Closed hermanbanken closed 2 years ago
Hi @hermanbanken thanks for this feedback and I can appreciate that a certain level of trust is needed to use a 3rd party vendor's code. If you have specific concerns or would like to discuss any security questions, please reach out to our support team: https://www.braze.com/docs/support_contact.
I'll log this feature request internally so we can use it for future consideration.
What problem are you facing?
There is no way to know what this is doing. It is bad practice to just include code in your codebase without vetting it, and it is truly impossible to vet in this minified form.
I understand that it might lead to people including the non-minified format, and this might be the only acceptable rationale for not publishing it.
If Braze is scared for reverse engineering, that is just security through obscurity. By doing it for this reason you're basically saying you need to trust us, but we do not trust you, and we do not have reasonable defenses against people spamming the (undocumented) SDK endpoints.
Workarounds
Tried to http://www.jsnice.org/ but it won't get much better.
Ideal Solution
Open source SDK
Other Information
Please do not be evil.