Configuration: React Development Build¶

Identifier: react_development_build

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

React development builds expose debugging information and development-specific features that should not be present in production environments, potentially revealing internal application structure and aiding attackers in understanding and exploiting the application.

How we test: We analyze JavaScript bundles and application responses to detect if React development builds are deployed in production. We check for development-specific features, debugging tools, and source maps that indicate a development build is being used instead of a production build.

References:

https://react.dev/learn/development-tools

Configuration¶

Example¶

Example configuration:

---
security_tests:
  react_development_build:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.