jscrambler / jscrambler Goto Github PK

Hi,

After running the CLI command to scramble a JS file, through:
"jscrambler -c jscrambler.json -o temp-scramble testfile.js"

I kept getting the following error:
Request failed with status code 400

After that I reinstalled Jscramber with version 5.2.18 (latest) and now keep getting the following error:
Unexpected Response: 400 Unsupported Jscrambler Version

Right now I am kind of stuck on why this is happening, since the command used to work normally.
Any help is appreciated. Thanks in advance.

Hi Team,

We are using jscrambler obfuscator as part of our react-native application build process.

The client we are using jscrambler-metro-plugin
Version: 5.5.27

When we are running the react-native bundle command,
We are getting the below error

info Writing bundle output to:, ./ios/myapp/main.jsbundle
info Done writing bundle output
info Copying 416 asset files
info Done copying assets
info Jscrambler Obfuscating Code
Error: Unexpected Response: 401 Unauthorized - Invalid signature. Make sure that you are using valid access keys and are running the most recent version of the Jscrambler client
    at new ClientError (/Users/gangadhar/myapp/node_modules/jscrambler/dist/client.js:65:112)
    at /Users/gangadhar/myapp/node_modules/jscrambler/dist/client.js:297:11
    at processTicksAndRejections (internal/process/task_queues.js:95:5) {
  statusCode: 401
}
error Command failed with exit code 1.

Then I tried updating the metro plugin to latest version
"jscrambler-metro-plugin": "^6.2.0",

Then When we are running the react-native bundle command,
We are getting the below error

info Writing bundle output to:, ./ios/myapp/main.jsbundle
info Done writing bundle output
info Copying 416 asset files
info Done copying assets
info Jscrambler Obfuscating Code
Global protection errors:
- Entry point was provided but could not find any matching AST

Error: Protection failed. For more information visit: https://app.jscrambler.com.
    at _callee3$ (/Users/gangadhar/myapp/node_modules/jscrambler/dist/index.js:644:33)
    at tryCatch (/Users/gangadhar/myapp/node_modules/regenerator-runtime/runtime.js:63:40)
    at Generator.invoke [as _invoke] (/Users/gangadhar/myapp/node_modules/regenerator-runtime/runtime.js:294:22)
    at Generator.next (/Users/gangadhar/my_app/node_modules/regenerator-runtime/runtime.js:119:21)
    at asyncGeneratorStep (/Users/gangadhar/myapp/node_modules/jscrambler/dist/index.js:66:103)
    at _next (/Users/gangadhar/Documents/myapp/node_modules/jscrambler/dist/index.js:68:194)
    at /Users/gangadhar/Documents/myapp/node_modules/jscrambler/dist/index.js:68:364
    at new Promise (<anonymous>)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Can anyone please help me.

Hi,

So I talked with your support today and I came to the conclusion when configuring webpack that my setup is SSR, and it's not SPA. SPA is intended to work with your webpack configuration. But SSR is a little more involved and needs an update to the library to work. I have attached files in the original support request. #HD-3140

I have a below error when build using jscrambler-webpack-plugin.

It used to be successful, but from some point on, the build is failing with a message.

Can you tell which is the cause?

Error: You have exceeded the number of files in your application
    at /Users/user/project/tw-bank-webapp/node_modules/jscrambler/dist/index.js:72:13

I would like to apply vite to my projects. Is it compatible with vite?

Is there a tutorial for it?

Line 7 of jscrambler/dist/index.js is require('babel-polyfill');.

This prevents use of the programmatic API within any ES6 module-compatible application. Any attempt to import the jscrambler library, and then run with babel-node or similar, will result in the following error:

Error: only one instance of babel-polyfill is allowed

There's no reason for the exported module to include this polyfill as a dependency, as the module should have been transpiled as an ES5 compatible commonjs module.

Right now this is blocking our ability to integrate this tool into our dynamic asset pipeline.

