npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

jscrambler

v8.6.3

Published

Jscrambler API client.

Downloads

22,770

Readme

Jscrambler

Jscrambler Client for Browser and Node.js

Version Compatibility

The version's compatibility table match your Jscrambler Version with the Jscrambler Client. Please make sure you install the right version, otherwise some functionalities might not work properly.

| Jscrambler Version | Client and Integrations | |:----------:|:-------------:| | <= 7.1 | <= 5.x.x | | >= 7.2 | >= 6.0.0 |

Installation

Jscrambler requires node v12.17.0 or higher

On your project:

npm i jscrambler --save-dev

Or globally:

npm i -g jscrambler

Or a specific version:

npm i jscrambler@5

RC configuration

You may put your access and secret keys into a config file if found in these directories. Besides simplifying the command entry, this has the added benefit of not logging your Jscrambler credentials.

Here's an example of what your .jscramblerrc file should look like:

{
  "keys": {
    "accessKey": "_YOUR_ACCESS_KEY_",
    "secretKey": "_YOUR_SECRET_KEY_"
  },
  "applicationId": "_YOUR_APPLICATION_ID_",
  "filesSrc": [
    "/path/to/src.html",
    "/path/to/src.js"
  ],
  "filesDest": "/path/to/destDir/",
  "params": [
    {
      "name": "stringSplitting",
      "options": {
        "freq": 1
      }
    }
  ],
  "areSubscribersOrdered": false,
  "jscramblerVersion": "5.3"
}

Please, replace the _YOUR_ACCESS_KEY_, _YOUR_SECRET_KEY_ and _YOUR_APPLICATION_ID_ placeholders with your API credentials and Application ID. If you are having trouble finding these, please check our Getting Started page.

You can also download this file through Jscrambler's application builder. More information can be found here.

CLI

npm install -g jscrambler
Usage: jscrambler [options] <file ...>

Options:
  -V, --version                           output the version number
  -a, --access-key <accessKey>            Access key
  -c, --config <config>                   Jscrambler configuration options
  -H, --host <host>                       Hostname
  -i, --application-id <id>               Application ID
  -o, --output-dir <dir>                  Output directory
  -p, --port <port>                       Port
  --base-path <path>                      Base Path
  --protocol <protocol>                   Protocol (http or https)
  --cafile <path>                         Internal certificate authority
  -C, --cwd <dir>                         Current Working Directory
  -s, --secret-key <secretKey>            Secret key
  -m, --source-maps <id>                  Download source maps
  -R, --randomization-seed <seed>         Set randomization seed
  --instrument                            Instrument file(s) before start profiling. ATTENTION: previous profiling information will be deleted
  --start-profiling                       Starts profiling (assumes an already instrumented application)
  --stop-profiling                        Stops profiling
  --code-hardening-threshold <threshold>  Set code hardening file size threshold. Format: {value}{unit="b,kb,mb"}. Example: 200kb
  --recommended-order <bool>              Use recommended order
  -W, --werror <bool>                     Set werror flag value (default: true)
  --utc <bool>                            Set UTC as the request time zone. Otherwise it uses the local time zone (default: true)
  --tolerate-minification <bool>          Don't detect minification as malicious tampering (default: true)
  --use-profiling-data <bool>             (version 6.2 only) Protection should use the existing profiling data (default: true)
  --profiling-data-mode <mode>            (version 6.3 and above) Select profiling mode (default: automatic)
  --remove-profiling-data                 Removes the current application profiling information
  --use-app-classification <bool>         (version 6.3 and above) Protection should use Application Classification metadata when protecting (default: true)
  --input-symbol-table <file>             (version 6.3 and above) Protection should use symbol table when protecting. (default: no file)
  --output-symbol-table <id>              (version 6.3 and above) Download output symbol table (json)
  --jscramblerVersion <version>           Use a specific Jscrambler version
  --debugMode                             Protect in debug mode
  --skip-sources                          Prevent source files from being updated
  --force-app-environment <environment>   (version 7.1 and above) Override application's environment detected automatically. Possible values: node,browser,isomorphic,automatic
  --ensure-code-annotation <bool>         (version 7.3 and above) Fail protection if no annotations are found on the source code (default: false)
  -n <number>                             (version 7.2 and above) Create multiple protections at once.
  --delete-protection-on-success <bool>   Deletes the protection files after they have been protected and downloaded (default: false)
  --mode <mode>                           (version 8.4 and above) Define protection mode. Possible values: automatic, manual (default: manual)
  -h, --help                              output usage information

