Hi,
I’ve been playing around with bedrock and sage as a base for a new WordPress project. While hooking up the sage build steps to the capistrano deployment I realized that the structure of sage will leave the source files accessible on the web server.
I tried this out with several sites built with sage/bedrock, e.g.
https://roots.io/app/themes/roots/gulpfile.js
https://roots.io/app/themes/roots/assets/scripts/main.js
At least it seems dotfiles like .travis.yml are forbidden. On other pages I was able to open them as well, tough.
Not having worked much with frontend stacks based on gulp/grunt etc. Is this something I should be concerned about or is this perfectly normal?