Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
grunt-jscrambler
Advanced tools
Add obfuscation to your build process with grunt and grunt-jscrambler.
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins.
Once you're familiar with that process, you may install this plugin:
npm install grunt-jscrambler --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks('grunt-jscrambler');
In your project's Gruntfile, add a section named jscrambler
to the data object passed into grunt.initConfig()
.
grunt.initConfig({
jscrambler: {
main: {
options: {
keys: {
accessKey: '',
secretKey: ''
},
applicationId: '',
params: [
{
name: 'whitespaceRemoval'
},
{
name: 'charToTernaryOperator'
}
]
},
files: [
{expand: true, src: ['foo.js', 'bar.js'], dest: 'dist/'},
]
}
},
});
grunt.initConfig({
jscrambler: {
main: {
options: {
keys: {
accessKey: '',
secretKey: ''
},
applicationId: '',
params: [
{
name: 'whitespaceRemoval'
},
{
name: 'charToTernaryOperator'
}
]
},
files: [
{
expand: true,
cwd: '/example/src/'
src: ['foo.js', 'bar.js'],
dest: '/destination/'
},
{
expand: true,
cwd: '/otherexample/'
src: ['foo.js', 'bar.js'],
dest: '/otherdestination/'
}
]
}
},
});
You will need your credentials and Application ID in order to protect your application.
Navigate to your profile page and grab your accessKey
and secretKey
at the API Credentials section.
Your applicationId
can be found inside your application page just below your application name. Click the copy to clipboard icon to copy the applicationId
.
You can also grab your current configuration on your application page. This will download a .json
file containing a valid configuration with your currently selected options.
Keep in mind that the params
object is optional and if it is not provided we will use your previous configuration.
You can find some working examples here
FAQs
Obfuscate your source files using the Jscrambler API.
The npm package grunt-jscrambler receives a total of 67 weekly downloads. As such, grunt-jscrambler popularity was classified as not popular.
We found that grunt-jscrambler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.