fix: remove sensitive console log from initialization

[KryssNa]

Fix: Removes console.log(this.options) in the Browser SDK constructor. This was previously logging the full configuration object, including the clientSecret (if provided), to the browser console.

Summary by CodeRabbit

• Chores
  • Updated console output during web tracker initialization to display a cleaner message without including additional runtime data.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

@KryssNa is attempting to deploy a commit to the Coderax's projects Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

Removed logging of initialization options from the OpenPanel web SDK constructor in two package locations. The console.log statements now output only a static initialization message instead of including the runtime options object, preventing potential exposure of sensitive configuration data.

Changes

Cohort / File(s)	Summary
OpenPanel SDK initialization logging apps/public/public/op1.js, packages/sdks/web/src/index.ts	Removed options object parameter from console.log in initialization path. Both files simplified console output from console.log("OpenPanel.dev - Initialized", this.options) to console.log("OpenPanel.dev - Initialized").

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Simple, consistent change pattern applied across two files
• Minimal scope with no logic modifications
• Security-focused fix to prevent logging of sensitive configuration data

Possibly related issues

• Security: console.log in Web SDK leaks clientSecret if provided #254 — Directly addresses the security vulnerability of logging sensitive options (including clientSecret) in the console during SDK initialization.

Poem

🐰 A rabbit hops through logs so bright,
Whisking secrets out of sight,
No more clientSecrets in the air,
Just "Initialized" — clean and fair! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing a sensitive console log statement that was exposing configuration options including clientSecret during initialization.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8312556 and e481336.

📒 Files selected for processing (2)

• apps/public/public/op1.js (1 hunks)
• packages/sdks/web/src/index.ts (1 hunks)

🔇 Additional comments (2)

packages/sdks/web/src/index.ts (1)

40-41: Initialization log no longer exposes configuration/options

Switching the constructor log to a static "OpenPanel.dev - Initialized" string removes the previous risk of leaking options (including clientSecret) to the browser console while keeping a lightweight init signal. This fully aligns with the stated PR objective.

apps/public/public/op1.js (1)

1-1: Bundled SDK mirrors safe initialization logging (no options/clientSecret in console)

The minified c constructor now logs only "OpenPanel.dev - Initialized" on init and no longer passes t/this.options into console.log, so the configuration (including any clientSecret) is not exposed from the public bundle either. This keeps the runtime behavior consistent with packages/sdks/web/src/index.ts.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}