Publish Your Scrambled Code Through npm
September 19th, 2014 | By José Magalhães | 2 min read
Let's start publishing your scrambler code through npm now that Jscrambler fully supports Node.js. In other words, it is time to start publishing our obfuscated libraries through npm.
In this article, we’ll create a simple Express Hello World application with a build process that obfuscates all your code, ready to publish, while preventing your source code from being published. We will use Grunt, the JavaScript Task Runner, to set up all of our fancy tasks.
Build process to obfuscate code through npm
First, we create our application’s package.json:
{
"name": "jscrambler-node-example",
"version": "0.0.0",
"private": true,
"main": "index"
}
Notice that we’re setting private to true to avoid publishing the source code by mistake when using npm publish. Through the shell, let’s install our only non-development dependency:
npm install express--save
Now let's get to the application logic inside index.js:
var app = require('express')();
app.get('/', function(req, res) {
res.send('Hello world!');
});
app.listen(8080);
It’s a pretty useful application, isn’t it? What really matters is to set up our build tasks inside Gruntfile.js, but first, we’ll install our development dependencies:
npm install grunt grunt - jscrambler grunt - contrib - clean grunt - replace--save - dev
exports = module.exports = function(grunt) {
grunt.initConfig({
clean: {
dist: ['dist/']
},
jscrambler: {
main: {
options: {
keys: grunt.file.readJSON('jscrambler_keys.json'),
deleteProject: true
},
params: {
"whitespace": "%DEFAULT%",
"rename_local": "%DEFAULT%",
"dot_notation_elimination": "%DEFAULT%",
"function_outlining": "%DEFAULT%",
"dead_code_injection": "%DEFAULT%",
"string_splitting": "%DEFAULT%",
"literal_duplicates": "%DEFAULT%",
"literal_hooking": "%DEFAULT%",
"dead_code_elimination": "%DEFAULT%",
"self_defending": "%DEFAULT%"
},
files: [{
src: ['**', '!node_modules/**'],
dest: 'dist/'
}]
}
},
replace: {
dist: {
options: {
patterns: [{
match: /"private": true/g,
replacement: '"private": false'
}]
},
files: [{
src: ['dist/package.json'],
dest: 'dist/package.json',
cwd: '.'
}]
}
}
});
grunt.loadNpmTasks('grunt-contrib-clean');
grunt.loadNpmTasks('grunt-jscrambler');
grunt.loadNpmTasks('grunt-replace');
grunt.registerTask('default', ['build']);
grunt.registerTask('build', ['clean', 'jscrambler', 'replace']);
};
The build task obfuscates all the source code into a folder named dist and sets private to false inside the distributable version of package.json.
Finally, to build and publish, just type grunt && cd dist && npm publish on the shell.
Publishing scrambled code through npm: the benefits
With this approach, there are many benefits:
Deobfuscated code will never be published by mistake
Obfuscating the code is pain-free
Publishing the code only takes one extra step prior to npm publish
Time to let those Rubik’s nodes out!
Why Jscrambler?
Jscrambler's Code Integrity solution gives security teams tools to make JavaScript code resilient, fit the build process with zero overhead, and protect every version of code you deploy on every screen.
It is also the most compliant JavaScript protection solution on the market.
Read our comprehensive guide about JavaScript obfuscation to get answers to the what, why, and how questions. You can also explore our Infographic for a better understanding of how JS can be obfuscated.
Jscrambler
The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.
View All ArticlesMust read next
We Got You Covered with Jscrambler 3.7
New version of JScrambler 3.7 released with support for all the main JavaScript and HTML5 libraries and frameworks
January 14, 2015 | By Jscrambler | 2 min read
Addressing OWASP MASVS-R with Jscrambler
In this post, we will address the role of OWASP’s MASVS-R, and how we can address it with Jscrambler.
July 28, 2022 | By Jscrambler | 4 min read