Required Fields

When making API requests you must pass valid secret and access keys, through the command line or by having a .jscramblerrc file. These keys are each 40 characters long, alpha numeric and uppercase strings. You can find them in your Jscrambler web dashboard under My Profile > API Credentials. In the examples these are shortened to _YOUR_ACCESS_KEY_ and _YOUR_SECRET_KEY_ for the sake of readability.

Output to a single file

jscrambler -a _YOUR_ACCESS_KEY_ -s _YOUR_SECRET_KEY_ -i _YOUR_APPLICATION_ID_ -o output.js input.js

Output multiple files to a directory

jscrambler -a _YOUR_ACCESS_KEY_ -s _YOUR_SECRET_KEY_ -i _YOUR_APPLICATION_ID_ -o output/ input1.js input2.js

Using minimatch

jscrambler -a _YOUR_ACCESS_KEY_ -s _YOUR_SECRET_KEY_ -i _YOUR_APPLICATION_ID_ -o output/ "lib/**/*.js"

Using configuration file

jscrambler -c config.json

where config.json is a file that optionally contains any of the Jscrambler options listed here, using the structure described in the RC configuration.

Options

Current working directory (--cwd)

JavaScript projects usually have a folder structure that must be preserved in order for the application to work properly. In order to make sure that that structure is preserved, the jscrambler client needs to know what is the path of the root folder of your project's file structure. We call this path the Current Working Directory (CWD). The folder structure of all the subdirectories of the paths that match the patterns passed to the jscrambler cli will be replicated in the output folder (specified by the filesDest parameter.)

There are three ways to define this setting:

  • If you use relative paths as input patterns, then the CWD is assumed to be the path on which the CLI was executed. For example, the following command, executed in /home/user (assuming config.js does not define neither filesSrc nor filesDest):

    jscrambler --config config.js -o out/ project/dist/*.js

    will output the protected files as /home/user/out/project/dist/<filename>.js.

  • If you use absolute paths as input patterns, then the CWD is assumed to be the root of the filesystem (/). For example, changing the previous command to use an absolute path:

    jscrambler --config config.js -o out/ /home/user/project/dist/*.js

    results in the files being output to /home/user/out/home/user/project/dist/<filename>.js

  • To change this behaviour, you can use the --cwd option to explicitly set the CWD:

    jscrambler --config config.js --cwd /home/user -o out/ /home/user/project/dist/*.js

    which results in the files being output to /home/user/out/project/dist/<filename>.js

Flag -W / --werror (default: true)

By default, Jscrambler will not protect your application when errors occur in some or all of your files. For example: if your app have 5 files and one of them has syntax errors, Jscrambler will not protect any of your files. To override this behavior you must set the werror flag to false.

Any error/warning will make the protection fail.

There are two possible types of errors:

  • Syntax errors

    Code

    function a[] {
      return
    }

    Output

    Global protection errors:
    - Errors ocurred while parsing
    
    Application sources errors:
    [
      {
        "filename": "index.js",
        "message": "SyntaxError: 'return' outside of function (1:0)",
        "line": 1,
        "column": null,
        "fatal": true
      }
    ]
    
    Protection failed. For more information visit: https://app.jscrambler.com.
  • Errors parsing jscrambler code annotations

    Code

     //@jscrambler define __something
    function test() {
      return true;
    }
    
    test();
    
    //@jscrambler [define xxxxx]
    function test1() {
      return false;
    }
    
    test1();

    Output

    Global protection errors:
    - Failed to protect any source file
    
    Application sources errors:
    [
      {
        "filename": "index.js",
        "message": "[Annotation Error] Expected \" \" or [a-z]i but \"_\" found.",
        "line": 1,
        "column": 21,
        "fatal": true
      },
      {
        "filename": "index.js",
        "message": "[Annotation Error] Expected \" \", \"define\", \"disable\", \"enable\", \"global\", \"order\" or \"target\" but \"[\" found.",
        "line": 8,
        "column": 13,
        "fatal": true
      },
      {
        "filename": "index.js",
        "message": "Parsing errors on annotations",
        "line": null,
        "column": null,
        "fatal": true
      }
    ]
    
    Protection failed. For more information visit: https://app.jscrambler.com.

