I believe the blog post below has relevance to Debian's stance on
including minified JavaScript in packages:
https://zyan.scripts.mit.edu/blog/backdooring-js/
To me the problem suggests that it is important from a security and
accountability perspective to 1) include the human-readable source
code of JavaScript in Debian packages, and 2) to compile the
human-readable source code into a minified code (if required) during
package builds, using a JS-minifier that is included in Debian.
Thoughts?
This is anyway mandatory in Debian,