Chart.js icon indicating copy to clipboard operation
Chart.js copied to clipboard
verified publisher icon chartjs

Hide version from js file

Open Elikill58 opened this issue 1 year ago • 1 comments

Feature Proposal

For my website, I just received the result of pen-test.

They found some versions on JS file as on chartjs. They think it's an issue to show version of librairies we're using. Do you think it's possible to remove it from the final file?

Here is they screenshoot they sent to us: image

Possible Implementation

I tried to remove it from the file, or set like static version = "hidden"; but I get error by some plugins as annotations which can no longer parse it.

I think this would be hard. Is that possible to have a way to say "I know what I'm doing, it's in right version" ?

Elikill58 avatar Oct 03 '24 12:10 Elikill58

I don't think removing the version number will solve anything.

Firstly as you mentioned some libraries depend on it to know if certain features are available. Secondly if you remove the version number you can still check the source code and match it against all the versions. So it takes a step more to find the version used but it will never be a secret.

LeeLenaleee avatar Oct 06 '24 10:10 LeeLenaleee

Closing as this is not something that we will do as per my comment above.

Also when importing the library using an CDN you can see the version in the url which you request so that will give it away also away.

LeeLenaleee avatar Nov 30 '24 12:11 LeeLenaleee