grunt-gnirts
Advanced tools
Readme
This Grunt plugin is wrapper of gnirts.
Obfuscate the string literal in the JavaScript code.
gnirts mangles the string literal more than hexadecimal escape like "\x66\x6f\x6f".
That hexadecimal escape is found out too easily, and it is decoded too easily. That stands out in the code. The stealers get the secret text (e.g. password) easily by pasting that on the console (e.g. Developer Tools of web browser).
gnirts mangles the string literal by using some codes instead of hexadecimal escape. gnirts might not be able to protect the string from the stealers perfectly, but it forces a troublesome work upon them. (See Note.)
For example, a string that should be hidden is here:
var password = 'open sesame';
Add the directives:
var password = /* @mangle */ 'open sesame' /* @/mangle */;
And then, pass this code to gnirts. The string literal between /* @mangle */ and /* @/mangle */ is obfuscated:
var password = (function(){var m=Array.prototype.slice.call(arguments),i=m.shift();return m.reverse().map(function(j,a){return String.fromCharCode(j-i-55-a)}).join('')})(32,190,200,198)+(23).toString(36).toLowerCase()+(16).toString(36).toLowerCase().split('').map(function(Q){return String.fromCharCode(Q.charCodeAt()+(-71))}).join('')+(1022).toString(36).toLowerCase()+(function(){var m=Array.prototype.slice.call(arguments),Q=m.shift();return m.reverse().map(function(N,c){return String.fromCharCode(N-Q-16-c)}).join('')})(8,135,122,139)+(14).toString(36).toLowerCase();
But an above code is no good because a password variable can be shown by the debugger (e.g. Developer Tools of web browser).
Using no variable is better way. And gnirts supports the checking that the string matches.
For example, check whether an input from user is matched to a string literal:
if (userInput === 'open sesame') {
console.log('OK, the door will be opened.');
}
Add the directives (Note that all of the condition expression is included in the directive):
if (/* @mangle */ userInput === 'open sesame' /* @/mangle */) {
console.log('OK, the door will be opened.');
}
And then, pass this code to gnirts. The condition expression between /* @mangle */ and /* @/mangle */ is obfuscated:
if ((userInput).indexOf((function(){var l=Array.prototype.slice.call(arguments),O=l.shift();return l.reverse().map(function(P,g){return String.fromCharCode(P-O-3-g)}).join('')})(1,105),10)===10&&(new RegExp('^[\\s\\S]{9}'+(22).toString(36).toLowerCase())).test(userInput)&&(userInput).indexOf((function(){var J=Array.prototype.slice.call(arguments),z=J.shift();return J.reverse().map(function(H,d){return String.fromCharCode(H-z-47-d)}).join('')})(1,148,165,150,163),5)===5&&(new RegExp('^[\\s\\S]{2}'+(527).toString(36).toLowerCase()+(18).toString(36).toLowerCase().split('').map(function(w){return String.fromCharCode(w.charCodeAt()+(-13))}).join('')+(42840).toString(36).toLowerCase())).test(userInput)&&(userInput).indexOf((function(){var H=Array.prototype.slice.call(arguments),Y=H.shift();return H.reverse().map(function(u,U){return String.fromCharCode(u-Y-12-U)}).join('')})(59,184,182),0)===0) {
console.log('OK, the door will be opened.');
}
See gnirts for the usage of the directive and more informations.
This plugin requires Grunt ~0.4.1
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-gnirts --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks('grunt-gnirts');
In your project's Gruntfile, add a section named gnirts to the data object passed into grunt.initConfig().
grunt.initConfig({
gnirts: {
deploy: {
expand: true,
cwd: 'develop/',
src: '**/*.js',
dest: 'public_html/'
}
}
});
See gnirts for more informations.
This mangling is not the cryptography to keep the data secure. It is used to avoid the hacking, the stealing something or the reverse engineering for such as the hybrid applications or the web applications. If your program uses the sensitive informations such as the user's accounts, you should consider the standard secure system such as the cryptography by key pair.
FAQs
Obfuscate string literals in JavaScript code.
The npm package grunt-gnirts receives a total of 1 weekly downloads. As such, grunt-gnirts popularity was classified as not popular.
We found that grunt-gnirts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.