Hardening jsx/index.js

[tb-b]

What would be the recommended way to make the generated jsx/index.js less transparent?

jsx/index.js reveals:

• packages.json contents, including used dependencies, comments etc. setting treeshake: true in vite.es.config.ts solves this

• var config reveals entire cep.config.ts including ports - var ns only uses config.id, is there any reason for including the whole config here? javascript-obfuscator can be added to rollup to help with hiding this, though it would be better to avoid importing entire config object

• all JS functions that invoke JSX functions from index.jsxbin are here in their original form with comments etc. javascript-obfuscator can be added to rollup to help with hiding these

• same goes for the index.map.js sourcemap can be disabled by sourcemap: false, in vite.es.config.ts

• JSXBIN is 2.0 (instead of 2.1) but I guess we can't do much about it until the extendscript-jsxbin dependency gets updated?

Edit: added solutions I've found so far

[justintaylor-dev]

Hi @tb-b thanks for the suggestions. Responses to each below:

1. Treeshake - This is a great suggestion, I've updated it to true in the template
2. This is a side effect of importing. If you find a way to exclude it feel free to make a pull request. Yes obfuscation can solve this.
3. Yes Obfuscator can easily be added. I don't include any obfuscation by default since it slows down the script at runtime in ExtendScript.
4. By default, sourcemap is disabled on yarn zxp so it doesn't ship to the user, but it is included in yarn build for the developer's use. You can adjust these settings in cep.config.ts under build.sourceMap and zxp.sourceMap if you'd like.
5. I'm not seeing any official post from Adobe on JSXBIN 2.1 yet, so yes would need to wait for their updated binaries if that is on their roadmap. If you want to open a separate issue for this go ahead and we can track the progress there.

Closing this out for now. Feel free to open new issues on one of these topics in the future.