and their impact on security and performance.
> Given that this is a back-end application and any errors are not directly exposed to the client
In this case, the issue is not with security but with performance. If your application is not sensitive to performance, you can safely use source maps. However, there may be some unexpected situations that arise, such as the one mentioned in this GitHub issue: https://github.com/nodejs/node/issues/41541.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论