Steps to reproduce:

// test.js
import jscrambler from 'jscrambler'

$ npx babel-node test.js
/Users/xxx/node_modules/babel-polyfill/lib/index.js:10
  throw new Error("only one instance of babel-polyfill is allowed");
  ^

Error: only one instance of babel-polyfill is allowed

our config:

{
  "applicationId": "00c8f01e1a3b00011234f005", // i changed it a little to paste here
  "params": [
    ///// paramas
  ],
  "areSubscribersOrdered": false,
  "applicationTypes": {
    "webBrowserApp": true,
    "desktopApp": false,
    "serverApp": false,
    "hybridMobileApp": false,
    "javascriptNativeApp": false,
    "html5GameApp": false
  },
  "languageSpecifications": {
    "es5": true,
    "es6": false,
    "es7": false
  },
  "useRecommendedOrder": false,
  "jscramblerVersion": "5.5"
}

the command we use

jscrambler --werror -c ../../jscrambler.json -o ./ ./dist/production/index.js \
           -s ${JSCRAMBLER_SECRET_KEY} -a ${JSCRAMBLER_ACCESS_KEY}

the config file is resolved for sure. i changed the path and i had an error that it didn't.

Hello Jscrambler-Team!

We are using your plugin in one of our projects. NPM warns us about an outdated dependency core-js:

npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3

It looks like even your latest version depends on that package.

+-- [email protected]
| +-- [email protected]
| | +-- @jscrambler/[email protected]
| | | +-- [email protected]
| | | | `-- [email protected] deduped
| | | `-- [email protected] deduped
| | +-- [email protected]
| | | `-- [email protected]
| | |   `-- [email protected]
| | |     `-- [email protected] deduped
| | +-- [email protected]
| | | +-- [email protected] deduped
| | | +-- [email protected]
| | | `-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | | +-- [email protected] deduped
| | | +-- [email protected]
| | | | `-- [email protected] deduped
| | | +-- [email protected]
| | | | `-- [email protected] deduped
| | | +-- [email protected] deduped
| | | `-- [email protected] deduped
| | +-- [email protected] deduped
| | +-- [email protected]
| | | +-- @tootallnate/[email protected]
| | | +-- [email protected] deduped
| | | `-- [email protected] deduped
| | +-- [email protected]
| | | +-- [email protected]
| | | | `-- [email protected]
| | | +-- [email protected]
| | | +-- [email protected] deduped
| | | `-- [email protected]
| | +-- [email protected]
| | +-- [email protected] deduped
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | | +-- [email protected]
| | | +-- [email protected]
| | | +-- [email protected] deduped
| | | `-- [email protected]
| | +-- [email protected]
| | | `-- [email protected]
| | |   `-- [email protected]
| | `-- [email protected]
| |   `-- [email protected]
| |     `-- [email protected] deduped
| `-- [email protected]
|   +-- [email protected]
|   `-- [email protected]

Could you please update deprecated dependencies? Thank you.

Hi,

I have to use the JScrambler CLI through a corporate proxy (only supplying a host and port) and the latest version (5.5.18) does not look like it works with proxies; I keep getting an ETIMEDOUT error.

On looking at client.js, I see it's using HttpsProxyAgent rather than Axios (lines 199-200).

settings.proxy = false;
settings.httpsAgent = new HttpsProxyAgent({host, port, auth: formattedAuth, ...agentOptions});

If I change the above lines to use the proxy object

settings.proxy = {host, port}
//settings.httpsAgent = new HttpsProxyAgent({host, port, auth: formattedAuth, ...agentOptions});

or roll back to a version before the HttpProxyAgent commits (5.5.8 for example), the proxy works.

Is there a reason why HttpsProxyAgent is not working?

Hi,

I have used jscrambler-cli and received error as bellow:

Error: Unexpected Response: socket hang up
    at new ClientError (/Users/trung/Projects/node_modules/jscrambler/dist/client.js:65:112)
    at /Users/trung/Projects/node_modules/jscrambler/dist/client.js:297:11
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  statusCode: 500
}

I try to go deeper and it seems like relate to the issue about:

{
    statusCode: 403,
    error: 403,
    message: 'Application Profiling is not available in your plan.'
  }

I have tried to reinstall/update jscrambler, nodejs... but it still does not work
Is there any way to resolve this issue?

I am using the following version. If you run the build locally, a socket hang up error occurs.

