Is the contents of the auth.ts file supposed to be public?

[theogravity]

I noticed that when using the next prod build, when accessing my site that uses next-auth, I'm able to see the contents of the auth.ts file in one of the chunks. Fortunately when I stepped through it, it didn't seem that the vars for the provider were set (as in my client secret doesn't seem to be leaked).

Overall, is this intentional? Using next-auth 5.0.0-beta.20 and next.js 15 RC app routing.

I am importing

import { auth } from "@/auth";

and using

const session = await auth();

but it's only via export default async function() on a page.tsx file or in a action method via a route.ts file.