How do I know if my sensitivity code/credentials gets passed to the client or not?

Answered

Havana posted this in #help-forum

HavanaOP

2024-04-07T16:03:11.367Z

It's not transparent if my functions are safe or not.

For example, say in my NextJS project, I have an api.ts file with a function that declares constants for credentials. Do these credentials get passed to the client, just by defining them?

Answered by @ts-ignore

yes but it is recommended to use env vars for sensitive credentials as you've to explicitly specify which env var is exposed to client with NEXT_PUBLIC_

View full answer

5 Replies

@Havana It's not transparent if my functions are safe or not. For example, say in my NextJS project, I have an api.ts file with a function that declares constants for credentials. Do these credentials get passed to the client, just by defining them?

@ts-ignore

2024-04-07T16:04:51.220Z

if you call that file on the client then yes

HavanaOP

2024-04-07T16:05:57.748Z

So only when I import the file from a file that has "use client"?

@Havana So only when I import the file from a file that has "use client"?

@ts-ignore

2024-04-07T16:07:29.880Z

yes but it is recommended to use env vars for sensitive credentials as you've to explicitly specify which env var is exposed to client with NEXT_PUBLIC_

Answer

@ts-ignore

2024-04-07T16:12:11.363Z

and incase you want to make sure the vars aren't exposed to client, use [server-only](https://nextjs.org/docs/app/building-your-application/rendering/composition-patterns#keeping-server-only-code-out-of-the-client-environment)

HavanaOP

2024-04-07T16:18:04.257Z

@@ts-ignore thanks. do you perhaps also know the answer on my new question?: https://nextjs-forum.com/post/1226566085562859531