Nodejs - obfuscate entire project - gulp-javascript-obfuscator - javascript

I am new to Nodejs and I have a Nodejs project with around 80 JS files distributed in different sub-directories and some of the js files are reused in the project. I would like to obfuscate the code as this project is shipped and installed on client systems where I do not have control and anyone who has access to the client can see the code.
Currently I am using gulp node-module to build a tar file of my project artifact. I came across posts which talks about javascript obfuscation using node-modules: javascript-obfuscator and gulp-javascript-obfuscator. The examples I have seen is for a single file obfuscation but not for an entire nodejs project.
I see a snippet on javascript-obfuscator npm page about obfuscating entire directory:
javascript-obfuscator ./dist --output ./dist/obfuscated [options]
// creates a folder structure with obfuscated files under ./dist/obfuscated path
I would like to use the gulp-javascript-obfuscator node-module to obfuscate my entire project. It would be great if one of you can guide me or post a snippet of Gulp task which can do this.
On a different note: If one of my js file is importing another file with require(mycode-api) then after the obfuscation does this change to require(mycode-api-obfuscated).
Ref:
https://www.npmjs.com/package/javascript-obfuscator
https://github.com/javascript-obfuscator/gulp-javascript-obfuscator

To obfuscate entire project, try this:
gulp.src(['src/**/*.js'])
.pipe(javascriptObfuscator())
.pipe(gulp.dest('../dist'));

var gulp = require('gulp');
var pipelines = require('readable-stream').pipeline;
const javascriptObfuscator = require('gulp-javascript-obfuscator');
gulp.task('min-js', function () {
return pipelines(
gulp.src('js/*.js'),
javascriptObfuscator(),
gulp.dest('dist')
);
});

Related

Building a Webpack 4 Config for SASS (Compilation, Minification in Prod), JS (Concat + Minification), and Multiple Vue Single Page Applications

Trying to setup a webpack setup for my entire resource generation workflow in our app. I don't need any hot reloading, browsersync, etc. Just needs to watch for changes, and rebuild depedent objects when changes are made. File structure looks like this:
(I apologize for the image I seriously looked up other methods to post structure, but nothing was working on the preview, I can post a fiddle-or-codepen with this output in a comment afterwards)
The only areas of note are:
1) Each folder underneath vue-spas each Single-Page Mini App (SPAs) generates it's own output file of the app.
2) All items in constructs underneath js are concat and minified into one output file (/dist/js/main.min.js) but every item underneath js/components/ just renders a minified and mangled version of that file
Lastly, I understand this is probably a difficult question to wrap around, but I have Gulp doing some of it now, and Webpack doing the Vue compilation, just trying to see if it's possible to consolidate into just webpack and let it do the work.
Thanks for any assistance.
There are a few approaches. The simplest would be to add a key for each app in the entry point configuration in your webpack.config.js file.
That would look like this in your webpack.config.js file:
module.exports = {
entry: {
app1: './vue-spa/vue-spa1/app.js',
app2: './vue-spa/vue-spa2/app.js'
// etc
}
};
This will output individual directories in your dist for each with a nicely bundled app file.
By default, if you pass in a production variable to your webpack build command it'll apply all the optimizations you're looking for. If it's lacking out-of-the-box, there's likely a loader that can handle whatever optimization you need.
For Sass, you can add sass-loader to your webpack file:
https://github.com/webpack-contrib/sass-loader
Your devServer can just watch your vue-spa directory recursively for changes.
Another approach is to use lerna -- though that would require additional configuration, and is only necessary in your situation if you're in an enterprise environment where each individual app is being shipped out to a private NPM registry, and require individual semver.

Strip a parent folder from a zip file

Given a zip file with the structure:
/unwantedParentFolder
/wantedFolder/**/*
/wanted.files
Is there an easy way to 'restructure' it so that /unwantedParentFolder is stripped. e.g.:
/wantedFolder/**/*
/wanted.files
Ideally using Javascript alone, although I could probably make common linux commands work.
For some further information: I am gluing together Gitlab and AWS CodeBuild using a lambda (hence the Javascript). Gitlab have an api to fetch the current repo files as a zip, and CodeBuild can build from a zip. Unfortunately Gitlab takes the view that the repo should be in a folder in the root, while CodeBuild wants the repo to be the root.
At the moment the best I've got is to package up the linux zip utilities, unzip everything into the temp folder, move one folder up and rezip. But it seems a bit hackey and I'm nowhere near a zip expert so I thought I'd put it out there...
Despite having found it, I obviously didn't take a hard enough look at the documentation of JSZip (as suggested by #LGSon)!
https://stuk.github.io/jszip/documentation/api_jszip/generate_async.html does exactly this:
const data = fs.readFileSync('file');
const zip = await JSZip.loadAsync(data);
const rerooted = await zip
.folder('unwantedParentFolder')
.generateAsync({ type:"nodebuffer" });
fs.writeFileSync('fixed.zip', rerooted);

