is one of the most popular JavaScript libraries. The 2018 “State of JavaScript” survey puts React as the , with 65% of responders stating that they have used it and would use again. React.js front-end framework of choice With its elegant programming style, rich package ecosystem and good documentation, React has found its way into powering the applications of large enterprises. Specifically, the developer survey found that . 18% of responders which are using React work for companies with over 1000 employees As we know, the very nature of JavaScript means it can’t be encrypted and can easily be accessed on the client-side or even tampered with. Because React powers enterprise-grade applications, it requires an enterprise-grade security solution such as Jscrambler . This tutorial will explain how to integrate Jscrambler seamlessly into React’s build process in just a few minutes. You’ll learn how to protect your React source code with the most advanced polymorphic obfuscation techniques, along with code locks and self-defensive capabilities. Pre-Requisites Only two things are needed to properly integrate Jscrambler into the React build process: and . We will highlight both below. creating a React app configuring Jscrambler How to Create a React Application For the purposes of this tutorial, we will be using a boilerplate app. To get started, we will need to install it using npm: create-react-app npm i -g create-react-app This will download and install it globally with all the required dependencies for the latest React version. create-react-app Now, we’re ready to create our boilerplate app, which we’ll use as the basis for this tutorial. Start by creating this new app with the following command: create-react-app react-jscrambler-boilerplate After the installation finishes, we can run our newly created boilerplate app: cd react-jscrambler-boilerplatenpm start Our new React app will run on development mode and appear at . Check if everything is in place before moving to the next step. For further help on getting started with , see the . localhost:3000 create-react-app official documentation The base project structure of our application is as follows: React react-jscrambler-boilerplate/|-- package-lock.json|-- package.json|-- yarn.lock|-- build/| |-- static/| | |-- css/| | |-- js/| | |-- media/|-- node_modules/|-- public/|-- src/ contains all the configurations which are related to npm such as dependencies, version and scripts. package.json The directory features all the source code of the application. The sources are then built and packed into the directory. This is where our protected HTML and JavaScript files will be placed after the build. src build How to Configure Jscrambler All of Jscrambler’s configuration will reside inside a single file: . As such, we will need to create this file to specify which transformations we wish to use. .jscramblerrc The quickest way to achieve this is via the . Once there, create a new app. Now, in the tab, select the Language Specifications and application type. Next, select the transformations you want (check the and tabs). In this tutorial, we’ll be selecting the template. If you need help with these steps, please refer to our . Jscrambler Web App Application Modes Templates Fine-Tuning Obfuscation guide Now, we simply have to download a , which will be used only for quickly getting the required settings. JSON file with all this configuration Now, let’s create a new file named on the React project’s root folder. Open the file we just downloaded and copy all its contents to the file. After that, we just have to add two new sections to , which are and (see below). Your final file should look like this: .jscramblerrc jscrambler.json .jscramblerrc .jscramblerrc filesSrc filesDest .jscramblerrc {"keys": {"accessKey": <ACCESS_KEY_HERE>,"secretKey": <SECRET_KEY_HERE>},"applicationId": <APP_ID_HERE>,"filesSrc": ["./build/**/*.html","./build/**/*.js"],"filesDest": "./","params": [{"name": "whitespaceRemoval"},{"name": "identifiersRenaming","options": {"mode": "SAFEST"}},{"name": "dotToBracketNotation"},{"name": "deadCodeInjection"},{"name": "stringConcealing"},{"name": "functionReordering"},{"options": {"freq": 1,"features": ["opaqueFunctions"]},"name": "functionOutlining"},{"name": "propertyKeysObfuscation"},{"name": "regexObfuscation"},{"name": "booleanToAnything"}],"areSubscribersOrdered": false,"applicationTypes": {"webBrowserApp": true,"desktopApp": false,"serverApp": false,"hybridMobileApp": false,"javascriptNativeApp": false,"html5GameApp": false},"languageSpecifications": {"es5": true,"es6": false,"es7": false},"useRecommendedOrder": true,"jscramblerVersion": "5.<X>"} Because we got this information directly via the Jscrambler Web App, our , and fields are already filled. If you wish to retrieve them manually, refer to our . accessKey secretKey applicationId guide It’s important to note that the section specifies the transformations that will be used to protect your React app. , by selecting them in the Web App or setting them manually. You can find documentation on all the available transformations . params These can be hand-picked by you here You can also change to match the files you need/want to protect. For our example — and all React apps — we recommend protecting the and files. Certainly, with a better understanding of the project, you may identify what’s critical and essential protecting. filesSrc .html .js By using , the files we send to protect will be overwritten by their protected version. filesDest: './' Integrating Jscrambler in the Build Process Using the CLI is likely the most common way of generating your build. We will use our boilerplate app to showcase how to integrate Jscrambler into the build process. The first step of our integration with is installing the . Simply run: Jscrambler Jscrambler API Client npm i jscrambler --save-dev To integrate Jscrambler in our application’s build process via the CLI, we need to create a CLI hook in the section of . The section should look like this: scripts package.json "scripts": {"start": "react-scripts start","build": "react-scripts build && jscrambler","test": "react-scripts test","eject": "react-scripts eject"}, The specific hook will trigger the command after the build process is finished. "build": "react-scripts build && jscrambler" jscrambler In order for this command to be executable, . we need to make sure that the **.jscramblerrc** file that we created before is in our project's root folder We are now ready to protect our code and build our application via the CLI: npm run build This will create the protected production files on . build/static/ And you’re done! Now all your HTML and JavaScript files are protected with Jscrambler against code theft and reverse-engineering. Remember that you can always fine-tune your protections to manage eventual performance hits. If that’s the case, be sure to follow our . tutorial If you have ejected your project, you can also protect the files using the Jscrambler . Note: webpack plugin Testing the Protected React App As a final step, let’s check if the app is running successfully with the newly-protected source code. Start by installing the required dependencies: npm i -g serve Next, let’s simply deploy the app build files to a local development server: serve -s build Now, as you should be able to see on the terminal, you can run this server on two ports. One which is publicly available, and another which is specific to your machine. Open the provided URL and your app will start in the browser. You can now check what your protected files look like. This can be achieved simply by opening the browser’s debugger and opening the files from the “Sources” tab. The protected code should look like this: Conclusion There are no doubts that is a crowd favorite, from individual developers to large enterprises. React If you’re building React applications which have sensitive logic, want to prevent , a security solution such as Jscrambler is a must. reverse-engineering, licensing violations, and tampering Integrating Jscrambler into React’s build process is simple and enables protecting your code with the most sophisticated , , and capabilities. polymorphic obfuscation code locks self-defensive This all comes with premium support, so be sure to if you have any questions! contact us Originally published at the Jscrambler Blog .
