If your app uses global object as a config, you should make sure, that this object is truly readonly. So that an attacker can not modify it in dev console.
This is how to do it.
// example of frozen global object // freeze the config object properties const config = Object.freeze({ httpApi: 'http://127.0.0.1:20003/v1', wsApi: 'ws://127.0.0.1:3000', enableReduxDevTools: true, minLegalAge: 18 // in years }); // make sure that the config object can not be replaced Object.defineProperty(window, "config", { value: config, configurable: false, writable: false });
PS: I assume that “window” is sufficient as a global object. If your app runs in different environment then browser, then you will need to modify the code accordingly.