FAQ-001234 - Minified JavaScript and Source Code Provision / Minified JavaScript Alternatives

For managed packages, instead of solely using minified JavaScript, you should include unminified versions of the JavaScript files alongside the minified ones in static resources. For example, if you have a minified file named `foo.min.js`, you should also include an unminified version named `foo.js`. The unminified version is required for security reviews, as minified files cannot be effectively parsed by human auditors or static analysis tools like Checkmarx. While the unminified file doesn't need to be served to users, it must be available for review. If you have intellectual property concerns, you can provide the unminified source files separately.

The FAQ content is accurate and well-structured. No changes were needed to the question as it clearly addresses the topic. The answer was already comprehensive and correct - it explains the requirement to include both minified and unminified JavaScript files, provides a clear example with naming conventions, explains why this is necessary for security reviews (human auditors and static analysis tools need readable code), clarifies that unminified files don't need to be served to users, and addresses intellectual property concerns. The content aligns with AppExchange security review requirements and doesn't conflict with any available security rules. No security rules were selected because this FAQ addresses a documentation/review process requirement rather than code-level security issues that would trigger scanner rules. The available rules focus on runtime security vulnerabilities in code, while this FAQ addresses the review process requirement for providing readable source code.