Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
rollup-obfuscator
Advanced tools
Readme
A rollup/vite plugin to obfuscate your code based on javascript-obfuscator
First install the plugin as a dev dependency:
npm install rollup-obfuscator -D
Next we should add it to the end of the plugins array:
Rollup:
import { obfuscator } from 'rollup-obfuscator';
export default {
plugins: [
// ...
obfuscator()
]
}
Vite:
[!NOTE] This will only apply at build time
import { obfuscator } from 'rollup-obfuscator';
import { defineConfig } from 'vite';
export default defineConfig({
plugins: [
// ...
obfuscator()
]
})
The plugin should hopefully work out of the box. However, it's likely to break on larger applications - especially those that use complex frameworks. You should play with the options to find what works best for your application.
plugins: [
obfuscator({
// options go here
})
]
All config options can be found here. The plugin has the same default options, except setting sourceMap: true
and stringArray: false
.
include
- A FilterPattern of files to include. Defaults to ['**/*.js', '**/*.ts']
exclude
- A FilterPattern of files to exclude. Defaults to ['node_modules/**']
v4 of this plugin now requires a minimum Node version of v16, it may still work on older versions but it isn't tested. options.global
was removed and is now follows v3's global: false
behaviour, some issues came up that made it no longer make sense. Finally a few obfuscator option defaults were changed to: stringArray: false
, sourceMap: true
. If you're project doesn't work with v4 please let me know why by creating an issue. You can see the full code changes here.
FAQs
A plugin to obfuscate javascript for rollup & vite based on https://www.npmjs.com/javascript-obfuscator
The npm package rollup-obfuscator receives a total of 8,230 weekly downloads. As such, rollup-obfuscator popularity was classified as popular.
We found that rollup-obfuscator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.