Using a proxy to make requests

If your requests need to go through a proxy, there is an option where you can specify the ip address, port and authentication credentials.

{
  proxy: {
    protocol: '', // 'http' by default
    host: '',
    port: 1234,
    auth: {
      username: '',
      password: ''
    }
  }
}

Recommended Order (default: false)

jscrambler --recommended-order false input1.js -o output/

To enable:

jscrambler --recommended-order true input1.js -o output/

Profiling Data Mode (default: automatic)

Note: This option was introduced in the version 6.3 and should be used instead of use-profiling-data which is deprecated.

The profiling-data-mode option can be set to three different modes:

  • Annotations: considers only the profiling annotations;
  • Automatic (default): ignores the existing profiling annotations and only considers the application's profiling data;
  • Off: uses neither profiling data nor profiling annotations.

The following behaviour:

jscrambler --profiling-data-mode off ...

Has the same effect as:

jscrambler --use-profiling-data false ...

Instrument (--instrument)

Instrument is used when you want to Profile your application. It is a similar process as protecting your application, but it will just instrument your application so that we can collect some data about how it runs. When you instrument an application, jscrambler will output the instrumented version of that application to the specified file/directory. Check our documentation for more detailed information.

NOTE: When you run this command, the existing profiling information will be deleted (if any).

WARNING: DO NOT SEND THIS CODE TO PRODUCTION AS IT IS NOT PROTECTED

Javascript Appending and Prepending

This option is available in your configuration file and allows for Javascript files to be appended or prepended to specific files before protecting your code. It allows for multiple files to be affixed or prefixed with another file, without changing the original content of the file and more than one script can act on the same file - you can both append and prepend the same JS file with the desired scripts on the same protection. The concatenation of files can result in max file size errors - even though the original file may be under the max limit, the result of the concatenation may exceed this threshold.

{
  "beforeProtection": [
    {
      "type": "append-js",
      "target": "/path/to/target/file.js",
      "source": "/path/to/script/file.js"
    },
    {
      "type": "prepend-js",
      "target": "/path/to/target/file.js",
      "source": "/path/to/script/file.js"
    }
  ]
}

Symbol Table

Jscrambler can import symbol tables to ensure certain global variables and object properties have specific names. These symbol tables can be passed using the --input-symbol-table <file> option, or with the inputSymbolTable option in the configuration file.

These files follow the schema used by uglifyjs@^3:

{
  "vars": {
    "props": {
      "$globalName": "transformedName"
    }
  },
  "props": {
    "props": {
      "$propertyName": "transformedName"
    }
  }
}

Similarly, the resulting symbol table can be obtained using the --output-symbol-table <protectionId> option.

NOTE: It only makes sense to use symbol tables on protections that use the identifiers renaming parameter.

API

npm install jscrambler

Quick example

var jscrambler = require('jscrambler').default;

jscrambler.protectAndDownload({
  keys: {
    accessKey: '_YOUR_ACCESS_KEY_',
    secretKey: '_YOUR_SECRET_KEY_'
  },
  host: 'api4.jscrambler.com',
  port: 443,
  applicationId: '_YOUR_APPLICATION_ID_',
  filesSrc: [
    '/path/to/src/*.html',
    '/path/to/src/*.js'
  ],
  filesDest: '/path/to/destDir/',
  params: [
    {
      'name': 'whitespaceRemoval'
    },
    {
      'name': 'duplicateLiteralsRemoval'
    }
  ]
})
.then(function () {
  console.log('All done!');
})
.catch(function (err) {
  console.error(err);
});

More detailed informations can be found here.

Jscrambler Parameters

Please refer to docs for more information.