I am facing this issue for my angular app.
Dist version of app, does not restrict the direct folder access.
so www.mysite.com/scripts and /images and /styles folder are accessible.
This issue is not coming in development i.e. grunt serve this is coming in grunt serve:dist.
I have tried the deny folder using .htaccess of dist folder. but doesn't help
.htaccess files are specific for apache server, but you are running grunt, so all .htaccess files are ignored.
You should not use Grunt as your production server, since it is designed to local development environment only.
Take a look here: can grunt server use for production application deployment
Files generated with grunt (in dist folder) can be copied without issues to any other sever, designed to serve files in production (nginx or apache).