GHSA-qcr8-x557-7cp3
@asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
상세
## Finding
**Location**: `core/src/core/scheduler.ts:23`, `core/src/hooks/dispatcher.ts:100`, `core/src/client/graphql.ts:71`
Several `console.warn` calls are not gated behind `__DEV__` and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query fragments to users viewing the browser console.
## Status
**Open** — These warnings serve as development-time diagnostics. They do not expose credentials or PII, but may reveal internal architecture details.
## Recommendation
Gate all development-time `console.warn` and `console.error` calls behind `process.env.NODE_ENV !== 'production'` or a `__DEV__` constant that build tools can tree-shake.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
0 수정 버전: 0.2.140 npm install @asymmetric-effort/specifyjs@0.2.140