Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
grunt-jscrambler
Advanced tools
Readme
Add obfuscation to your build process with grunt and grunt-jscrambler.
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins.
The version's compatibility table match your Jscrambler Version with the Jscrambler Grunt Client. Please make sure you install the right version, otherwise some functionalities might not work properly.
Jscrambler Version | Client and Integrations |
---|---|
<= 7.1 | <= 5.x.x |
>= 7.2 | >= 6.0.0 |
Once you're familiar with that process, you may install this plugin:
npm install grunt-jscrambler --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTasks('grunt-jscrambler');
In your project's Gruntfile, add a section named jscrambler
to the data object passed into grunt.initConfig()
.
grunt.initConfig({
jscrambler: {
main: {
options: {
keys: {
accessKey: '',
secretKey: ''
},
applicationId: '',
params: [
{
name: 'whitespaceRemoval'
},
{
name: 'charToTernaryOperator'
}
]
},
files: [
{expand: true, src: ['foo.js', 'bar.js'], dest: 'dist/'},
],
// (Optional) Retrieve the protection Id
successCallback(protectionId) {
// console.log('Protection Id: ', protectionId);
}
}
},
});
grunt.initConfig({
jscrambler: {
main: {
options: {
keys: {
accessKey: '',
secretKey: ''
},
applicationId: '',
params: [
{
name: 'whitespaceRemoval'
},
{
name: 'charToTernaryOperator'
}
]
},
files: [
{
expand: true,
cwd: '/example/src/'
src: ['foo.js', 'bar.js'],
dest: '/destination/'
},
{
expand: true,
cwd: '/otherexample/'
src: ['foo.js', 'bar.js'],
dest: '/otherdestination/'
}
],
// (Optional) Retrieve the protection Id
successCallback(protectionId) {
// console.log('Protection Id: ', protectionId);
}
}
},
});
You will need your credentials and Application ID in order to protect your application.
Navigate to your Settings page and grab your accessKey
and secretKey
at the API Credentials section.
Your applicationId
can be found inside your application page just below your application name. Click the copy to clipboard icon to copy the applicationId
.
You can also grab your current configuration on your application page. This will download a .json
file containing a valid configuration with your currently selected options.
Keep in mind that the params
object is optional and if it is not provided we will use your previous configuration.
You can find some working examples here.
FAQs
Unknown package
The npm package grunt-jscrambler receives a total of 85 weekly downloads. As such, grunt-jscrambler popularity was classified as not popular.
We found that grunt-jscrambler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.