JSDefender Version 2 Release

We are happy to announce the availability of JSDefender Version 2. The goals for the new release were twofold – to increase the strength and breadth of JSDefender, and also to make it easier to configure.

The first goal is to increase the strength and breadth of JSDefender’s code protections. Version 2 has several new code protection techniques that will make your protected application even more resistant to attack. These include:

  • Self-defending Protection – the protected JavaScript will not run if an attacker modifies it. The new release wraps function declarations, function expressions, object and class method declarations into a guarding function. That function observes if its body (thus, the original function-like construct) is tampered. Even inserting a single space or a new line character into the function body will prevent it from running normally.
  • Date Lock Protection – the protected JavaScript will not run after a specified date. Injects code into the protected source, which tests if the current date is in a particular interval. If so, the code runs normally; otherwise, it breaks right after the date test phase.
  • New Transforms designed to make your protected JavaScript even harder to read. These include:
    • Property Sparsing protection – transforms object literal expression assignments into multiple assignment statements to make them harder to read.
    • Variable Grouping protection – separates variable declarations and initializations; it moves the declaration part to the end of the declaration scope
    • Constant Argument obfuscation – replaces integer literals in function arguments with conditional expressions that use special conditions declared in the JSDefender Runtime, making it difficult to understand the value of the constant and the intended code flow
    • Expression sequence obfuscation- -collects adjacent expression statements in the code and joins them into an expression sequence.

The second goal is to make JSDefender easier to configure and use for complex projects:

JSDefender can now protect multiple JavaScript files in a single JSDefender run. A limitation of the previous version was that JSDefender could only process one file at a time. Version 2.0 brings efficiency to projects allowing users to protect files all at once.

JSDefender has improved support for inline configuration, and introduces the concept of “named configuration sets“. This makes it easier to define and apply different types of protections across different parts of your application.             

For a complete list of the changes, see the changelog.

For a deeper explanation of the new protections and other features, see the user guide.

If you are upgrading from JSDefender version 1.x, see the upgrade guide.