JSDefender Change Log V2.0 Build 0 Preview – Release Date July 06, 2020
Reading Time: 2 minutes
Change Log – Version 2.0.0 Preview – Release Date July 06, 2020
Global changes
PJSD now has a new name, JSDefender, so we changed the pjsd-
prefix of the package names to jsdefender-
. There is also a new configuration file format, new protection transforms, and several other major changes since version 1.3. We have released an Upgrade Guide to help migration from PJSD 1.3 to JSDefender 2.0. We have also updated the full User Guide.
Features
- jsdefender-cli
- You can protect multiple files in a single protection session (https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_multi_file.html).
- The CLI has new command line options:
--constarg
,--constargoff
,--datelock
,--exprseq
,--exprseqoff
,--propsparsing
,--propsparsingoff
,--selfdefend
,--selfdefendoff
,--vargroup
,--vargroupoff
,--estarget
,--randomseed
,--ignore-unsafe
, and--disable-inline
. - The CLI does not support these options anymore:
--inclusive
,-s/--scope
,--idprefix
,--id-map
,--id-map-in
,--id-map-out
,-a/- anns
,-A/- annsoff
, and--es5
. - See details here: https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_options.html
- The
-m
,--mapout
option is turned on by default. You should use-m off
or--mapout off
to disable generating lexical maps. - The old map file format is not used anymore. The new format uses JSON. Learn more here: https://www.preemptive.com/jsdefender/2.0/userguide/en/cli_lexical_maps.html
- The CLI checks the current working folder for an implicit configuration file,
jsdefender.config.json
, unless an explicit configuration file is specified.
- jsdefender-core
- The JSDefender engine can process multiple source scripts (coming from multiple files) in a single protection session.
- There are new protection transforms available:
constantArgument
,dateLock
,expressionSequence
,propertySparsing
,selfDefending
, andvariableGrouping
. - The engine recognizes Browserify and Webpack bundles, applies enhanced
stringLiterals
andselfDefending
protection transforms for the modules within the bundle. - The protection flow builds semantic trees lazily to provide better performance.
- You can force the protection engine to skip unsafe constructs.
- Inline protection directives use the
@jsdefender
tag, though the obsolete@pjsd
tag can still be used. - Inline protection directives allow using named protection sets.
DomainLockTransform
now accepts multiple domain name patterns separated by semicolons.- When the protection detects an unsafe construct, it displays the source code locations of the issue.
IntegerLiteralTransform
now has two new optional configuration settings,lower
, andupper
, to set the range of numeric literals to obfuscate.
- jsdefender-webpack-plugin
- The plugin looks for an implicit configuration file in the root of the project called
jsdefender.config.json
by default, just as the CLI does. You can set the name of the configuration file in the plugin options, if it has a different name or location. - The plugin uses the new configuration file format.
- The plugin looks for an implicit configuration file in the root of the project called
- jsdefender-metro-plugin
- The plugin looks for an implicit configuration file in the root of the project called
jsdefender.config.json
by default, just as the CLI does. You can set the name of the configuration file in the plugin options, if it has a different name or location. - The plugin uses the new configuration file format.
- The plugin looks for an implicit configuration file in the root of the project called
Fixes
- jsdefender-core
- Cloaked identifier resolution bug in
LocalDeclarationTransform
is fixed. IntegerLiteralTransform
bug withlower
andupper
values between0x8000
and0xffff
is fixed.
- Cloaked identifier resolution bug in