I would like to allow a JavaScript program running in VisualStudioCode to use readline-sync, but when I try to use the
const input = require('readline-sync');
line that works in environments like Replit after causing that module to be added, I get an error message about not having the appropriate module. In trying to find an answer to this question, I have gotten the impression that modifying a "package.json" file is involved. However, I'm not sure exactly where this file is supposed to be and believe that I may not have one for my current project yet. When I use VSC's Command Palette to enter the
JavaScript: Go to Project Configuration
command, I get a popup in the lower-right corner that says
"Please open a folder in VS Code to use a TypeScript or JavaScript project
Source: TypeScript and JavaScript Language Features (Extension)"
I believe that the problem may have something to do with the fact that I have previously mainly used VSC for standalone code pages that interacted only with the console or with languages other than JavaScript and am not really familiar with how to set up a project that requires multiple files to work in conjunction in the VSC environment.
Related
I have found the settings in Visual Studio Code to enable type checking for JavaScript in JS files. Such that: Bad code is highlighted and it also shows the reason why it's bad code
This behavior does not occur for JavaScript code in Vue files. I have searched through all the settings in Visual Studio Code. I have scoured the internet for any extension that can do this for me to no avail.
How can I make my Vue files type-check the JavaScript in them?
LOL. I found the answer.
All I had to do was add //#ts-check directly underneath the script tag and type checking was enabled.
So HAPPY!!!
Thank you, everyone, for your input
For best results I'd suggest starting a new project using vue-cli and selecting the options for TypeScript and ESLint. You'll also need the ESLint extension for VS Code.
Here's a helpful blog post showing the parts of this process.
Once you have a nicely working setup with the clean project, then move the code over. I suggest this because getting all the config right can be a mess with an existing project.
I recently developed an app with electron framework and am now worried about source code protection after reading security concerns related to electron javascript code.
I mean reverse engineering of the code is possible even if the app is built for production. My application contains many critical information like GitHub Private Token for AutoUpdate and much more.
I just have gone through many SO post but didn't find the perfect answer so resolve the problem. Obfuscation of javascript code or source code protection is not possible with electron? However, Obfuscation doesn't protect the code completely but it can make reverse engineering complex. if there is a workaround for doing so, let me know. I didn't find more than tl;dr in the security-related post of the electron.
I found an obfuscation method by obfuscator but seems it's gonna need manual obfuscation and nothing much about the source code protection like in NW.js Is there any better way to achieve it?
I found something helpful for obfuscation on Medium post. but didn't find anything about source protection.
tl;dr You can and it is not worth the effort. Just pack your source
into a asar file, it keeps most people away from it.
Long awnser:
Use the asar option when building your app.
Obfuscating the code with a uglyfier.
Use WASM
Language bindings to grab your data from a compiled format
neonjs for Rust
edge-js for C#
N-API, NAN for C/C++
Otherwise your files are scripts, all these steps only slow down a
attacker (Tactic of many defenses), but they will not prevent them
from accessing them. The devTools are fairly easy to get opened and
people will be able to read the code in some way, shape or form. And
if someone gets your Obfuscated code it is simple to reconstruct what
is happening (see here for reference:
https://www.youtube.com/watch?v=y6Uzinz3DRU)
If you want to protect yourself from code manipulation, there are
better ways to do it. Like Hashing, Context Isolation etc. electron
has a whole chapter on the matter.
https://github.com/electron/electron/blob/master/docs/tutorial/security.md
There is a library called bytenode which allows you to convert your Javascript files into binary files so that noone can read it.
https://www.npmjs.com/package/bytenode
First install bytenode on your server and in your folder:
>npm i -g bytenode
>npm i bytenode
Create a normal nodeJS file with the following code in it. Let's imagine we name the following code: ok.js
console.log('bytenode works');
Then, compile your javascript code. The command will create a .JSC file with the same name than your file.
user#machine:~$ bytenode -c ok.js
Then, in a main JS file, you will call your binary, let's call it test.js:
const bytenode = require('bytenode');
const myFile=require('./ok.jsc');
myFile;
Save it.
Then, you will call test.js: node test.js to test it. Do a "cat ok.jsc" to see that it is really a binary and that nobody can't see your code. You can move your original plain test js file to another location.
You can use bytenode as mentioned is Nicolas Guérinet's answer.
However, the binary generated by bytenode CLI will give you runtime error when you try to use it in your electron project. The error will say something like:
"Invalid or incompatible cached data (cachedDataRejected)"
For the binary to work with electon, it must be generated by electron itself.
Here's how to get it working:
Let's say you want to protect main.js in a typical electron project.
Install bytenode
npm i bytenode
Rename main.js to something else, say temp.js.