Node.js, coffeescript and compiled js files

I understood it was possible to natively use CoffeeScript instead of JavaScript, without compiling the CoffeeScript files to JavaScript (at least not compiled them as files; Maybe in-memory or on-the-fly compilation).
I have a basic app with a main app.coffee file as following:
coffee = require 'coffee-script'
coffee = require 'coffee-script/register'
express = require 'express'
compression = require 'compression'
sockets = require 'socket.io'
http = require 'http'
server = http.createServer express
app = express()
# [...]
In my package.json I have the following:
// ...
"dependencies": {
"coffee-script": "^1.9.3"
// ...
}
"scripts": {
"start": "coffee app.coffee --nodejs"
// ...
}
// ...
I can run the app using $> nodemon app.coffee
or $> coffee app.coffee
or $> npm start
At some point when I re-run the application or save a CoffeeScript file, CoffeeScript file is compiled to a JavaScript file, and therefor every file in the folder tree end up getting duplicated in both a .js and a .coffee version, which I find pretty disturbing.
Also once there is a .js file for a module, I sometime feel like the application will use it in priority, and that changes in the CoffeeScript file are no longer taken in account.
How can I avoid this behavior, and avoid file to be compiled every time ? Is it possible for the node engine to natively use the CoffeeScript files without creating a .js copy in the file tree?
Of course I understand that the Node.js engine is a JavaScript engine, but is there a way to maybe compile/run files directly in-memory or in a different folder (since it might still be interesting to see the JavaScript output)?
What is the exact interaction between the Node.js engine, the CoffeeScript compiler, and how can I understand this behavior ?
I often use a small .js file to launch my code making the command to start my applications node index.js which contains this:
CoffeeScript = require('coffee-script');
CoffeeScript.register();
require('./src/main');
Change ./src/main to the path to your coffee file.
It uses your coffee files to run your code giving stack traces etc.. that correspond to your coffee source.
Your app.coffee would not need to require coffee-script as you are already using coffee at that point.

After modularizing an AngularJS app, how do you include the entire project in the index.html without having to type a ton of <script> tags

I've been learning Angular for awhile now and am looking into the best ways to modularize the application. I think my understanding of that is going pretty well, but I've looked around for awhile and can't seem to get a good answer as to how all of these .js files get included inside of the index.html without just manually typing out a bunch of tags. I've been looking into Grunt/Gulp and get how those are combining the entire app into one .js file, but for development I'm guessing you don't want to have to re-run grunt or gulp every time you want to update the app.
There are many different options: gulp, grunt, or webpack seem to be the most popular. I tend to use webpack the most these days.
A good setup will typically run a local node server, which will refresh the browser automatically every time you make a change to a file.
There are many yeoman generators that will set this all up for you, or you can find simple examples on github.
The basic idea is to
concatenate all your js files (in proper order so the module definitions go before controllers/services)
minify if for production
copy to a fixed path
include this single js file in your html
during development have your grunt/gulp script watch for changes in js files and re-run the above steps so you don't have to run the grunt/gulp task manually.
Now if you are using gulp here is how you would typically handle above steps
gulp.task('process-js', function () {
return gulp.src(jsFiles, {base: './'})
.pipe(gulpif(isProd, concat('all.min.js'), concat('all.js')))
.pipe(gulpif(isProd, uglify({mangle: true, preserveComments: 'some'})))
.pipe(gulp.dest(deployFolder + '/static/js'))
});
where jsFiles is an array of files/folders that contain your angular app js files
var jsFiles = [
'!static/js/**/*.js',
'!static/js/plugin/**/*.*',
'app/index/**/*module.js',
'app/index/**/*config.js',
'app/index/**/*ctrl.js'
];
Note: use ! prefix to exclude certain files/folders from processing.
isProd is just a flag that indicates whether you are preparing for production or development.
During development I also use BrowserSync to watch any changes to my js files and re-run the gulp task to prepare all.js. It also refreshes the page in browser automatically.
gulp.task('run', function () {
browserSync({
server: {
baseDir: deployFolder
},
open: true,
browser: ['google chrome'],
files: deployFolder + '/**/*',
watchOptions: {
debounceDelay: 2000
}
});
gulp.watch(jsFiles, ['process-js']);
});
gulp.task('default', function () {
runSequence(
'clean',
'run'
);
});
Gulp/Grunt to concat all your angular files.
Create 2 tasks :
a dev build task
concat to one file BUT don't uglify.
a distribution/production task which is the same as dev one but this one uglify the concatenated file.

How do I connect bower components with sails.js?

