PreEmptive Protection JSDefender 2.0


Overview

PreEmptive Protection™ JSDefender™ (JSDefender) protects JavaScript from attacks like reverse engineering and tampering with multiple code transformation and injection techniques.

Unlike languages like .NET and Java that are compiled to intermediate, stack-based assembly instructions before being distributed in binary form, JavaScript apps are typically distributed in source form. This means that your code is directly visible to anyone with access to the execution environment (like a browser). So, potential attackers can very easily step through the running code using a debugger built into their browser, or use other tools to statically analyze the code for vulnerabilities.

There are reasons you should protect your JavaScript apps:

  • To make it more difficult for a hacker to reverse engineer your code
  • To hide business logic and unique algorithms
  • To make it more difficult for a hacker to debug your application and look for vulnerabilities
  • To make it more difficult for an attacker to exploit those vulnerabilities, once found
  • To make it more difficult for an attacker to modify or steal your code

The professional-grade application protection of JSDefender helps you keep your secrets.

System Requirements

JSDefender is distributed as TypeScript npm packages and supports all platform where Node.js runs. Currently, JSDefender requires Node.js version 7.10.1 or higher.

Supported Inputs

  • Multi-file protection (browser): You can specify an ordered list of JavaScript files, matching the order they will be loaded by a browser. JSDefender protects them one-by-one, while resolving declaration dependencies among them.
  • Multi-file protection (Node.js): You can specify a list of JavaScript modules. JSDefender protects them one-by-one.
  • Bundles: JSDefender recognizes bundles. As bundles are composed of modules, JSDefender can use its protection techniques in a sophisticated way that leverages the special traits of JavaScript modules and bundles.
  • Single-file protection: Protect a single JavaScript file.

No Support for eval()

JSDefender cannot correctly protect the expression passed as a string to the JavaScript eval() function.

Partial protection

JavaScript source code protection comes with a price. Your protected code may be longer than the original, and it also can have performance degradation. The JSDefender team invests heavily in research to find those techniques that mitigate these phenomena.

When you have an application using JavaScript, in many cases, you should not protect the entire source code. If you use a web UI framework (such as React, Angular, Vue, Svelte, or others), protecting the framework code might cause a general performance degradation.

JSDefender allows partial protection. You can add inline protection directives to the source code that specify fine-grained protection options for a particular partition of the source. With these directives combined with external configuration, you can easily implement these scenarios:

  • Exclusive protection: you protect all the code, except a few parts where you turn the protection off.
  • Inclusive protection: you do not protect the source code by default. Instead, you mark the pieces that contain the essence of your IP for protection.
  • Fine-grained protection: you apply different protection techniques to particular sections of the source code according to your intention and knowledge about those section's behavior and characteristics.

HOME

Protection Techniques

Webpack Plugin

Metro Plugin

Troubleshooting