Messaging for missing source maps

[connorjclark]

Part of #10369

We want to encourage users to make source maps available by enticing them with what's possible in the report. There are a few approaches to consider:

1. top-level warning

Too prominent. Listing to rule it out.

2. audit-level warnings

For audits that require maps to do anything useful (ex: bundle duplication), the audit should have a warning. This should expand the audit my default and list it right after the Failing audits but before the Passed audits. The audit can't be marked N/A (otherwise it wouldn't be in the warning clump). Should it be marked as passing?

For audits that don't require maps but are improved by them, a warning is almost what we want but may come off as too loud. What if we added a "notice", like warning but they don't get added to their own clump like warnings do?

3. there isn't a third option, maybe suggest one?

i started listing things but ran out of things at 2 ...

4. missing-source-map audit

Oh, I remembered another.

@paulirish suggested an audit that fails if a first party JS file is >x KB (resource size) and doesn't have a map. x = 500 KB? Over time we may reduce this threshold.

Alternatively this could be added to the still-WIP valid-source-maps audit. The plan was to just make it informative (ex: maps are found but mappings seem invalid, not a huge deal but would make code mappings inaccurate), but it could also fail based on the above criteria.

[paulirish]

Last one is great. Maybe unique from valid-source-maps, maybe they can be combined.

And bundleduplication gets n/a if no sourcemaps, but with a warning.

also we should have guidance on how to serve sourcemaps to Lighthouse but not everyone. (either Chrome-Lighthouse UA or &_secretSourceMapsOptIn=true url parameter)

[connorjclark]

(I was thinking via a vpn)

[waterplea]

I was surprised to notice lighthouse lowering my score for lack of sourcemaps on production build. Isn't this making my whole app source available to whoever opens DevTools?

[connorjclark]

If talking about Performance score: that is based on metrics, not any specific audit or opportunity.

If talking about Best Practice score: The audit valid-source-maps is not weighted.

Isn't this making my whole app source available to whoever opens DevTools?

Among other things, this issue is tracking writing documentation on how to deploy source maps behind authentication.

[waterplea]

Got it, thank you for clarification!

[andydavies]

I think it's a separate audit but if LH is going to warn on missing source maps it should also have an audit for inline source maps as there's some very large ones being shipped to production - 1.7MB is the largest I've found so far

[brendankenny]

I think it's a separate audit but if LH is going to warn on missing source maps it should also have an audit for inline source maps as there's some very large ones being shipped to production - 1.7MB is the largest I've found so far

that should be flagged by unminified-javascript and (I believe) unused-javascript, though they won't tell you what's causing it (just that the script has a ton of extra bytes it probably doesn't need). Probably a good special case to include in the report that's relatively easy to check and would help quite a bit when trying to fix those opportunities.

[patrickhulce]

We're moving this down to P1.5 @connorjclark given the last progress update was more than 6 months ago. If you feel differently, please feel free to move it back :)