Create a new main.js with the following code:
const { app, BrowserWindow } = require('electron')
function createWindow() {
// Create the browser window.
mainWindow = new BrowserWindow({
width: 400,
height: 200
})
//use bytenode to convert js files to jsc
const bytenode = require("bytenode");
let compiledFilename = bytenode.compileFile({
filename: './temp.js',
output: './main.jsc'
});
//convert other Node.js files as required
}
app.whenReady().then(() => {
createWindow()
})
Now run your electron project. When the blank window appears, look into you project directory, you will find the main.jsc file.
Change your main.js to the following three line code:
const bytenode = require('bytenode');
const myFile = require('./main.jsc');
myFile;
Remove your nodejs source file (temp.js) from your project and build your project.
You can also minify and obfuscate your code before converting it to jsc.
Credits to https://github.com/mapleby for his posts at https://github.com/bytenode/bytenode/issues/63.
I have adapted his idea to get it working.
This will make is significantly more difficult for someone to reverse engineer your code but it will still be possible.
If you're referring to code that you for some reason must have on the client-side, then obfuscation can definitely help. There's no such thing as obfuscation that's impossible to defeat; however, it can raise the cost of de-obfuscation to a point where it's just not worth it for attackers.
The OWASP Mobile Top 10 2016-M9-Reverse Engineering mentions this: "In order to prevent effective reverse engineering, you must use an obfuscation tool". Then you also may benefit from runtime self-protection, which you can also find on the OWASP list: "The mobile app must be able to detect at runtime that code has been added or changed from what it knows about its integrity at compile time. The app must be able to react appropriately at runtime to a code integrity violation".
When comparing different obfuscators, it's critical to check if they provide support and documentation and ensure that the company behind them won't add malware and hide it in the obfuscated code. Here's where free obfuscators often come short.
Check Jscrambler for an enterprise solution. They support Electron and the full list of their obfuscation transformations is available here.
Recently i switched to Ubuntu/Linux and searched for some good text editor and i found Sublime Text, i'm very beginner at coding and i was using Notepad++ in windows.
After i downloaded sublime text, i tried to write some codes in javascript to see if it works but it said "No Build System" and when i looked for it, i didn't find any guide for linux... in Notepad++ all i have to do was click run and ta da, the output screen was there.
I don't know much about linux or sublime text, my exact question is how can i run and see my codes in the output screen, currently i'm working on Javascript and i have no idea what a "Build System" is, i just want to type some basic code in sublime text and see the result on the screen, so if you help me i'll be much appreciated.
Here's an image the problem:
In order to explain your problem it's first important to realize that although the feature is called build, it applies just as much to running an interpreted program as it does to actually building anything; think of it less as a "build" tool and more as a "run some external program to do something" tool instead.
With that said, Sublime comes pre-installed with a few different build systems for various languages, but JavaScript isn't one of them. Possibly this is because it's generally unclear whether a particular JavaScript file is meant to be used in a browser, or executed via something like node, but that's just a guess.
In your case, the text No build system is literally telling you that you have told Sublime to automatically select an appropriate build system for the type of file that you're editing, but that it didn't find one and so there's nothing that it can do.
The solution to the problem would be to either install a third party package that includes a JavaScript build system (see Package Control) or create one yourself.
A good rule of thumb for Sublime is that if there is a command you can execute from a command prompt that will do what you want, and you don't need to interact with that command (i.e. it doesn't need to ask you questions before or while it does something), you can set up Sublime to run that command for you.
One tool you can use to execute JavaScript is NodeJS, which provides a command named node that can execute JavaScript files if you install it:
tmartin:dart:~> cat sample.js
console.log("Hello, world!")
tmartin:dart:~> node sample.js
Hello, world!
Since this is a command that we can execute from a terminal to do what we want, and it doesn't require us to interact with it to tell it how to do anything, we can set up a build system to use it.
As an example of how to do that, select Tools > Build System > New Build System... from the menu, and then replace the contents of the file with the following code, then save it in the location that Sublime will default to as something like JavaScript.sublime-build:
{
"shell_cmd": "node \"${file}\"",
"selector": "source.js"
}
This simply says that when executing this build, Sublime should use the command node and provide it the name of the file that you're currently editing, and that this build system applies to source files of type js (JavaScript).
With that in place, if you select Tools > Build System > Automatic or Tools > Build System > JavaScript (the name in the menu reflects the name you used for the file), you should be able to use Ctrl+B to execute your program:
Note: This is an older image and uses cmd instead of shell_cmd; both examples will work the same way but shell_cmd is the recommended way to go unless you have a compelling reason not to.
