3.1.0 • Published 12 months ago
nextjs-obfuscator v3.1.0
javascript-obfuscator plugin for Next.js
The nextjs-obfuscator enables you to make your Next.js app difficult to be reverse-engineered, using javascript-obfuscator.
ℹ️ If you are looking for README for v1, see here.
There are some useful notes:
- The app router is supported.
- Building by turbopack is currently NOT supported.
- Minimum supported Next.js version is v13.
Installation
You have to install javascript-obfuscator separately.
On npm:
npm i -D javascript-obfuscator nextjs-obfuscatorOn yarn:
yarn add -D javascript-obfuscator nextjs-obfuscatorUsage
Wrap your configuration in your next.config.js to use this plugin, for example:
const withNextJsObfuscator = require("nextjs-obfuscator")(obfuscatorOptions, pluginOptions);
/** @type {import("next").NextConfig} */
const nextConfig = withNextJsObfuscator({
// ... your next.js configuration
});
module.exports = nextConfig;Or if you use next.config.mjs:
import createNextJsObfuscator from "nextjs-obfuscator";
const withNextJsObfuscator = createNextJsObfuscator(obfuscatorOptions, pluginOptions);
/** @type {import("next").NextConfig} */
const nextConfig = withNextJsObfuscator({
// ... your next.js configuration
});
export default nextConfig;API
obfuscatorOptions
Type: Object (required)
This is the options of javascript-obfuscator, but there are some important notes:
disableConsoleOutputshould be set tofalseand you can easily notice the error logging by React on console. If they are present, they indicate your app has been broken.There are some options that MUST NOT be set:
These options will be set by the nextjs-obfuscator plugin internally if necessary.
pluginOptions
Type: Object (optional)
More options for this plugin. All properties are optional.
{
enabled: boolean | "detect",
patterns: string[],
obfuscateFiles: Partial<{
buildManifest: boolean,
ssgManifest: boolean,
webpack: boolean,
additionalModules: string[],
}>,
log: boolean,
};| Option | Type | Default Value | Description |
|---|---|---|---|
enabled | boolean | "detect" | "detect" | Indicates if the plugin is enabled or not.If "detect" specified, the plugin will be enabled only when building for production. |
patterns | string[] | "./*/.(js|jsx|ts|tsx)" | Glob patterns to determine which files to be obfuscated. They must be relative paths from the directory where next.config.js is placed. |
obfuscateFiles | object | Additional files to be obfuscated. | |
obfuscateFiles.buildManifest | boolean | false | If set to true, the plugin will obfuscate _buildManifest.js |
obfuscateFiles.ssgManifest | boolean | false | If set to true, the plugin will obfuscate _ssgManifest.js |
obfuscateFiles.webpack | boolean | false | If set to true, the plugin will obfuscate webpack.js, which is an entry point. |
obfuscateFiles.additionalModules | string[] | [] | Names of additional external modules to be obfuscated. Convenient if you are using custom npm package, for instance. Use like ["module-a", "module-b", ...]. |
log | boolean | false | If set to true, the plugin will use console.log as logger. Otherwise, it uses webpack's standard logger. |
How it works
- This plugin inserts a custom loader to obfuscate project files and external modules.
- This plugin inserts a custom plugin to obfuscate
buildManifest,ssgManifest,webpackassets.
Disclaimer
Using this plugin can break your next.js app, so you have to check carefully your app works fine.