Adding Jscrambler to my App

This page will help you configure and add Jscrambler to your React Native App.

React Native protection can be achieved by adding Jscrambler's Code Integrity directly to your build pipeline during Metro's build process:

Pipeline

Sidenote

As mentioned before, Jscrambler's Code Integrity is only compatible with builds made with React Native CLI. If you are using Expo CLI, you need to eject your project to be able to use Jscrambler (more information here).

This tutorial follows React Native version 0.62. For versions <= 0.59, please check the instructions in this github repo

Setting up the plugin

The first step is to install our metro plugin as a dev dependency:

npm install jscrambler-metro-plugin --save-dev

You also need to configure our plugin accordingly. If you are using other plugins, you may already have a metro.config.js file created. If not, create one on your app's root folder.

Edit your metro.config.js and add Jscrambler plugin to it. In our example, the file should look like this:

/**
 * Metro configuration for React Native
 * https://github.com/facebook/react-native
 *
 * @format
 */

const jscramblerMetroPlugin = require("jscrambler-metro-plugin")();

module.exports = {
  transformer: {
    getTransformOptions: async () => ({
      transform: {
        experimentalImportSupport: false,
        inlineRequires: false,
      },
    }),
  },
  ...jscramblerMetroPlugin
};

This will allow our plugin to add itself to the build process and protect your files. With this setup, whenever you make builds, a request is made to Jscrambler to protect your code after it has been bundled for production.

Sidenote

During the protection phase, our plugin will create a .jscrambler temporary folder on your App's root folder. We use this folder to recreate the protected files and it is only used during the protection phase. You should add it to your .gitignore and remove it in any clean scripts you may have.

Preparing the settings file

The next step is to create a Jscrambler configuration file (.jscramblerrc) that our plugin can read. At this stage, you should already be familiar with this concept and how to create one, if not, please take a look at our Getting Started | Download your transformations and use with API Section.

Create a .jscramblerrc file on your App's root folder

touch .jscramblerrc

and populate it with the JSON Object containing the settings (as shown in the above link). You can choose which transformations you want to have or also use one of our default templates that better matches your security needs.


Android Builds

Generating the release APK

You are now ready to produce a working protected build. Use Gradlew to generate the protected APK/AAB file. On your App's root folder, run:

cd android && ./gradlew bundleRelease

Gradle's bundleRelease will bundle all the JavaScript needed to run your app into the AAB (Android App Bundle). The generated AAB can be found under: android/app/build/outputs/bundle/release/app.aab. Running assembleRelease will build the APK (instead of an AAB) that can be found in android/app/build/outputs/apk/release/app-release.apk.

If you extract any of these files, you will see that the resulting index.android.bundle file is protected with Jscrambler.

Run your protected App in an emulated environment

npx react-native run-android --variant=release

iOS Builds

Generating the iOS Build

You need to generate an iOS-ready bundle with the following command:

react-native bundle --entry-file index.js --platform ios --dev false --bundle-output ios/main.jsbundle --assets-dest ios

This will produce a protected bundle that can be found under the ios folder. You can then use XCode to resume your build.

Run your protected App in an emulated environment

npx react-native run-ios --variant=release