Open 7f8ddd opened 1 month ago
Defaulting to production can hide important debugging information, increase the risk of accidental deployments and security issues, and complicate the development process, so it's safer to default to development mode.
This causes, for example, /bun:info to leak system information, when the NODE_ENV is not explicitly set to production. Some users may use prod, dev, staging, etc., so this fixes that problem.
bad idea
Defaulting to production can hide important debugging information, increase the risk of accidental deployments and security issues, and complicate the development process, so it's safer to default to development mode.
Except this only applies to the Bun server internally and has no effect on what environment variable you're using. If you're using this export, you have other problems.
I see, I misunderstood you at first. However, I still don't agree with setting it to 'prd' by default. I believe it's better to require the environment variable to be explicitly set before running. This way, the user must intentionally specify the mode, ensuring they have considered whether they want to run in development or production mode.
I see, I misunderstood you at first. However, I still don't agree with setting it to 'prd' by default. I believe it's better to require the environment variable to be explicitly set before running. This way, the user must intentionally specify the mode, ensuring they have considered whether they want to run in development or production mode.
Why would the user want the internal Bun server in development mode? All it does is leak information. If anything, it should be made a config option.
This causes, for example, /bun:info to leak system information, when the NODE_ENV is not explicitly set to production. Some users may use prod, dev, staging, etc., so this fixes that problem.