We will be at OWASP APPSEC EUROPE 2017 - Belfast! Let’s talk!MORE INFO

Help Center

Get to know more about our API, Code Annotations and Code Transformations

Source Maps API Usage

By default source maps are disabled. Please use this feature with care, sending the Source Maps to production will expose your original code to everyone.

Enabling Source Maps

To use Source Maps you will have to setup a new option on your Jscrambler config (sourceMaps). Source maps will be enabled if sourceMaps resolve to any truthy value.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
"keys": {
"accessKey": "YOUR_ACCESS_KEY",
"secretKey": "YOUR_SECRET_KEY"
},
"applicationId": "YOUR_APPLICATION_ID",
"filesSrc": [
"/path/to/src.html",
"/path/to/src.js"
],
"filesDest": "/path/to/destDir/",
"params": [
{
"name": "stringSplitting"
}
],
"sourceMaps": true
}

For more information about RC configuration please refer to our Github documentation.

Options

You can enable two distinct options when using source maps through Jscrambler’s API:

Source maps with embedded source code (default)

Source maps will include the original source code embedded in the source map file.

1
"sourceMaps": true

Source maps without embedded source code

If you don’t want your original code to be included inside the source map you’ll have to explicitly set the sourceContent option to false. Therefore, the original file will need to be placed in the same directory as the source map.

1
2
3
"sourceMaps": {
"sourceContent": false
}

Disabling Source Maps

If you don’t want Source Maps you can both set sourceMaps flag to false or simply omit the sourceMaps property.

1
"sourceMaps": false

Downloading the Source Maps

For security reasons we have decided to not include the source maps alongside your code, so, after enabling them on your configuration file you will need to make a another request in order to download them.

Using the client, the protection process sends to the stdout the protectionId which can be used to download the Source Maps executing the following command:

1
2
3
4
5
6
// Send application to jscrambler and download the protected application
> jscrambler -c your_config.json path/to/files/**/*
// STDOUT: 59021864dd26ca0011dc94ed
// Download the application source maps for the previous protection request
> jscrambler -c your_config.json -m 59021864dd26ca0011dc94ed

Your application source maps will be downloaded to a folder named jscramblerSourceMaps found in the destination folder.

Please keep in mind that to load Source maps in the Browser’s Dev tools you’ll have to automate this last step: Including Source Maps with your Javascript files.

Merging other Source Maps with Jscrambler’s

In order to merge source maps from previous compilations (e.g., Webpack bundling, TypeScript transpilation, etc) with Jscrambler’s, upload the source maps alongside with your JavaScript source code. For instance, for Webpack upload both bundle.js and bundle.js.map to Jscrambler.

Also, make sure that source maps files are in the same directory as their respective source code files.

1
2
3
4
index.js
index.js.map
/lib/foo.js
/lib/foo.js.map

After that, the process is exactly the same as described in the previous sections.