/nextjs-obfuscator

javascript-obfuscator plugin for next.js

Primary LanguageTypeScriptBSD 2-Clause "Simplified" LicenseBSD-2-Clause

javascript-obfuscator plugin for Next.js

npm

The nextjs-obfuscator enables you to make your Next.js app difficult to be reverse-engineered, using javascript-obfuscator.

ℹ️ If you are looking for README for v1, see here.

There are some useful notes:

  • The app router is supported.
  • Building by turbopack is currently NOT supported.
  • Minimum supported Next.js version is v13.

Installation

You have to install javascript-obfuscator separately.

On npm:

npm i -D javascript-obfuscator nextjs-obfuscator

On yarn:

yarn add -D javascript-obfuscator nextjs-obfuscator

Usage

Wrap your configuration in your next.config.js to use this plugin, for example:

const withNextJsObfuscator = require("nextjs-obfuscator")(obfuscatorOptions, pluginOptions);

/** @type {import("next").NextConfig} */
const nextConfig = withNextJsObfuscator({
  // ... your next.js configuration
});

module.exports = nextConfig;

Or if you use next.config.mjs:

import createNextJsObfuscator from "nextjs-obfuscator";

const withNextJsObfuscator = createNextJsObfuscator(obfuscatorOptions, pluginOptions);

/** @type {import("next").NextConfig} */
const nextConfig = withNextJsObfuscator({
  // ... your next.js configuration
});

export default nextConfig;

API

require("nextjs-obfuscator")(obfuscatorOptions, pluginOptions)

obfuscatorOptions

Type: Object (required)
This is the options of javascript-obfuscator, but there are some important notes:

pluginOptions

Type: Object (optional)
More options for this plugin. All properties are optional.

{
  enabled: boolean | "detect",
  patterns: string[],
  obfuscateFiles: Partial<{
    buildManifest: boolean,
    ssgManifest: boolean,
    webpack: boolean,
    additionalModules: string[],
  }>,
  log: boolean,
};
Option Type Default Value Description
enabled boolean | "detect" "detect" Indicates if the plugin is enabled or not.
If "detect" specified, the plugin will be enabled only when building for production.
patterns string[] ["./**/*.(js|jsx|ts|tsx)"] Glob patterns to determine which files to be obfuscated. They must be relative paths from the directory where next.config.js is placed.
obfuscateFiles object Additional files to be obfuscated.
obfuscateFiles.buildManifest boolean false If set to true, the plugin will obfuscate _buildManifest.js
obfuscateFiles.ssgManifest boolean false If set to true, the plugin will obfuscate _ssgManifest.js
obfuscateFiles.webpack boolean false If set to true, the plugin will obfuscate webpack.js, which is an entry point.
obfuscateFiles.additionalModules string[] [] Names of additional external modules to be obfuscated. Convenient if you are using custom npm package, for instance. Use like ["module-a", "module-b", ...].
log boolean false If set to true, the plugin will use console.log as logger. Otherwise, it uses webpack's standard logger.

How it works

  • This plugin inserts a custom loader to obfuscate project files and external modules.
  • This plugin inserts a custom plugin to obfuscate buildManifest, ssgManifest, webpack assets.

Disclaimer

Using this plugin can break your next.js app, so you have to check carefully your app works fine.

License

LICENSE