VDB
EN
MEDIUM

GHSA-qcr8-x557-7cp3

@asymmetric-effort/specifyjs: Production console warnings may leak internal framework state

상세

## Finding

**Location**: `core/src/core/scheduler.ts:23`, `core/src/hooks/dispatcher.ts:100`, `core/src/client/graphql.ts:71`

Several `console.warn` calls are not gated behind `__DEV__` and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query fragments to users viewing the browser console.

## Status

**Open** — These warnings serve as development-time diagnostics. They do not expose credentials or PII, but may reveal internal architecture details.

## Recommendation

Gate all development-time `console.warn` and `console.error` calls behind `process.env.NODE_ENV !== 'production'` or a `__DEV__` constant that build tools can tree-shake.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @asymmetric-effort/specifyjs
최초 영향 버전: 0 수정 버전: 0.2.140
수정 npm install @asymmetric-effort/specifyjs@0.2.140

참고