Fix guide · medium · redux_devtools_enabled

Redux DevTools enabled in production

What this rule means

Your production bundle is wired to the Redux DevTools browser extension, exposing every state mutation, action, and dispatched payload.

Why it matters

Anyone with the extension installed can record every action — login attempts, payment flows, admin operations — and replay or modify them. Action payloads often contain sensitive data.

How to fix it

Disable in production builds:

const composeEnhancers = process.env.NODE_ENV === 'production'
  ? compose
  : (window.__REDUX_DEVTOOLS_EXTENSION_COMPOSE__ || compose);

Or with Redux Toolkit:

configureStore({ reducer, devTools: process.env.NODE_ENV !== 'production' });

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.

Run another inspection

Redux DevTools enabled in production

Why it matters

How to fix it

Did vibecheck flag this on your app?

Related fix guides