When developing our sites we commit our SASS files and css files to git and release that code to a DTAP environment. Those SASS (or SCSS) files are readable for everyone when you know the url. This way you can read the sass files from the browser.
Is there a security issue or something about this? Should we disable the browsing of these files?
Ik hope someone is able to help!
Thanks
A security problem would only exist if the SASS files contain sensitive information (usernames, passwords, API keys, file paths). Sometimes developers add sensitive comments to source files, so inform your team of the risk and don't consider it to be a critical priority.
Related
Is it necessary to have all files while re-designing website?
Like, I've designed a site with Nuxt JS, published it, now if in future I want to make some changes, do I need all files back that I started with? Like all node modules, pages folder, components folder, everything? Asking because there are tons of files in total.
A recent case happened with me is, I wanted to do some changes in my recent Nuxt JS site, but I missed "pages" folder, however I have "dist" folder. Is there any way I can like recover "pages" folder from my final production site?
Also, what will be best practice to manage Nuxt JS projects? Any tips, tricks will be appreciated.
To develop on a NuxtJS site, you need the directories and files listed in the Nuxt guide's Directory Structure section. The files you don't need for future development are the files in the default .gitignore that create-nuxt-app generates for you, including the dist directory and the node_modules directory.
The dist directory can be regenerated from your source code using npm run generate and node_modules from running npm install if you have package.json or package-lock.json file. Anything that can be generated from some other file(s), you don't need to keep.
Is there any way I can like recover "pages" folder from my final production site?
Unfortunately not.
What will be best practice to manage NuxtJS projects?
Not sure what you mean with "manage", but if you don't use git yet, then git.
I believe it is much the same as a vue.js 2.6 upload. I have my setup as follows, is this correct? Is the only file I need to amend the index.html file which in my case is in the techjobs folder? I have amended this file to suit the directory structure. Are there any other files.Please provide .htaccess file
I'm not sure about what are you asking, could you try to modify tour question, please?
Anyways, if what do you want is to know the way to compile and push to a production environment, there are several options like Firebase, Netlify, Github pages, etc.
You can use this documentation where you can follow step by step how to push to production.
https://cli.vuejs.org/guide/deployment.html#general-guidelines
Can't find anything on this online and might be a non-issue, but I figured I'd ask here to make sure.
We run the Wordfence security plugin on a bunch of WordPress sites and have recently seen this "critical issue" reported:
Filename: wp-content/themes/theme-name/node_modules/webpack-assets-manifest/test/fixtures/client.js
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity.
If you know about this file you can choose to ignore it to exclude it from future scans.
The matched text in this file is: require('./Ginger.jpg');
The issue type is: Backdoor:PHP/req_img.3645
Description: A backdoor known as req_img
Now first of all that doesn't look like a backdoor to me, especially since node_modules contents aren't executed unless I run npm (or yarn), as far as I understand. Is this more serious than I think?
Secondly, when running npm/yarn on the server, the node_modules folder has chmod 775 (drwxrwxr-x) by default. Is it okay to leave it like that or should we take any action?
It looks like middleman s3_sync doesn't upload my robots.txt. Is there a way to enable it to always upload a specific file?
It depends on the version of Middleman S3_Sync that you are using.
Versions 3.0.x build the list of files based on the content of the build directory. In that case, copying the file into the build directory will include it in the sync.
Versions 3.3.x moved to the Middleman sitemap in preparation of MM 4. It currently only syncs the files that Middleman is aware of. Copying a file into the build directory doesn't make S3_Sync aware of it.
In the second case, there are two options available.
The first one is to move robot.txt to the source directory. This will include it in the sitemap and it will be sync'ed.
The second is to open an issue (or even better, a pull request) that will ask for the ability to include files that originate from outside of the source directory.
It would help to get the version of Middleman and s3_sync that you are using.
I'm using IntelliJ with Gulp (with the babel and sourecemap plugins) to help me transpile my source ES6 to ES5. What is the best way to mark these generated files?
They are being sent into a seperate dist folder but I want them to behave in the following way:
I don't want them to show up in usage/code search
I want their changes to be detected by the integrated source control
I have tagged them as excluded but I read in IntelliJ's docs that this will prevent the folder from being watched for changes. Anyone have a good way of doing this?
Excluding the dist folder via Mark directory as/Excluded is the right way to go: files in excluded folders are not indexed/show up in usage/code search, but they can be version controlled, so both your requirements are fulfilled.