search

braze-inc / braze-web-sdk

Public repo for the Braze Web SDK
https://www.braze.com
Other
70 stars 25 forks source link

[Feature]: unuglified version #114

Closed hermanbanken closed 2 years ago

hermanbanken commented 2 years ago

What problem are you facing?

There is no way to know what this is doing. It is bad practice to just include code in your codebase without vetting it, and it is truly impossible to vet in this minified form.

I understand that it might lead to people including the non-minified format, and this might be the only acceptable rationale for not publishing it.

If Braze is scared for reverse engineering, that is just security through obscurity. By doing it for this reason you're basically saying you need to trust us, but we do not trust you, and we do not have reasonable defenses against people spamming the (undocumented) SDK endpoints.

Workarounds

Tried to http://www.jsnice.org/ but it won't get much better.

Ideal Solution

Open source SDK

Other Information

Please do not be evil.

davidbielik commented 2 years ago

Hi @hermanbanken thanks for this feedback and I can appreciate that a certain level of trust is needed to use a 3rd party vendor's code. If you have specific concerns or would like to discuss any security questions, please reach out to our support team: https://www.braze.com/docs/support_contact.

I'll log this feature request internally so we can use it for future consideration.