Expected Findings
- Source maps expose original source structure.
- Public config includes internal feature flags and API base URLs.
Modern Frontend Bundle
Next.js App
A shiny frontend that ships its config and source map openly, making hidden flags and build-time assumptions trivial to inspect.
Bundle inspector
Primary Flows
- Source map Build artifact with original source hints
- Config bundle Public runtime config
Signals
Feature Flags
window.__FLAGS__ = { previewAdmin: true, allowInvoiceReplay: true }