Configuration: Svelte Development Build¶

Identifier: svelte_development_build

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Svelte development builds expose debugging information and development-specific features that should not be present in production environments, potentially revealing internal application structure and aiding attackers in understanding and exploiting the application.

How we test: We analyze JavaScript bundles and application responses to detect if Svelte development builds are deployed in production. We check for development-specific features, debugging tools, and source maps that indicate a development build is being used instead of a production build.

References:

https://kit.svelte.dev/docs/configuration#mode

Configuration¶

Example¶

Example configuration:

---
security_tests:
  svelte_development_build:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.