You can check out the official documentation on build systems for more information on the options available to you in a build system.
Important notes:
If you get an error like command not found or something similar, it means that you either entered the command incorrectly, that program is not installed, or you need to tell your computer (and thus Sublime) where to find it by modifying your PATH; how you do that is system specific.
Make sure you save a new file manually at least once before you try to run it; before you do the file isn't on disk yet and can't be executed, which can cause strange errors to occur. It can be a good idea to make sure that Tools > Save all on build is checked to ensure your files on disk are always up to date when you build, but this won't save a new file that doesn't have a name yet.
I said this twice, but it bears repeating; if you need to interact with a command in any way, this won't work for you (without changes on your end). This includes if you try to execute a script that wants you to interact with it (e.g. it asks you your name and then prints it and such like). In such a case your program will seem to hang forever because it's waiting for input that you can't provide.
I am a beginner in Javascript, I decided to practice Javascript by problem solving using it, I found an online judge that accepts Javascript V8 4.8.0 code.
So, I searched online to get that version of Javascript V8 on my machine, but I couldn't find any easy way, All the pages were explaining how to build it, and it seems to be a process that I don't need to go through.
Is there an easy way to compile and run command line apps written in Javascript on my machine?
Note: I don't want to use node.js because I tried using it's I/O and
as a beginner I think it is complex in some way.
Update: I found that package manager pbox.me which provides a version of V8 JavaScript Engine and I managed to install it.
Yet another problem appeared: whenever I try to run a js file writing d8 myfile.js in command line nothing happens as if it is an empty program, knowing that I tryied to d8.exe file and it is working, and I made sure the PATH is inserted in the environment variables.
What am I doing wrong?
The easiest way to get started with JavaScript is probably to use it in a browser. You can type simple things directly into the browser's JavaScript console (check the menu); or you can embed your code in a simple HTML document.
If you want, you can even pretty easily implement the readline()/print() functions, so you can pretend to be doing stdin/stdout based I/O: just read from an array of strings, and send output to console.log (or create DOM nodes if you want to be fancy and/or learn how to generate dynamic website content by hand).
Side note: V8 4.8 is severely outdated, don't use it to execute code you haven't written yourself.
I think the question says most of it. I have an autogenerated ManualSpecRunner.html file as created by maven / jasmine plug-in and I've got it to put itself into the deployable .war by using:
<jasmineTargetDir>${basedir}/pathForMyWebapp</jasmineTargetDir>
However, all the links to js files within the ManualSpecRunner.html are hard coded file:/// references - this is a bit mental, I want them to just be the relative paths to the files that are also in the webapp i.e.
Currently it gives me this path:
file:///home/username/code/HEAD/pathForMyWebapp/js/yui.js
whereas I need it to have the far more simple
/pathForMyWebapp/js/yui.js
I have tried changing two other variables in the maven script, but neither seems to have the desired effect, neither of these configuration options do what I need, the second having seemingly no effect:
<jsSrcDir>/pathForMyWebapp</jsSrcDir>
nor
<jsTestSrcDir>/pathForMyWebapp</jsTestSrcDir>
I've looked through the documentation but think I must be missing something (also, more notes on various config params listed in https://github.com/searls/jasmine-maven-plugin/blob/master/src/main/java/com/github/searls/jasmine/AbstractJasmineMojo.java are meant to do would be helpful so I can work out if I'm doing it wrong or if it's not possible!)
Any suggestions?
[p.s. I've changed some of the path names as they've got sensitive info in them, so please ignore their oddness!]
I think I understand the source of your confusion. It looks like you're trying to direct the target of the jasmine-maven-plugin to a directory inside your project's packaged *.war file so that you can run your specs against the code after it's deployed to a server, is that correct?
Unfortunately, the plugin wasn't designed with that use in mind. The jasmineTargetDir directory is usually left at its default value of target/jasmine and wasn't intended to be bundled with your application (it's analogous to the target/surefire-reports generated by maven-surefire-plugin for Java unit tests). So the reason that the script tags in ManualSpecRunner.html point to invalid locations is because that file is generated in order to be run from the local filesystem in a browser from the workstation that's building the project (to facilitate TDD).
All of that to say, if I'm reading your intention right, I think it'd be a cool feature to build a third spec runner that could be deployed with the app and executed remotely. (Especially if the project's Jasmine specs are functional/integration as opposed to isolated unit tests.) Unfortunately that's not something the project does yet.
I'm afraid that for now, if you needed to bundle the jasmine tests and execute them on the deployed server, you would need to copy ManualSpecRunner.html and jasmine into your src/main/webapp, fix the script tag references, and then manually maintain it as files are added and removed.
Make sense?