If your app uses global object as a config, you should make sure, that this object is truly readonly. So that an attacker can not modify it in dev console. This is how to do it. // example of frozen global object // freeze the config object properties const config = Object.freeze({ httpApi: ‘http://127.0.0.1:20003/v1’, wsApi: …