Issue: Sensitive Data Leakage (Auth Tokens/Session State) in Production Builds

[SARTHAK2427]

Description

The CLI's bundling process currently includes the developer's local .storage directory in the final distribution package by default if copyStorage is enabled in Neutralinojs, the .storage directory is used at runtime to persist application state which often includes sensitive information such as

• Authentication tokens
• User session data
• Local database files
• Private configuration settings

Steps to Reproduce

1. Simulate an active session:

mkdir .storage
echo '{"token": "secret_dev_auth_token_420"}' > .storage/auth.json

2. Build the project:

neu build

3. Inspect the output:
   Navigate to the distribution folder (e.g., dist/test-app/) and observe that the .storage directory containing your private development token has been packaged into the production binary

Expected Behavior

• Production builds should never include the developer's local .storage directory by default.
• The CLI should provide a warning if a user attempts to package the .storage folder into a release.

Actual Behavior

• Private session data and credentials from the development environment may be unintentionally included in the production bundle exposing them to anyone who downloads the application

This is a high risk security flaw if a developer uses their own credentials for testing and then builds the app for release their private access tokens or sensitive local data are distributed to all end users

[ayaan-mirza7]

Can I Work on these issue ?

[SARTHAK2427]

@ayaan-mirza7 I’ve already solved this in my PR #413 feel free to check it out