• jscrambler-webpack-plugin : v5.5.13
• jscrambler : 5.5.13

95% emitting unnamed compat pluginError: Unexpected Response: socket hang up
    at new ClientError (/Users/user/webdev2/bank/th-bank-webapp/node_modules/jscrambler-webpack-plugin/node_modules/jscrambler/dist/client.js:65:112)
    at /Users/user/webdev2/bank/th-bank-webapp/node_modules/jscrambler-webpack-plugin/node_modules/jscrambler/dist/client.js:297:11
    at processTicksAndRejections (internal/process/task_queues.js:97:5) {
  statusCode: 500

in my config (remove private info)

{
    enable: config.build.isJsc,
    keys: {
      accessKey: '',
      secretKey: '',
    },
    applicationId: '',
    params: [
      // optimization
      {
        name: 'whitespaceRemoval',
      },
      {
        name: 'identifiersRenaming',
        options: { mode: 'SAFEST' },
      },
      {
        name: 'deadCodeElimination',
      },
      {
        name: 'duplicateLiteralsRemoval',
      },
      {
        name: 'constantFolding',
      },
      // Obfuscation (Cost Low)
      {
        name: 'booleanToAnything',
      },
      {
        name: 'stringEncoding',
        options: {
          encoding: ['hexadecimal', 'unicode'],
        },
      },
      {
        name: 'propertyKeysObfuscation',
        options: {
          encoding: ['hexadecimal'],
        },
      },
      {
        name: 'regexObfuscation',
      },
      {
        name: 'domainLock',
        options: {
          domains: '',
          countermeasures: {
            customCallback: null,
            deleteCookies: true, // false
            redirect: null,
            breakApplication: false, // false
            realTimeNotifications: false,
            selfDestruct: false,
          },
        },
      },
    ],
    codeHardeningThreshold: 0,
    areSubscribersOrdered: false,
    applicationTypes: {
      webBrowserApp: false,
      desktopApp: false,
      serverApp: false,
      hybridMobileApp: true,
      javascriptNativeApp: false,
      html5GameApp: false,
    },
    languageSpecifications: {
      es5: true,
      es6: false,
      es7: false,
    },
    useRecommendedOrder: true,
    jscramblerVersion: '6.3',
    tolerateMinification: false,
    sourceMaps: false,
    host: '',
    basePath: '/api',
    port: '80',
  }

Why does a socket hang up occur?

Currently the JscramblerWebpack plugin does not accept the path of a config file, can we add it?

I have noticed that config.filesDest -which is sent in protectAndDownload- needs an "/" at the end, otherwise it returns the EISDIR error.

The constant is originally concatenated in this line:

To then be used in this other line:

I see that beyond simply changing the line inside jscrambler-metro-plugin, there may be a bug in the next block of code, although I'm not sure if it affects other parts of the monorepo.

Hello again!

We got the whole set to work perfectly when using [email protected]:

• ember-cli-deploy-lightning-pack
• ember-cli-jscrambler
• ember-cli-bugsnag

Bugsnag were able to trace errors correctly from either ES5 and ES6 source maps. The trick for getting ES6 source maps it to have this option inside ember-cli-build.js:

babel: {
  sourceMaps: 'inline'
}

From [email protected] onwards, this option is ignored and we don't expect to see ES6 source maps from these newer builds.

Nevertheless, we do expect to see ES5 source maps in all versions, particularly [email protected]. I have just confirmed that, when ember-cli-jscrambler is removed from the dependencies, Bugsnag is able to trace to the development files transpiled to ES5. That is acceptable and we do not have a problem with that.

But when ember-cli-jscrambler is added again, Bugsnag can't do anything with the final source map provided by you. It points the errors back to the protected file.

I suppose something in its code is not ready for the module renaming presented in [email protected], things like from "@ember/object". Or it could be something else regarding how an addon may plug itself to this newer version.

This is a working distribution folder by [email protected], built without ember-cli-jscrambler:
deploy-dist.zip

And this one was built with ember-cli-jscrambler, still [email protected], which has a source map that Bugsnag cannot use:
deploy-dist-with-jscrambler.zip

REPEAT OF jscrambler/javascript-jscrambler#26 👎 Why were no issues handled upon deprecating the previous repository?

