Last updated: 9 Sep 2024
Framework versions tested: 16 ● 18 ● 20 ● 22
Node.js is an extremely popular and open-source JavaScript runtime environment to create server-side applications.
For the purposes of this tutorial, we will be creating a simple "Hello World" Express.js app. It simply contains an app.js file inside a lib folder with the following code:
// lib/app.js
// to install express library run:
// npm install express
const express = require('express')
const app = express()
const port = 3000
app.get('/', (req, res) => {
res.send('Hello World!')
})
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})
If you haven't tried Jscrambler out before reading this tutorial, please consider reading the Getting Started Guide, which will walk you through the steps on how to protect your application. This will make this section easier to grasp. It will also teach you how to configure Jscrambler and use a custom configuration.
To complete the integration with Jscrambler, you need a JSON configuration file with your API credentials, application ID, and protection configuration. You may create your transformations recipe using the Jscrambler Web application and download a JSON configuration file or use the following example for a quick test. This file should be named .jscramblerrc and placed on the project's root folder. If you choose to try the following example, just make sure to fill the missing information: accessKey, secretKey and applicationId.
{
"keys": {
"accessKey": <ACCESS_KEY_HERE>,
"secretKey": <SECRET_KEY_HERE>
},
"applicationId": <APP_ID_HERE>,
"filesSrc": [
"lib/*.js"
],
"filesDest": "./protected/",
"params": [
{
"name": "objectPropertiesSparsing"
},
{
"name": "variableMasking"
},
{
"name": "whitespaceRemoval"
},
{
"name": "identifiersRenaming",
"options": {
"mode": "SAFEST"
}
},
{
"name": "globalVariableIndirection"
},
{
"name": "dotToBracketNotation"
},
{
"name": "stringConcealing"
},
{
"name": "functionReordering"
},
{
"options": {
"freq": 1,
"features": [
"opaqueFunctions"
]
},
"name": "functionOutlining"
},
{
"name": "propertyKeysObfuscation",
"options": {
"encoding": [
"hexadecimal"
]
}
},
{
"name": "regexObfuscation"
},
{
"name": "booleanToAnything"
}
],
"areSubscribersOrdered": false,
"useRecommendedOrder": true,
"jscramblerVersion": "stable",
"tolerateMinification": false,
"profilingDataMode": "off",
"useAppClassification": true,
"browsers": {}
}
Install the Jscrambler API Client:
npm install jscrambler --save-dev
Protect the application:
jscrambler
There you go. The protected version of lib/app.js was place inside the protected folder.
Test the protected application:
node protected/lib/app.js
The Node.js runtime environment re-implements some native javascript functions (f.e setInterval or setTimeout) which triggers the anti-poisoning defenses of Self Defending. As a result, your application will break.
You should activate the tolerateBenignPoisoning option on Self Defending to prevent "benign actions" from breaking your application.
{
"name": "selfDefending",
"options": {
"threshold": 10240,
"options": [
"tolerateBenignPoisoning"
],
"countermeasures": {}
}
}