Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Documentation > Jscrambler Configuration File

Jscrambler File

The settings for Jscrambler's code protection are specified in the .jscramblerrc or jscrambler.json file.

Usage

Create a file in your root project folder named .jscramblerrc. You can name it otherwise, but this is the default name that will be automatically detected and used.

The following is an example of a .jscramblerrc file:

{
  "keys": {
    "accessKey": "_YOUR_ACCESS_KEY_",
    "secretKey": "_YOUR_SECRET_KEY_"
  },
  "applicationId": "_YOUR_APPLICATION_ID_",
  "filesSrc": ["./src/*"],
  "filesDest": "./dist"
  "params": [
    {
      "name": "stringSplitting"
    }
  ],
  "areSubscribersOrdered": false,
  "useRecommendedOrder": true,
  "jscramblerVersion": "stable",
  "tolerateMinification": true,
  "profilingDataMode": "off",
  "useAppClassification": true,
  "sourceMaps": false,
  "browsers": {}
}

Continuous Integration

If you plan on setting up a Continuous Integration pipeline to protect your source code, please download the "No Secrets" Settings file since it doesn't include your keys and applicationId. They can be securely set:

  • as Jscrambler CLI arguments:

    jscrambler -a $JSCRAMBLER_ACCESS_KEY -s $JSCRAMBLER_SECRET_KEY -i $JSCRAMBLER_APPLICATION_ID -o dist src/**/*.*

  • or as environment variables

    export jscrambler_keys__secretKey=********
export jscrambler_keys__accessKey=********
export jscrambler_keys__applicationId=********

  • or as an input in the Jscrambler GitHub Action

Downloading Templates

If you have already used the Jscrambler Web App, you can download the template you are currently using in the UI. To do so, follow the steps below:

1. Go to the Web Application's Dashboard

2. Click on the name of your application. This will redirect you to the "Create App" screen.

3. On the bottom right corner, click the "Import / Export" settings menu, and choose "Download All Settings".

Please be aware that if you name the file .jscramblerrc, Jscrambler's CLI will automatically detect the file and use it. If you decide to name it something else (e.g., jscrambler.json), you will need to pass it as an argument with the option -c, like so:

$ jscrambler -c jscrambler.json

Options

The .jscramblerrc file allows using the following options:

"keys.accessKey", "keys.secretKey", "applicationId"

The keys.accessKey and keys.secretKey properties vary from user to user, while applicationId changes according to the application that will be protected. They will not be pre-filled if you downloaded the "No Secrets" file from the Jscrambler Web App.

"filesSrc", "filesDest"

The filesSrc and filesDest properties are only required when you use our CLI. filesSrc is an array with the paths to the files you want to protect. filesDest is the path to the destination folder of your protected files.

"params"

The params property is required. It is an array containing the transformations you want to apply to your code, along with the options for each. Further information on Jscrambler's transformations is available in our documentation.

"areSubscribersOrdered", "useRecommendedOrder"

The areSubscribersOrdered and useRecommendedOrder properties are booleans which are used to dictate the order in which the transformations are applied to your code. Changing the order can result in a significant difference in the protected code. If you set useRecommendedOrded to true, it will follow Jscrambler's handpicked order for optimum protection results. If, however, you want transformations to be applied in a certain order, you can set areSubscribersOrdered to true so that Jscrambler follows the order in the params array. If both are set to false, the order will be random, but we advise against setting either of these options to false unless you are an advanced user.

"jscramblerVersion"

The jscramblerVersion property is only required when you use our CLI. When you use the Jscrambler Web App, you can switch between versions on the top right corner of the App. Further information on Jscrambler's versions is available in our documentation.

"tolerateMinification"

The tolerateMinification flag determines whether you will be able to minify your code after using Jscrambler. Enabling this flag makes it so that the modifications done by this process are not treated as malicious by our transformations. We nonetheless recommend that you use Jscrambler after minifying your code, as the last step of your build process, for optimum results.

"profilingDataMode", "useProfilingData"

These two properties are mutually exclusive, meaning they cannot be used at the same time. useProfilingDatais deprecated, therefore we recommend using the newer profilingDataMode. It has three possible options:

  • "profilingDataMode: off" - will disable the profiling feature;
  • "profilingDataMode: automatic" - will use the last profiling report available;
  • "profilingDataMode: annotations" - will use the profiling annotations in your code.

If you use the deprecated useProfilingData flag, be aware of the following:

  • "useProfilingData: false" - this is equivalent to "profilingDataMode: off"
  • "useProfilingData: true" - this is equivalent to "profilingDataMode: automatic"

If you want to learn more about our Profiling feature, check our documentation.

"useAppClassification", "sourceMaps"

The useAppClassification and sourceMaps flags enable or disable these features on your protection. Further information on these two features is available in the App Classification Documentation and Source Maps Documentation.

"browsers"

The browsers property is essential if you want to ensure that your protected code runs in certain browser versions. Further information on this feature, as well as its usage, is available in our documentation.