I'd like to be able to install Javascript dependencies through bower and use them in a sails.js app, but I can't figure out a way to do this with out just copying an pasting files from the bower_components folder to the Sails assets folder.
Ideally I think I'd like to use requirejs and point to the bower components in the main.js file. I may be trying to pound a square peg in a round hole, please let me know if so. Any thoughts on managing components/libraries with Sails are welcome.
In Sails 0.10 the 'assets/linker' directory no longer exists, however I found a lead on simple solution that gives some automation to the bower -> asset linker workflow while also allowing some granular control over what exactly ends up getting linked.
The solution is adding grunt-bower to your Sails.js compileAssets task
grunt.registerTask('compileAssets', [
'clean:dev',
'bower:dev',
'jst:dev',
'less:dev',
'copy:dev',
'coffee:dev'
]);
Then configure your grunt-bower task like so (as tasks/config/bower.js):
module.exports = function(grunt) {
grunt.config.set('bower', {
dev: {
dest: '.tmp/public',
js_dest: '.tmp/public/js',
css_dest: '.tmp/public/styles'
}
});
grunt.loadNpmTasks('grunt-bower');
};
This will automatically copy your bower js and css files to the proper place for Sail's asset linker to find and automatically add to your project's layout template. Any other js or css files will still automatically be added after your bower files.
However this is still no silver bullet as this setup has 2 big caveats to it:
1 - The files that are added through bower-grunt have to be listed in bower.json's main array. If you see a file isn't being loaded you would expect to be, you must either edit that packages bower.json file OR add the dependency manually through grunt-bower's packageSpecific options.
2 - The order of bower files in the asset linker is currently alphabetical. My only recourse to adjust this order so far is tinkering around with an additional grunt task to manually re-order files prior to the rest of Sail's compileAssets task. However this one I'm confident there is something grunt-bower could do by supporting package copy ordering.
Note: the following answer is no longer completely relevant to the current version of SailsJS because there is no support for the linker folder as of SailsJS 0.10.
See: Sails not generating linker
Original answer:
I was able to figure out a solution for this, which is actually pretty simple. I had not realized you could configure where bower places it's files.
Create a .bowerrc file and change the directory where bower components are installed, in the case of Sailjs they should be put into the assets folder.
/*
* Create a file called .bowerrc and put the following in it.
* This file should be in the root directory of the sails app.
*/
{
"directory": "assets/linker/bower_components"
}
Sails will then use grunt to copy them to the .tmp/public/assets folder whenever a file is change. If you don't wish to have sails continually deleting and then recopying those files you can exclude them in the grunt file.
/*
* This is not necessary, but if you have a lot of components and don't want
* them constantly being deleted and copied at every file change you can update
* your Gruntfile.js with the below.
*/
clean: {
dev: ['.tmp/public/**',
'!.tmp/public',
'!.tmp/public/bower_components/**'],
build: ['www']
},
One tip on using requirejs with sails. By default you will get an error from the socket.io file since sails will load it without using requirejs. This will throw an error since socket.io supports amd style loading, more details here http://requirejs.org/docs/errors.html#mismatch.
The simplest way to fix this is to just comment out the lines near the end of the socket.io.js.
/*
* Comment the below out in the file assets/js/socket.io.js, if using requirejs
* and you don't want to modify the default sails setup or socket.io.
*/
if (typeof define === "function" && define.amd) {
define([], function () { return io; });
}
The other way would be to recode the sails files in assets/js named "socket.io.js", "sails.io.js" and app.js to be amd modules.
The simplest way I've found of achieving this is simply to add the individual Bower components to your tasks/pipeline.js file. For example, here's how you might add Modernizr:
// Client-side javascript files to inject in order
// (uses Grunt-style wildcard/glob/splat expressions)
var jsFilesToInject = [
// Load sails.io before everything else
'js/dependencies/sails.io.js',
// Dependencies like jQuery, or Angular are brought in here
'js/dependencies/**/*.js',
// =========================================================
// Modernizr:
'bower_components/modernizr/modernizr.js',
// =========================================================
// All of the rest of your client-side js files
// will be injected here in no particular order.
'js/**/*.js'
];
A link to bower_components/modernizr/modernizr.js then gets inserted in the <!--SCRIPTS--> placeholder in your layout template, and it also gets minified, etc, when you run sails lift --prod.
Sorry for my late.
I think include bower_components in linker it's a bad idea, because when you will lift sails, everything in it will be copied in .tmp and include in tags.
For example, if you have include Angular with bower, you will have two inclusions in your script: one for angular.js and one for angular.min.js. And having both is a mistake.
Here is my solution on my projects :
I have created a folder bower_component in my root directory.
I have added this line in my Gruntfile.js in the array files in copy:dev
{ '.tmp/public/linker/js/angular.js': './bower_components/angular/angular.js' }
And for each files I want to include, I need to manually add a new line in this array. I haven't find an another automatic solution. If someone finds a better solution... ;)
There is more than one approach to hooking up SailsJS and Bower.
A package for SailsJS that integrates Bower via a custom generator exists here:
https://www.npmjs.com/package/sails-generate-bower
There is one for Gulp as well.

Categories

Resources