solid-start icon indicating copy to clipboard operation
solid-start copied to clipboard
verified publisher icon solidjs

[Feature?]: Security Concern: Local File Paths Exposed in Build Output

Open thinke5 opened this issue 9 months ago • 1 comments

Duplicates

  • [x] I have searched the existing issues

Latest version

  • [x] I have tested the latest version

Summary 💡

Description

The compiled JS files in 'use server' builds contain absolute local machine paths (e.g., /home/user/project/src/...). This may leak sensitive information about the development environment and poses potential security risks if deployed publicly.

Steps to Reproduce

Run npm run build with default configuration. Check generated .js files – absolute paths are visible.

Expected Behavior

Sensitive local paths should be hidden or replaced with anonymized placeholders (e.g., XXX/src/...).

Examples 🌈

No response

Motivation 🔦

No response

thinke5 avatar Mar 19 '25 12:03 thinke5

according to @atilafassina this will be fixed once vinxi is no longer used by solidstart

huseeiin avatar Mar 20 '25 13:03 huseeiin