--

I'm unsure how the test suite is suppose to function. I'd like to improve the test coverage for a pull request I am preparing, but when I run npm test this is the output I get:

> [email protected] test /home/code_m/dev/jscrambler/packages/jscrambler-cli
> grunt test 2> /dev/null

>> Local Npm module "grunt-babel" not found. Is it installed?

Running "clean:test" (clean) task
>> 0 paths cleaned.

Running "jasmine_node:test" (jasmine_node) task


Finished in 0.001 seconds
0 tests, 0 assertions, 0 failures, 0 skipped




Running "clean:test" (clean) task
>> 0 paths cleaned.

Done.

The source map file returned together with the protected file is not named properly. Here it is an example:

jscrambler-demo.js-c56d97b247d70ba34f2f5d147f0ad3b9.map

I believe the .js were not meant to be put after the application name, in the middle portion of the file name.

Looking for a gulp-jscrambler version which has the jszip package updated.
Thanks.

Hello again. I opened this issue on jscrambler/ember-cli-jscrambler, but it appears unseen.

After the release of the version 5.2.3, ember-cli-deploy-bugsnag uploads all source maps correctly, leading me to believe it didn't work before due this bug in version 5.2.2.

But the final source maps, for the protected and minified files, recreate the original compilations from Babel, transpilled from ES6 to ES5. I had the impression that the original source maps, for the development files written in ES6, should be merged to the final one, according to Jscrambler's docs.

I think the original source maps, for the development files in ES6, are note being uploaded at all. What makes me think that is Jscrambler's assumption for the file paths of a given source map and its correlated Javascript file. According to the docs, if a Javascript file has a path given by assets/application.js, its correlated source map should have a path of assets/application.js.map in order to be automatically uploaded to be merged into the final source map, for the protected file.

The problem with this approach is that Ember-CLI offers no way for customizing the file path of a source map. Even after disabling the fingerprint option in ember-cli-build, which naturally breaks Jscrambler's assumption, we would have the pair assets/application.js and assets/application.map.

Am I right to assume the final source map trace the errors back to the concatenated, transpilled application file because the original source maps are not being uploaded at all?

Hello, Jscrambler team. Thanks for provide jscrambler-webpack-plugin, its an awesome library.

I am trying to use jscrambler-webpack-plugin into my project. I have registered into jscrambler account then fill applicationId, accessKey and secretKey, but I got this error when building my project.

Update application sources failed with Error: Playground Applications Sources can't be updated
Failed to compile.

Error: Playground Applications Sources can't be updated

is there any option to fix this error?

After updating Mac OS to 10.14.6 from 10.14.5 I get the following issue when performing cordova build ios

Running command:
/projectfolder/hooks/after_prepare/020_jscrambler.js
/projectfolder
Signature data: POST;api4.jscrambler.com;/application;access_key=redactedforsecurity

Error: Unexpected Response: utils.isBuffer is not a function
at /projectfolder/node_modules/jscrambler/dist/client.js:211:11

Everything else is good. Project builds successfully except for jscrambler code protection.

Please consider updating the dependencies to prevent potential security or performance vulnerabilities. For example, axios old version has problems with security, while glob old version (with inflight in it) has problems with memory management.

For those that are experience the issue below

Fatal error: [Error: Error: The application you are trying to protect does not have any file to protect]

I think jscrambler updated their API in the back end to reject any file extension wildcards, all of a sudden jscrambler was not detecting any of the javscript files in my project.

In order to fix the issue I had to change my general wildcard from

files: [{ expand:true, src: ['www/app/**/*', 'www/app/*'], dest: 'www/' }]

to

files: [{ expand:true, src: ['www/app/**/*.js', 'www/app/*.js'], dest: 'www/' }]

Hope this helps somebody!

options.filesSrc accepts an array of strings but if you pass a single filename like the following it will fail:

options.filesSrc = ["file1.js"]

The problem is not with the obfuscation process. It happens after that when it tried to write the file in the output directory:

 Error: EISDIR: illegal operation on a directory, open 'OUTOUT_DIR'

Workaround: Adding another file in the filesSrc will fix the issue.

Is there a list of either best practices or things to avoid in your code and/or scrambling when packaging products with JScrambler? I'm finding some changes in the behavior of my applications after applying JScrambler to the code. User controls that behave the way I expect without JScrambler, but don't work properly after JScrambler is applied.