getkey
commented
1 year ago When you remove the plugin from your config, what do you get?
Closed doroved closed 1 year ago
getkey
commented
1 year ago When you remove the plugin from your config, what do you get?
doroved
commented
1 year ago When you remove the plugin from your config, what do you get?
This is what the code looks like after building Vite without your plugin
This is what the code looks like with your plugin. The obfuscation seems to be there, but it doesn't look like what you get with the default config of javascript-obfuscator itself
getkey
commented
1 year ago I'm pretty sure this is the result of rollup-plugin-obfuscator running before minification. Could you disable minification to test that theory?
It's not possible to make rollup-plugin-obfuscator run after minification, even with enforce: 'post'.
The only way to prevent that would be disabling minification. But I would not recommend it: obfuscation that can be removed so easily is useless, so might as well have lean minified JS. 😉
doroved
commented
1 year ago I'm pretty sure this is the result of rollup-plugin-obfuscator running before minification. Could you disable minification to test that theory?
It's not possible to make rollup-plugin-obfuscator run after minification, even with
enforce: 'post'. The only way to prevent that would be disabling minification. But I would not recommend it: obfuscation that can be removed so easily is useless, so might as well have lean minified JS. 😉
Yes, with minify:false it will obfuscate properly
Why then does the vite-plugin-obfuscator plugin work correctly and the obfuscated code is minified? But it obfuscates all code, including library code, which is unnecessary. So your plugin does not work with Vite? That's too bad.
doroved
commented
1 year ago This is how vite-plugin-obfuscator works. It works, why don't you?)
getkey
commented
1 year ago I tried, but I haven't been able to make vite-plugin-obfuscator work. Please make a repo with a minimal reproduction case and send me the link so I can look how it works.
doroved
commented
1 year ago I tried, but I haven't been able to make vite-plugin-obfuscator work. Please make a repo with a minimal reproduction case and send me the link so I can look how it works.
Use this config and everything should work fine. This plugin unfortunately obfuscates all code, including libraries, and I need only the project code.
vite.config.js
import { fileURLToPath, URL } from 'node:url'
import { viteObfuscateFile } from 'vite-plugin-obfuscator'
import { defineConfig } from 'vite'
import vue from '@vitejs/plugin-vue'
export default defineConfig({
plugins: [vue(), viteObfuscateFile()],
resolve: {
alias: {
'@': fileURLToPath(new URL('./src', import.meta.url)),
},
},
})If it does not work now, I will prepare a repository.
getkey
commented
1 year ago Thanks, I was able to reproduce and have a deeper look at what that plugin is doing. It is modifying the bundle during the HTML transform phase, which apparently happens after the minification. Unfortunately this technique does not allow excluding libraries from the bundle.
Now the question is, should rollup-plugin-obfuscator adopt this technique when global is set to true?
global: falseSo for all these reasons, I think it would make for a bad addition.
If you want to do it anyway, here is the alternative way to do it I was talking about in 2. (it will exclude library code):
// vite.config.js
import { defineConfig } from 'vite';
import obfuscator from 'rollup-plugin-obfuscator';
import terser from '@rollup/plugin-terser';
export default defineConfig({
build: {
minify: false,
},
plugins: [
terser(),
obfuscator(),
],
});
Thank you. It all worked out. I have one more question, I want the obfuscation code to look like this
But your plugin obfuscates like this
I would like to have the first example of how to do this? I am using the default options. In the first example plugin: vite-plugin-obfuscator
Originally posted by @doroved in https://github.com/getkey/rollup-plugin-obfuscator/issues/15#issuecomment-1426511880