How to disable single-spa-inspector in production mode?

[Honey-Johny]

I do not want the user to be able to manipulate the site

[joeldenning]

This isn't currently supported. A knowledgeable user of any website is able to modify the HTML content and run any arbitrary javascript in their browser console. Because of this, there is no concrete security benefit of disabling browser extensions like you've requested. It's worth noting that many browser extensions for js frameworks work in production, including both the react and vue devtools.

If you have interest in implementing a way to disable it, I'm open to it. Right now, single-spa-inspector calls into APIs that are exposed by single-spa on the __SINGLE_SPA_DEVTOOLS__ global variable. One implementation approach could be to make window.__SINGLE_SPA_DEVTOOLS__.getRawAppData() return an empty array. Another way could be to have the extension check window.__SINGLE_SPA_DEVTOOLS__.disabled to see if it should disable the extensino.

[Honey-Johny]

ty, it's not critical problem for me right now, if i have time i will try to disable it