: Disclosure This post focuses on , a JavaScript protection product to which the author is affiliated (as CTO). Jscrambler is an extremely popular and open-source JavaScript runtime environment to create server-side applications. Node.js This tutorial will explain how to integrate Jscrambler seamlessly into the build process of a typical Node.js app in just a few minutes. You'll learn how to protect your Node.js source code with the most advanced polymorphic obfuscation techniques, along with code locks and self-defensive capabilities. Pre-requisites First, make sure that you have the latest version of npm installed on your local machine: npm update -g npm Now, of course, we need a sample Node.js app to use in this tutorial. Let's go ahead and use a very simple "Hello World" Express app. First, let's install Express: npm install express --save Then, let's create an file in our project's root folder with the following code, provided in the : app.js Express website const express = require('express') const app = express() const port = 3000 app.get('/', (req, res) => { res.send('Hello World!') }) app.listen(port, () => { console.log(`Example app listening at http://localhost:${port}`) }) This app starts a server and listens on port 3000 for connections. The app responds with “Hello World!” for requests to the root URL (/) or route. If we run the app with: node app.js We will see a "Hello World" message on . localhost:3000 Integrating Jscrambler Let's begin by getting a ready-to-use file with our intended Jscrambler configuration. If you haven't created a yet, be sure to do so before moving forward. Jscrambler account Log into the . Once there, create a new app. Now, it's time to pick the Jscrambler transformations that we want to use. We can pick them one-by-one in the tab but, in our case, let's go ahead to the tab and pick the template. If you need help with these steps, please refer to our . Jscrambler Web App Fine-Tuning Templates Obfuscation guide Now, we simply have to download a JSON file with all this configuration, which will be used only for quickly getting the required settings. You can do this by clicking the cogwheel next to "Protect App" on the right sidebar, which will present the following screen: Now that you have the file with the needed configuration, you can integrate Jscrambler into your Node.js app's build process using one of two tools: Grunt or Gulp. Let's explore both approaches. Grunt is a JavaScript task runner with the goal of automating repetitive tasks like minification, compilation, unit testing, code protection, etc. In this case, it is a handy option to ensure that the source code of your Node.js app is always protected at build time. Grunt To get started with Grunt, let's install it as a dev dependency: npm install grunt --save-dev Now, we need to create a configuration file for Grunt, . This file contains our project and Grunt task configuration and loads Grunt plugins and tasks. Gruntfile.js To keep things simple, let's set up a basic Gruntfile: module.exports = function(grunt) { grunt.initConfig({ pkg: grunt.file.readJSON('package.json') }); }; Next, we want to add the Jscrambler Grunt plugin: npm install grunt-jscrambler --save-dev Now that the plugin is installed, we must enable it in our Gruntfile by adding this line at the bottom: grunt.loadNpmTasks('grunt-jscrambler'); Right after this line, we have to set the "default" Grunt task with: grunt.registerTask('default', ['jscrambler']); Now that this is done, we also need to specify the task itself. Here, we will use some parts of the file we downloaded earlier: , , , and the array. jscrambler.json accessKey secretKey applicationId params Our final file should look like this: Gruntfile.js module.exports = function(grunt) { grunt.initConfig({ pkg: grunt.file.readJSON('package.json'), jscrambler: { main: { options: { keys: { accessKey: 'YOUR_ACCESS_KEY', secretKey: 'YOUR_SECRET_KEY' }, applicationId: 'YOUR_APPLICATION_ID', params: [ { "name": "objectPropertiesSparsing" }, { "name": "variableMasking" }, { "name": "whitespaceRemoval" }, { "name": "identifiersRenaming", "options": { "mode": "SAFEST" } }, { "name": "dotToBracketNotation" }, { "name": "stringConcealing" }, { "name": "functionReordering" }, { "options": { "freq": 1, "features": [ "opaqueFunctions" ] }, "name": "functionOutlining" }, { "name": "propertyKeysObfuscation", "options": { "encoding": [ "hexadecimal" ] } }, { "name": "regexObfuscation" }, { "name": "booleanToAnything" } ] }, files: [ {expand: true, src: ['app.js'], dest: 'dist/'}, ] } } }); grunt.loadNpmTasks('grunt-jscrambler'); grunt.registerTask('default', ['jscrambler']); }; If we take a closer look at the array, we'll see that Jscrambler will use the file, protect it, and then place the protected version on the folder. You can change these to match your project's requirements. files app.js dist/ Now, all that's left is to make sure that our build process is using Grunt. In our case, we must make sure that there's a script in our file to build our app using Grunt: package.json "scripts": { "build": "grunt" }, We're now ready to run our build: npm run build That's it! If we check our file, we will see that it has been obfuscated with Jscrambler. /dist/app.js Gulp According to the survey, is the second most popular build tool for JS. Similarly to Grunt, it allows you to automate repetitive workflows into efficient build pipelines. 2019 State of JavaScript Gulp To get started with Gulp, let's install it as a dev dependency: npm install gulp --save-dev Let's also install the Jscrambler Gulp plugin: npm install gulp-jscrambler --save-dev Now, we need to create a configuration file for Gulp, . gulpfile.js Let's go right ahead and add the configurations we need to get Jscrambler working with Gulp. To do this, we will need some parts of the file we downloaded earlier: , , , and the array. jscrambler.json accessKey secretKey applicationId params Our final file should look like this: gulpfile.js var gulp = require('gulp'); var jscrambler = require('gulp-jscrambler'); gulp.task('default', function (done) { gulp .src('app/**/*.js') .pipe(jscrambler({ keys: { accessKey: 'YOUR_ACCESS_KEY', secretKey: 'YOUR_SECRET_KEY' }, applicationId: 'YOUR_APPLICATION_ID', params: [ { "name": "objectPropertiesSparsing" }, { "name": "variableMasking" }, { "name": "whitespaceRemoval" }, { "name": "identifiersRenaming", "options": { "mode": "SAFEST" } }, { "name": "dotToBracketNotation" }, { "name": "stringConcealing" }, { "name": "functionReordering" }, { "options": { "freq": 1, "features": [ "opaqueFunctions" ] }, "name": "functionOutlining" }, { "name": "propertyKeysObfuscation", "options": { "encoding": [ "hexadecimal" ] } }, { "name": "regexObfuscation" }, { "name": "booleanToAnything" } ] })) .pipe(gulp.dest('dist/')) .on('end', done); }); If we take a closer look at this file, we'll see that specified the path to the files that Jscrambler will use. At the bottom of the file, places the protected version on the folder. You can change these to match your project's requirements. src .pipe(gulp.dest('dist/')) dist/ Now, all that's left is to make sure that our build process is using Gulp. In our case, we must make sure that there's a script in our file to build our app using Gulp: package.json "scripts": { "build": "gulp" }, We're now ready to run our build: npm run build That's it! If we check our file, we will see that it has been obfuscated with Jscrambler. /dist/app.js Final Thoughts Node.js is clearly the technology of choice to build server-side apps, especially thanks to useful frameworks like Express. If you're building Node.js applications that have sensitive logic and want to prevent , a security solution such as Jscrambler is a must. reverse-engineering, licensing violations, and tampering As we saw, you can easily integrate Jscrambler into Node's build process using either Grunt or Gulp. Even though we used the template, feel free to try other templates and protection layers like for improved runtime protection. Obfuscation Self-Defending And Jscrambler comes with premium support, so be sure to if you have any questions! contact us Previously published at https://blog.jscrambler.com/how-to-protect-node-js-apps-with-jscrambler/
Share Your Thoughts