Vercel adds password protection to production debugging files
Original: Protected Source Maps: Ship browser source maps securely
Source: vercel.com ↗
Who: Posted on the Vercel changelog, authored by Andrew Gadzik, a software engineer at Vercel (the cloud deployment platform behind Next.js hosting).
What's new: Vercel now lets teams lock down production behind authentication, so only logged-in team members can fetch them. Everyone else receives a 404 not found response. New projects get this protection turned on automatically; existing projects can enable it in Settings under Deployment Protection without triggering a redeploy.
How it works: The .map files — the companion files browsers use to decode JavaScript during debugging — are placed behind . A browser developer tools session for a team member works normally; an outside request hits a wall.
Why it matters: Source maps are genuinely sensitive. They hand anyone who can download them a readable copy of your production codebase, including logic, variable names, and file structure that minification was supposed to obscure. Shipping them unprotected has historically been a quiet but real intellectual-property and security risk. Vercel making protection the default for new projects closes that gap without any extra configuration work from the developer.